Bad actors are waging increasingly sophisticated and frequent attacks—including ransomware, cyber espionage, zero-day malware and fileless attacks—to exploit endpoint vulnerabilities. These rapid-fire, diverse attacks are generating an average of 11,000 alerts per week that security teams must investigate, triage and address.
As business leaders outside of IT continue accepting cybersecurity as a business strategy rather than just as a digital defense mechanism, there are still major vacancies in the cybersecurity personnel pipeline that require addressing. Knowing this, WEI’s advanced security solutions are complemented by a focus on helping replenish the talent pipeline. This commitment is confirmed by WEI’s partnership with CyberTrust Massachusetts, a non-profit organization working to cultivate a robust talent pipeline. The support CyberTrust receives from its higher education consortium members is paramount, especially with the all-new Cyber Range at Bridgewater State University (BSU) opening earlier this year.
See Bill Frank’s biography and contact information at the end of this article.
[Note: This is an updated version of the original article posted on March 21, 2024. I replaced the term "Governance” Controls with “Performance” Controls to eliminate any confusion with the NIST Cybersecurity Framework 2.0 use of the term “Governance.”
I focus here on automated controls that monitor and measure the “performance” of “Defensive” controls that directly block threats or at least alert on suspicious activities.
How well are your cybersecurity controls performing? Measuring control efficacy is challenging. In fact, under-configured, misconfigured, and poorly tuned controls, as well as variances in security processes are the Achilles Heels of cybersecurity programs.
A mismatch between risk reduction potential and performance results in undetected threats (false negatives) as well as an excessive number of false positives. This leads to an increase in the likelihood of loss events.
All controls, whether people, processes, or technologies, can be categorized in one of two ways – Defensive or Performance.
Businesses face the constant challenge of fortifying their defenses to maintain resilience, productivity, and uninterrupted operations. This is especially important given the world’s increased data breach events, server outages, and the growing volume of data and users accessing their systems.
Inside our IT bubble, leaders are aware of the cybersecurity skills shortage that plagues enterprises. As concerning as this challenge is, it may come as a surprise to the general public despite headlines over record ransoms, data leaks, and network breaches. Simply put, there are many more position openings than individuals available to fill them. This imbalance is creating a security gap that cybercriminals are taking advantage of.
As threat actors get more sophisticated and aggressive campaigns become more commonplace, it is imperative that corporations step up their game. In the age of artificial intelligence (AI), machine learning (ML), and automation, the resources for a holistic approach have never been more available. Enterprises are starting to recognize the need to modernize their security operations center (SOC) with an advanced SOC solution. Unfortunately, CISOs everywhere are finding it difficult to identify a partner dedicated enough to conduct their due diligence about customer needs, identify potential solutions on the market, and deliver the know-how to implement the best technical solutions. WEI can do that.
This is the final installment of a two-part series dissecting the Left of Bang strategy and mindset and how it applies to modern cybersecurity practices. Click here to read part one. Left of bang is a proactive cybersecurity approach that strengthens incident detection and response by identifying and addressing threats before they impact the organization.
There used to be a single test to determine the effectiveness of your data backup strategy. It centered around successfully restoring your data from a backup, and you would rest easy knowing that you would, in theory, recover from a data loss event. It was really that simple.
This is the first installment of a two-part series dissecting the Left of Bang strategy and mindset and how it applies to modern cybersecurity practices. Click here to read part one.
Cybersecurity threats, including ransomware, malware and phishing, continue to grow and evolve, increasing risk for businesses of all sizes and across all industries. According to the World Economic Forum’s 2023 Global Risks Report, cybercrimes rank among the top ten global risks—ahead of the natural resources and debt crises, prolonged economic downturn and the use of weapons of mass destruction. With 91% of respondents in the 2023 Global Cybersecurity Outlook study reporting that a “far-reaching, catastrophic cyber event is at least somewhat likely in the next two years,” organizations need to do more to keep pace with the diverse, ever-changing threat landscapeto better manage cyber risk.
Today’s discussion on sustainability is increasingly prevalent in ongoing dialogues, touching on varied issues from governmental budgeting practices to environmental concerns over global population growth. The state of sustainability is also a hot topic when it comes to cybersecurity as the aging reliance on human-led incident response grows flawed. The rationale for this shift is straightforward:
