Gartner lists seven cybersecurity trends for 2022
CISOs’ roles need to transition from technologists who prevent breaches to corporate strategists managing cyber risks. Unfortunately, slowing down CISOs’ career growth are security tech stacks that aren’t designed for new digital transformation, virtualization and hybrid cloud initiatives in their companies. Gartner’s recently published top security and risk management trends for 2022 report explains where the most vulnerable security stack gaps are.
The seven trends also help to explain the many challenges CISOs face when transitioning their careers and cybersecurity spending away from tactics and into strategic roles. Implicit in these trends is the urgent need to treat cybersecurity as a business decision. Taken together from the standpoint of enterprises focused on new digital initiatives, the seven trends show clearly that cybersecurity needs to be a business enabler first. The two trending proof points of cybersecurity’s business value are decentralized decision-making and faster response times to business challenges.
How Gartner’s trends define a cybersecurity roadmap 
Responding to threats is what enterprises and their CISOs need the most help with today. As a result, Gartner chose to organize their trends and assign most of them to threat response. That’s a clear indication that their enterprise clients are focused on this area and looking for guidance. Attack Surface Expansion, Identity Threat Detection and Response and Digital Supply Chain Risk are the three trends Gartner sees as most important for threat response. 
Rethinking Technology is the second strategic trend, including Vendor Consolidation and Cybersecurity Mesh. The third strategic trend is Reframing The Cybersecurity Practice. Gartner adds Distribution Decisions and Beyond Awareness to this group.
Taken together, Gartner’s trends create a high-level cybersecurity roadmap that any enterprise can follow. Best of all, it starts out closing the gaps in existing security tech stacks at their most vulnerable breakpoints. These include identity access management (IAM), privileged access management (PAM) and reducing threats to digital supply chains. 
Roadmap phase 1: Responding to threats
Attack surface expansion 
Identity threat detection and response 
Digital supply chain risk 
Roadmap phase 2: Rethinking technology
Cybersecurity mesh 
Roadmap phase 3: Reframing practice 
What the trends mean for CISOs 
The more adept a security stack becomes at managing risk and supporting new business, the greater the potential career growth for CISOs. But unfortunately, legacy systems don’t just hold enterprises back from growing, and they hold careers back too. Today, speed and time-to-market are getting compressed on all digital business initiatives and new ventures. That’s the catalyst driving the urgency behind the seven trends. 
Decentralized cybersecurity is an asset. Getting away from centralized cybersecurity and adopting a more decentralized organization and supporting tech stack increases an organization’s speed, responsiveness and adaptability to new business ventures. Centralized cybersecurity is a bottleneck that limits the progress of new initiatives and limits the careers of those managing them, most often CISOs.
Cybersecurity needs extreme ownership. The hardest part of any CISO’s job is getting the thousands of employees in their organizations to follow cybersecurity hygiene. Authoritarian approaches and continual virtual learning programs are limited in effectiveness, evidenced by the record ransomware breaches in 2021 and continuing this year. CISOs need to take on change management to create extreme ownership of outcomes by employees. Finding new ways to reward ownership for cybersecurity and good security hygiene are key. The best-selling book, Extreme Ownership, is an excellent read and one that CISOs and their teams need to consider reading this year when it comes to leadership and change management.  
Attack surfaces are just getting started. It’s a safe bet that the number, complexity and challenges of managing multiple threat surfaces are only going to grow. CISOs and their teams need to anticipate it and secure their digital supply chains, especially in their core DevOps process areas. Getting IAM and PAM right is also essential, as the trend Identity Threat Detection and Response explains. 
CISOs: find new ways to add value 
Getting bogged down with security tactics puts enterprises and careers at risk. Instead, concentrate on making cyber-risk a business and organizational risk first. Only then can CISOs transition their organization to be more of an enabler and accelerator of new products and not a roadblock to new revenue. Most important is for CISOs to look at the trends through the lens of how they can build stronger relationships outside of IT. Starting with other C-level executives, board members with a specific focus on the CRO and CMO are key. The two executives who are the most responsible for revenue also make the riskiest decisions for an enterprise. Seeing how cybersecurity can manage risk is a great way to grow a business and a career.

CodedColor PhotoStudio Pro 7.5.5.0 + Clipart Content With CodedColor PhotoStudio Pro you will experience the diversity of viewing, organising, editing, enhancing and sharing your images and digital Photos – easy to use, full of features, professional results! CodedColor PhotoStudio by 1STEIN is a Windows photo viewer and editor to organize, edit, resize, reformat, correct, compare, sort, watermark, annotate and print digital images, and to edit EXIF and IPTC data in digital photos. You can rename multiple images, remove scratches, create panorama pictures (stitch), convert RAW photos (from Canon, Nikon, Olympus, etc. cameras), send images via Skype, send photo SMS, burn digital watermarks, correct colors, run a screenshow, convert and correct JPEG images in a batch process, rename fields, open pictures and image folders from the Explorer, generate a webalbum in HTML and compress JPG images.

System Requirements: – Microsoft Windows 10, Windows 8 or Windows 7 (32-bit or 64-bit editions) – Intel Core 2 Duo, or AMD Athlon x2 Dual-Core processor – 2 GB RAM (8 GB or more recommended) – 500 MB hard disk space – 3D Graphics accelerator card with OpenGL version 1.4 (OpenGL version 3.2 or better recommended) – 1280 x 768 screen resolution (1920 x 1080 (Full HD) recommended) – Mouse or tablet – CD-ROM drive for installation from CD

Twelve Hours to Get It Right: The SEC Intensifies Its Focus on CybersecurityTAKEAWAYSThe SEC’s recent enforcement actions, public statements and proposed rulemaking indicate that cybersecurity will be an area of heightened focus for the Gensler Commission.New proposed rules would require public companies to disclose the details of their cybersecurity programs, their leadership’s oversight and expertise in managing cyber risk and their material past or current cyber incidents.Considering the SEC’s focus and potential rulemaking, registrants should take proactive measures to mitigate risk by reviewing cyber policies and procedures and carefully assessing the adequacy of disclosures.On the morning of May 24, 2019, a cybersecurity journalist notified First American Financial Corporation (First American) that one of its key applications had a serious vulnerability. First American, a publicly traded company that provides real estate settlement services, utilized the application Eagle Pro to share images of legal and financial documents used in real estate closings. According to an anonymous source, the vulnerability allowed unauthorized users to access over 800 million documents that had been shared with First American. Many of these documents contained sensitive data, such as social security numbers, financial records and driver’s licenses, which the journalist who published the article later that day described as “a virtual gold mine for phishers and scammers.”In the hours following the tip, First American provided the journalist with a statement acknowledging the leak and stating that external access to Eagle Pro had been shut down. On the morning of May 28, the first day of trading following the tip, First American released an 8-K and press release announcing the defect and the remedial measures it had taken. However, despite these apparent proactive steps, the SEC brought an enforcement action against First American for violating Exchange Act Rule 13a-15(a), which requires issuers to maintain proper disclosure controls and procedures. As part of a settlement of the SEC’s charges, First American agreed to the entry of a cease-and-desist order and to a $487,616 civil penalty.You Don’t Know What You Don’t KnowThe problem was that First American’s IT department had discovered the potential leak several months before the tip. Indeed, the company’s IT department had published a report in January 2019—four months before the journalist’s article was published—that identified a “serious” vulnerability in the Eagle Pro application. Due to a clerical error, the company mistakenly classified the vulnerability as low risk, which, according to First American’s policies, afforded the company 90 days to remediate the issue. Yet more damaging was the fact that even after the breach was announced publicly, First American’s senior leadership was not informed that the company had identified the weakness several months prior. Indeed, despite numerous meetings between the company’s technical experts and its senior executives in the four days between the tip and the release of the 8-K, First American’s leadership remained unaware that the leak had not been remediated in a timely manner. “These senior executives thus lacked certain information to fully evaluate the company’s cybersecurity responsiveness and the magnitude of the risk from the Eagle Pro vulnerability at the time they approved the company’s disclosures,” the SEC concluded in its order. In other words, even though First American disclosed the vulnerability, the flaws in the company’s disclosure controls and procedures resulted in a failure to adequately inform investors of the full extent of the problem.Increasing Enforcement Scrutiny Around Disclosure Controls and ProceduresThe First American case illustrates a problem that is receiving increasing attention from the SEC—namely, cyber vulnerabilities and inconsistencies in reporting among public companies and regulated entities. Two months after the First American settlement, in August 2021, the SEC brought a settled enforcement action against Pearson PLC, a London-based educational publishing company, for misreporting a 2018 cyber intrusion that involved the theft of millions of records, many of which contained sensitive personal information. Just weeks after the Pearson matter, the SEC brought settled enforcement actions against eight broker-dealers and investment advisers for failures in their cybersecurity policies that resulted in the exposure of thousands of customers’ and clients’ sensitive personal information. Finally, in May 2021 the SEC settled with GWFS Equities Inc., a Colorado-based broker-dealer, for improperly reporting repeated attempts to access the retirement accounts of its clients. After “significant cooperation” and subsequent remedial efforts, GWFS settled for a $1.5 million civil penalty and a censure.Starting in summer 2021, the SEC’s Enforcement Division has been aggressively investigating the response of public companies to the highly publicized cyberattack that targeted the SolarWinds software. In connection with that “sweep,” the SEC appears to be probing potential disclosure failures, violations of the internal accounting controls provisions and the adequacy of issuers’ disclosure controls and procedures. Notably, for companies that received an information request from the SEC, the staff is assessing potential securities law violations linked not only to the cyberattack on the SolarWinds software, but also with respect to any other cyber intrusion.Increasing Regulatory Activity: Two Recent Cyber-Related RulemakingsThis enforcement activity has been followed by increased regulatory activity in 2022. On January 24, SEC Chair Gary Gensler gave a speech on “Cybersecurity and the Securities Laws.” The Chair’s speech was styled as a call to action, emphasizing that cyber incidents are not only costly but also threaten national security. Chair Gensler stated that he was asking his staff to study the current cybersecurity regulations and report to him with suggestions on how the SEC can “broaden and deepen” the rules to fit the current risk landscape.On February 9, the SEC proposed new cyber-related rules for registered advisers and funds. These proposed rules would require funds to implement written security policies and procedures, report significant cyber incidents on a new confidential form and adhere to new record-keeping requirements designed to facilitate the Commission’s inspection and enforcement capabilities.One month later, on March 9, the SEC proposed new rules that would impose cybersecurity obligations on public companies. These new rules would require registrants to, among other things, report material cyber incidents within four days via a Form 8-K and provide updates on such incidents via disclosures in Forms 10-K and 10-Q. Perhaps most notably, the proposed rules would amend Regulation S-K to require companies to describe their policies and procedures for identifying and managing risks from cyber threats, including those from third-party service providers. The rules would also require companies to disclose their board of directors’ oversight of cyber risks and management’s expertise in implementing and managing cybersecurity policies. Companies would be required to disclose “any detail necessary to fully describe” the nature of directors’ expertise and whether they have a designated chief information officer (and, if so, that individual’s place in the organizational chart).These changes are significant and controversial. Dissenting Commissioner Hester M. Peirce stated that the new disclosure requirements would “embody an unprecedented micromanagement” by the SEC of the boards of directors and management of public companies. “The proposal,” Peirce wrote, “although couched in standard disclosure language, guides companies in substantive, if somewhat subtle, ways.” This, she argued, is because the SEC’s requirements “will have the undeniable effect of incentivizing companies to take specific actions to avoid appearing as if they do not take cybersecurity as seriously as other companies.”However, whether unprecedented or not, the proposed rules fall directly on the broad menu of cyber-focused priorities that Chair Gensler outlined in his January speech. Then, the Chair explicitly stated that he would direct the staff to consider ways to strengthen firms’ cybersecurity hygiene and ensure that they can maintain operational capability during cyber incidents. This substantive direction appears to reflect the Chair’s view that “cybersecurity is central to national security” and, quoting President Biden’s 2021 remarks on cybersecurity, that “the federal government can’t meet this challenge alone.”Preparing for the SEC’s New Cyber AgendaCompanies, advisers and other regulated entities should prepare for these potential changes in the regulatory and enforcement landscape.First, regulated entities should assess the adequacy of their existing cybersecurity protections and update them considering the SEC’s new proposals. Such an assessment should include: (1) the nature, sensitivity and location of information that the entity collects, processes and/or stores; (2) internal and external cybersecurity threats to and vulnerabilities of the entity’s information and technology systems; (3) security controls and processes currently in place; (4) the likely impact if the information or technology systems become compromised; (5) the effectiveness of the governance structures for the management of cyber risks; (6) the procedures in place for detecting, responding to and escalating awareness of cyber incidents; and (7) the policies and procedures in place for providing training and guidance to the firm’s directors, officers and other personnel to ensure that best practices are maintained.Public companies also should carefully examine their disclosure controls and procedures. This means examining not just the substantive security protections the firm has in place, but how a security breach will be reported internally when one inevitably occurs. The SEC’s new proposals and recent enforcement actions demonstrate that the Commission expects registrants to disclose cyber incidents in a timely manner. Firms will want to ensure that mechanisms are in place whereby cyber incidents are promptly escalated so that the company’s senior executives can evaluate whether disclosure is appropriate. As a best practice, firms should be prepared for reporting of any incidents to conform with the SEC’s new proposals, which would require disclosure of:When the incident was discovered and whether it is ongoingA brief description of the nature and scope of the incidentWhether any data was stolen, altered, accessed or used for any other unauthorized purposeThe effect of the incident on the registrant’s operationsWhether the registrant has remediated or is currently remediating the incidentAdditionally, companies will want to ensure that their directors have an adequate understanding of cyber risks and that they have a designated chief information officer within their governance structure.Finally, firms should take a careful look at the cybersecurity controls and procedures of the third parties with whom they work. Many of the risks that firms face may arise from third parties (e.g., placement agents, vendors), and, as Chair Gensler’s remarks indicate, the SEC may begin to hold firms accountable for security failures caused by or through these partners. It is prudent for firms to conduct due diligence on the protections their third-party vendors use, for example, by reviewing the third parties’ cybersecurity policies, obtaining an express written commitment from the third party stating that they will maintain the firm’s information securely, implementing indemnification provisions in the event of a cyberattack or requiring that the third party utilize specific safeguards.The SEC’s longstanding guidance on whether to pursue an enforcement action against an entity includes consideration of whether the registrant engages in self-policing for potential violations. Even if review of a firm’s existing cybersecurity policies does not uncover any deficiencies, the manner of the firm’s response to the Commission’s public statements (in the form of guidance, enforcement actions and proposed rules) will provide it with a strong argument for its pro-compliance culture that can be used in the event of any future inquiry from the Division of Enforcement. Given the undeniable SEC focus on cyber-preparedness, firms will be well served to take this opportunity to kick the tires of their existing controls and procedures, both so that they are prepared for potential changes to the SEC’s requirements and so they can act appropriately in the event of a cyber incident.

support us.

=====================

Running a VPN application is never a child’s play. It cost us more money to maintain our VPS servers, keeping them running and clearing up Bills as they arrive monthly.

We ain’t asking anyone for money or add a price tag for our Services. Our VPN is free and will continue to be FREE.

All we ask from you is to allow our Video Advert play to the end until you see a popup like “Thanks for supporting EC Tunnel VPN”

This alone means alot to us to enable us keep our Servers running. Skipping our Video ads will reduce the way we perform.

Also, don’t forget to rate us 5 STAR on Playstore 🙏🙏🙏. It encourages us to improve and even do better in our Services.

🎁 DOWNLOAD ALL OUR VPN APPS TODAY

All these apps works differently. You need them all in order to enjoy cheap & free Internet access

WhatsApp has begun testing file transfers that are significantly larger than previously possible.Previously, it was possible to transfer not too large volumes – up to 100 MB. Now “selected” beta testers can transfer just huge files – up to 2 GB in size.‌‌

Reposted from A.O.T.P. online event. live: 4.5k viewers.

Report: Cloud automation is key to future-proofing cybersecurity
March 24, 2022
As hybrid work becomes the new normal, businesses recognize that people aren’t going back to the office full-time anytime soon. IT environments are changing, with continued migration from on-premise systems to hybrid or multicloud environments. The complexities of diverse environments challenge IT teams to implement and manage consistent security policies. In fact, many businesses spent the past two years attempting to achieve or maintain stability in a storm of uncertainty and rapid change. But what about the future? As enterprises look towards the horizon, there is a need to shift focus from merely surviving to thriving. This is according to the latest survey by Delinea that explores how enterprises address the challenges of future-proofing.
Delinea’s research explores the important, yet sometimes misunderstood and undervalued topic of future-proofing. It reveals the challenges faced as a security industry and points towards a balanced path of expertise and automation to guide our work.
The report finds that cloud automation is seen as the key to future-proofing cybersecurity, especially when coupled with autonomous privileges and access. The good news? Eighty-six percent of respondents are exploring ways to automate access controls, especially for privileged access. But even with 68% of respondents seeing increases in budgets and staff, they continue to face mounting threats from an expanding threatscape that’s challenging to address. Fifty-nine percent of respondents indicate that the leading factor driving their need to future-proof their access security in 2022 is increasingly complex, multicloud IT environments. 
But the research points to a conundrum: overconfidence in security preparedness could lead to a security disaster. The survey found that future-proofing becomes even more important when organizations become overly confident in their security measures. Despite the challenges ahead and knowing automation will be critical to their future success, 83% of respondents are confident with their current access controls even as two out of three companies admit to being victims of cyberattacks.
As cloud migration accelerates, the pressure to manage critical systems in an increasingly complex, dispersed and vulnerable IT environment will continue to rise. Hybrid solutions will become mandatory. As the volume of activity and risk scenarios increase, we’re likely to rely more heavily on machine learning and autonomous security controls that require no human intervention at all. That will hold true for on-premise and cloud scenarios.
It’s the most informed, most forward-thinking leaders who will select the most effective security investments to set their organizations up for future success. The better you prepare for the long term, the more agile and resilient you’ll be in a time of rapid change.
The report analyzed responses of more than 300 IT business decision-makers through a survey conducted in February 2022 by Census-wide, a global research company.

Design a site like this with WordPress.com
Get started