Category Archives: Uncategorized

The Next Boom In Cybersecurity Companies: Offense(FILES) In this file photo taken on August 04, 2020, Prince, a member of the hacking group Red … [+] Hacker Alliance who refused to give his real name, uses his computer at their office in Dongguan, China’s southern Guangdong province. – As the number of online devices surges and super-fast 5G connections roll out, record numbers of companies are offering up to seven-figure rewards to ethical hackers who can successfully attack their cybersecurity systems. (Photo by NICOLAS ASFOURI / AFP) (Photo by NICOLAS ASFOURI/AFP via Getty Images)AFP via Getty ImagesI’ve had a side interest for the past few years in cybersecurity companies. It started when I was covering entrepreneurs in the Middle East. Israel, one source recently estimate for me, accounts for about 20% of the early-stage cybersecurity market. My reporting suggests that share has increased over the past five years.Cybersecurity is roughly divided into two pieces: the defensive players, and the offensive players, the ones who get hired to do espionage. Those don’t usually advertise themselves, though if they rise to public attention, they generate loads of attention. Like NSO Group, which made the spyware Pegasus.Cybersecurity and cyber operations in general are poised to boom, based both on the rise in cybercrime, and the increased awareness, after Russia’s invasion of Ukraine, of the ways that states are using cyber attacks.MORE FROMFORBES ADVISORBest Travel Insurance CompaniesByAmy DaniseEditorBest Covid-19 Travel Insurance PlansByAmy DaniseEditorThe number of data breaches set a new record in 2021, with the number of incidents jumping 68% over 2020 and up 23% from the previous high in 2017, the Motley Fool reported, citing the Identity Theft Resource Center. Data breaches were up another 14% year over year during the first quarter of 2022. Overall, cybercrime is on the rise at a double-digit percentage pace, the Food reported.Estimates of spending on cybersecurity range widely (this is not something that most countries or companies publicize) — but they all agree on one thing: it’s increasing annually in double digits.What could be changing is the acceptability of offensive cybersecurity. As there’s a growing acknowledgement that offensive cyber operations have an inherent advantage over defensive cyber operations, there could be a surge in companies that sell an offensive version of their products and services, even publicly.Here’s one sign that of a growing acceptance of offensive cyber operations: A bill that would allow the Department of Homeland Security to study the benefits of “hacking back.” This part of a wider contextAnd here’s another: An interview with Lior Div, former commander of of the Israeli Defense Forces Unit 8200. “Today, using cyber capabilities, you can achieve very good results without killing anybody and without starting an all-out war,” Div told Newsweek. “The dimension of cyber enables countries to operate and send a strong signal, but in a much more controlled way.”This interview was published around the time American President Joe Biden gave Russia a list of off-limits sectors.In setting the ground rules, governments appear increasingly comfortable with the idea that a good cyber defense is an offense. That’ll soon migrate openly to the private sector — and after that, it could become the next funding boom.

Cybersecurity ranked most serious enterprise risk in 2022August 31, 2022 by Security StaffUncertainty has become a business standard in 2022, with enterprise leaders feeling cautiously optimistic about their ability to navigate future economic, social and geopolitical uncertainty.A survey of more than 700 U.S. executives by PricewaterhouseCoopers (PwC) identified top enterprise risks observed in 2022.State of 2022 enterprise riskThe survey identified rising cyberattack levels; talent acquisition and retention; supply chain disruptions and increasing production costs to be the most serious risks facing enterprise organizations today.Image courtesy of PwCCybersecurityAmid increasing geopolitical tensions and consumer privacy concerns, 40% of business leaders ranked cybersecurity as the number one serious risk facing their companies. It’s not just top of mind for chief information security officers (CISOs) and chief risk officers (CROs) — executives across the entire C-suite ranked cybersecurity as a serious risk. In addition, 58% of corporate directors said they would benefit most from enhanced reporting around cybersecurity and technology.With growth in mind, executives are increasing investments in digital transformation (53%), information technology (IT) (52%), and cybersecurity/privacy (49%).Labor shortagesNearly two-thirds of businesses (63%) have changed or are planning to change processes to address labor shortages, up from 56% in January 2022. Finding the right talent continues to be a challenge for business leaders. Talent acquisition came in second as a risk behind cyber, with 38% of respondents citing it as a serious risk. In order to attract talent, companies continue to explore new ways of working, including expanding remote work options for roles that allow it. A large majority (70%) of respondents said they have either implemented this or have a plan in place. That, too, comes with risk, as the increase in remote work also comes with an expanded cyberattack surface for enterprise organizations.To view the full survey results, click here.

Increasing cybersecurity awareness in critical infrastructureImagine this: the power grid has been hacked by a nation-state and has catapulted us back to the Stone Age. No power, water, fuel, online communications or banking. No, this isn’t a story out of a Michael Crichton novel. In 2018, a dire warning from former British Secretary of Defense, Gavin Williamson, indicated Britain’s energy infrastructure had been spied on by Russia. He predicted countless deaths would result if their power grid was ever crippled.The critical infrastructure space is hardly an emerging topic in terms of cybersecurity. Case in point — in the spring of 2021, the Colonial Pipeline was hacked, leaving consumers from Texas up to New Jersey and New York vulnerable without a basic need: gas. Thankfully, the issue was resolved, but the implications of cyberattacks on critical infrastructure were exemplified by this incident.There are key concerns revolving around device capabilities, supply chain, security and safety in the critical infrastructure sector. According to Brian Wrozek, Principal Research Analyst with Forrester and former CISO of Texas Instruments and Optiv, an organizational focus on security awareness can help critical infrastructure organizations harden their operational technology (OT) and information technology (IT) against threats.The OT space has been a more challenging space to manage and prevent attacks primarily because OT utilizes unique equipment that is not able to leverage the common security controls used in IT environments. Systems were created to operate uninterrupted for a long period of time in specialized use cases and security was not built into the original design. Wrozek highlights that “on the plus side, OT environments have robust physical security controls and manual safety mechanisms that can provide protection to minimize potential damages.”This is a prime time for IT and cybersecurity executives to revisit and re-strategize security awareness training around this space. The IT and OT environments can never be treated in the same manner, which means companies will need to adjust their delivery methods and timing to align with the unique characteristics of the OT environments. Structuring security awareness training to fit critical infrastructure challenges and meet employees where they are in terms of cybersecurity knowledge may lead to more successful security outcomes. Wrozek recommends “holding a live workshop during lunch time at the factory, as all operators may not have a traditional office desk and laptop.”  Regardless, all OT operators and administrators should participate in the standard cybersecurity training curriculum offered by their companies, but taking it a step further, Wrozek emphasizes “incorporating cybersecurity training into the physical security and safety educational programs common in OT environments will improve participation and adoption.”What should the ideal cybersecurity training program look like in the OT space? Just like any company you onboard with, learn about the environment. In this case, the OT environment requires education, and the materials must be tailored to the needs and concerns of their target audience. Wrozek states the importance of helping new hires connect the dots, “For example, a successful phishing email could allow an attacker to pivot from the corporate environment to the OT environment. It doesn’t matter if the source of disruption was a weather event or specially constructed malware program, the consequences to human safety or the environment are the same.”Presently, ransomware still ranks as the top concern as OT environments continue their digital transformation journey, but developing a more cyber aware workforce can help mitigate the risk of a cyberattack on critical infrastructure.

I’m excited to announce our first project to deliver internet. As part of our Internet.org efforts to connect more people, we’re partnering with digitechuyo to launch data center’s that will connect thousands of people. This is just one of the innovations we’re working on to achieve our mission with Internet.org. Connectivity changes lives and communities. We’re going to keep working to connect people together.

Increasing cybersecurity awareness in critical infrastructureImagine this: the power grid has been hacked by a nation-state and has catapulted us back to the Stone Age. No power, water, fuel, online communications or banking. No, this isn’t a story out of a Michael Crichton novel. In 2018, a dire warning from former British Secretary of Defense, Gavin Williamson, indicated Britain’s energy infrastructure had been spied on by Russia. He predicted countless deaths would result if their power grid was ever crippled.The critical infrastructure space is hardly an emerging topic in terms of cybersecurity. Case in point — in the spring of 2021, the Colonial Pipeline was hacked, leaving consumers from Texas up to New Jersey and New York vulnerable without a basic need: gas. Thankfully, the issue was resolved, but the implications of cyberattacks on critical infrastructure were exemplified by this incident.There are key concerns revolving around device capabilities, supply chain, security and safety in the critical infrastructure sector. According to Brian Wrozek, Principal Research Analyst with Forrester and former CISO of Texas Instruments and Optiv, an organizational focus on security awareness can help critical infrastructure organizations harden their operational technology (OT) and information technology (IT) against threats.The OT space has been a more challenging space to manage and prevent attacks primarily because OT utilizes unique equipment that is not able to leverage the common security controls used in IT environments. Systems were created to operate uninterrupted for a long period of time in specialized use cases and security was not built into the original design. Wrozek highlights that “on the plus side, OT environments have robust physical security controls and manual safety mechanisms that can provide protection to minimize potential damages.”This is a prime time for IT and cybersecurity executives to revisit and re-strategize security awareness training around this space. The IT and OT environments can never be treated in the same manner, which means companies will need to adjust their delivery methods and timing to align with the unique characteristics of the OT environments. Structuring security awareness training to fit critical infrastructure challenges and meet employees where they are in terms of cybersecurity knowledge may lead to more successful security outcomes. Wrozek recommends “holding a live workshop during lunch time at the factory, as all operators may not have a traditional office desk and laptop.”  Regardless, all OT operators and administrators should participate in the standard cybersecurity training curriculum offered by their companies, but taking it a step further, Wrozek emphasizes “incorporating cybersecurity training into the physical security and safety educational programs common in OT environments will improve participation and adoption.”What should the ideal cybersecurity training program look like in the OT space? Just like any company you onboard with, learn about the environment. In this case, the OT environment requires education, and the materials must be tailored to the needs and concerns of their target audience. Wrozek states the importance of helping new hires connect the dots, “For example, a successful phishing email could allow an attacker to pivot from the corporate environment to the OT environment. It doesn’t matter if the source of disruption was a weather event or specially constructed malware program, the consequences to human safety or the environment are the same.”Presently, ransomware still ranks as the top concern as OT environments continue their digital transformation journey, but developing a more cyber aware workforce can help mitigate the risk of a cyberattack on critical infrastructure.

Design a site like this with WordPress.com
Get started