Tag: Strategies
In the current era driven by automation and connectivity, retaining top IT talent is becoming increasingly important for enterprises to deliver world-class customer experiences in order to stand out and stay ahead in the race. However, as companies pursue digitization to drive transformation and innovation, they simultaneously become vulnerable to cyberattacks. Last year, Hong Kong…
Read MoreDifficult security incidents are unique and valuable opportunities. They are the sort of testing you can’t buy: real-world, un-simulated, and direct. No pen-test or code review is going to do what a serious incident will. They are priceless jewels, but only if you use them for all they’re worth. Capturing that value is only possible…
Read MoreThis is the first in a three-part series on the new Department of Defense (DoD) audit requirement called Cybersecurity Maturity Model Certification (CMMC). This first part introduces CMMC and what it means for the future of U.S. government suppliers of cybersecurity. Part two will discuss how to prepare for a CMMC audit. Part 3 will…
Read MoreLooking back at 2020, it was obvious even at the time that everything had changed forever. The COVID-19 pandemic left nothing as it was. It brought disruption and loss to everyone. For security and IT staff, it also ushered in the Great Remote Access Experiment. Our work was suddenly thrust into the limelight, but without…
Read MoreThis is the second in a three-part series on the new Department of Defense (DoD) audit requirement called Cybersecurity Maturity Model Certification (CMMC). Part one introduced the DoD CMMC model and what it means for the future of U.S. government cybersecurity suppliers. Part two goes into more detail about the CMMC audit itself. CMMC did…
Read MoreThis is the third in our series on the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC). Our previous articles introduced the DoD CMMC model and how to prepare for DoD CMMC audits. This final article covers how a CMMC audit is expected to play out for an assessed organization. In an American court…
Read MoreIn general, organizations should implement just enough necessary cybersecurity to mitigate risk and meet compliance requirements. We’ve talked about how to mitigate known, foreseeable cyberthreats, but what is the lowest bar for a typical organization with respect to cybersecurity? To figure this out, we need to think about universal compliance and legal obligations for any…
Read MorePredictions are a risky business. If you play it too conservatively, you tell everyone what they already know and just get an eye roll for your trouble. If you go out on a limb and get it wrong, people stop listening to you. That’s why, as we unwisely return to the task of predicting the…
Read MoreThe conflict in Ukraine brings the possibility of increased cyberattacks targeting the public infrastructure of NATO nations and their allies, and could easily extend to corporations and other entities within those countries as well. The US CISA (Cybersecurity and Infrastructure Security Agency) has provided technical guidance and reporting methods at https://www.cisa.gov/shields-up which is an excellent…
Read MoreAre cybersecurity budgets increasing or decreasing? In December 2019, experts were predicting 2020 would see a modest 8.7% growth in cybersecurity spending. With the ongoing COVID-19 pandemic, it comes as no surprise that security budgets instead are being slashed, prompting Gartner to revise its estimate to 2.4% growth in spending. Are they right? Let’s look…
Read More