Skills watch

The 5 types of insider threats and how to deal with them

The new Insider Threat Report from Verizon gives companies of all sizes a better understanding on how to deal with insider threats.
According to the report, 47.8% of malicious insiders are driven by financial reasons.
A striking data, is that while it can only take minutes for an employee to compromise a system, it can take months to discover the misuse.
The report also categorizes the five different insider threat actors:

Risk assessment best practices

In the last years, cyberattacks have increased dramatically.
To prevent unpleasant situations, every company should assess their cybersecurity-related risks.
According to information security experts, security controls are deployed after a security incident, which means that most companies do not have a proper cyber risk management.
However, eventually, every company has to do a cybersecurity risk assessment, to identify security vulnerabilities and how to mitigate them.

Is your company at risk of cyber breaches?

Since cybersecurity threats are becoming more sophisticated and harder to prevent and detect, every company really need to adapt its cybersecurity risk management.
The first step toward the improvement of your cybersecurity risk management, is to understand whether your company is at risk of cyber breaches.
If your information security department does not know where to start, you can begin by reflecting wheter your company identifies with any of the following statements.

Your company is at risk of cyber breaches, if:

What cybersecurity training for employees should cover

With the increasing number of cyberattacks, cybersecurity is gaining importance for a lot of companies.
There are a lot of options to consider if you want to improve your cyber risk management strategy, but one of the first things you should do, is deal with internal potential threats.
According to Veriato’s 2018 Insider Threat Report, 90% of cybersecurity professionals feel their company is vulnerable to insider attacks, and about 50% have experienced at least one of these attacks.

Cybersecurity trends

The cybersecurity landscape is constantly changing, and companies need to adapt to it if they do not want to risk major breaches.
Below, is a list of future trends in cybersecurity, and therefore a way to forecast how company can start to adapt from the future.

Data theft turning into data manipulation
We can expect to see attackers to start attacking the integrity of data, causing reputational damage, by getting people to question the integrity of the manipulated data.

Data administration for cyber security

Nowadays, collecting and storing more data, means also expand the potential cyberattack surface.

Can outsourcing software development and cybersecurity coexist?

Since industry experts continue to point out that the majority of security breaches stem from unintentional negligence of trusted insiders (employees, vendor-partners), you should take thoughtful steps to protect your information assets, and protect the productivity gains that you realize through outsourcing.

Assess your risk
Perform a risk assessment of your current systems portfolio: understand the potential exposure your company faces if a system fails or otherwise becomes corrupted.

6 steps for good risk management

Protecting sensitive informations is getting more challenging for every organization.
Data breaches are part of the current landscape, and every company has to be prepared to face one.
Here, are 6 rules for good risk management, that your company should follow.

Lunarline School of Cybersecurity wants to solve Cyber Workforce Challenges

The Lunarline School of Cybersecurity (SCS) is an entity that aims to solve cyber workforce challenges, providing web based training and certifications to its users and an advanced Learning Management System (LMS) built for the challenges of large enterprise training programs.
According to Waylon Krush, Lunarline CEO, the School of Cybersecurity simplifies compliance with the NICE Framework and NIST 800-181.

(ISC)² sets up Professional Development Institute to extend training offerings

(ISC)², the US-based security certification organization, has launched a new initiative that aims to tackle the global cybersecurity skills gap.

Trough its recently launched Professional Development Institute (PDI), (ISC)² will help enhance their members skills and abilities by providing access to rich continuing professional education (CPE) opportunities that augment the knowledge they’ve gained throughout their careers.