As part of the ISC2 brand evolution, the ISC2 blog has transitioned to ISC2 Insights. Here you will find the great content you have come to expect from ISC2 including member blogs, cybersecurity news, exclusive features, press releases and more. If you are interested in contributing to this collection or participating in member surveys and more, please register as an ISC2 Volunteer. Should you have any questions related to content, email [email protected]. Continue reading

Breaches hit the U.K. Electoral Commission, the Colorado public education system and retailer Hot Topic, the rise of cyberattacks in sports and the sound of laptop keystrokes could lead to password theft. Here are the latest threats and advisories for the week of August 11, 2023. Threat Advisories and Alerts Microsoft Warns That Cyberattacks Impacting Sporting Events Are Likely to Increase Major sporting events are becoming a growing target for cybercriminals, warns Microsoft. In the past several years, notable sport franchises have suffered cyberattacks, including Manchester United, the Houston Rockets and the San Francisco 49ers. While sporting events seem like... Continue reading

As more critical data and assets move to the cloud, they’ve become prime targets for cybercriminals. Organizations worldwide need cloud security professionals who understand the evolving complexities to identify and mitigate security risks. Complicating matters, most are operating under a multicloud strategy that uses two or more cloud service providers. Are you ready to take your career higher into the cloud? (ISC)², creator of the leading advanced cybersecurity certification, the CISSP®, recommends these specific steps. Become an (ISC)² Candidate. Begin your journey by joining (ISC)², the world’s leading cybersecurity professional organization, more than 450,000 members, associates and candidates strong. As... Continue reading

As part of our recent Conversations with Leaders virtual conference, a roundtable of current and former CISOs and a cybersecurity attorney discussed key messages and how to deliver them to ensure Board interactions are relevant, educational, and impactful for their governance. At the top of any company is the Board. These are the directors who generally don’t manage the business day-to-day but provide governance, guidance and oversight to the senior executives who do. Most importantly, in a legal sense the buck stops with the Board – they are the ones who have a legal obligation to ensure the business is... Continue reading

(ISC)² held its first annual global DEI summit on Wednesday, July 12, at George Mason University in Arlington, Virginia. The theme of the in-person summit, "Amplifying Our Impact: Advancing DEIB in Cybersecurity," brought cybersecurity leaders together to discuss how they can ensure the cyber ecosystem is a more diverse, equitable, and inclusive space for incoming and existing talent. The all-day event fostered a unique opportunity for professionals in the government, nonprofits, academia and the private industry to learn insightful information from peers who hail from places around the world, such as Australia, Europe, and Africa. Attendees gained a deeper understanding... Continue reading

Interconnected and distributed systems have made the role of APIs critical to enabling discreet connectivity between systems but can create additional risk. By Dave Cartwright, CISSP Application Programming Interfaces (APIs) are notoriously difficult to secure, particularly if they are internet-facing. As one source puts it: “APIs are designed to facilitate communication between different systems and applications, which means they are inherently exposed to various external actors. This exposure increases the attack surface, making them attractive targets for malicious actors”. So, what can we do to make the best of a challenging concept? In a (ISC)² webinar, Byron McNaught from the... Continue reading

Organizations accelerating their operations in the cloud are adopting a multicloud approach. Their goal: an infrastructure that’s agile, dispersed and supportive of data access anywhere by hybrid workforces and customers. The numbers demonstrate the trend: 72% of organizations are adopting a hybrid or multicloud strategy. 72% use multiple IaaS providers. 39% have more than half of their workloads in the cloud. In tandem with the rise of multicloud, cybersecurity concerns have evolved and intensified. As more data is stored across multiple cloud service providers, cyberthreats targeting cloud resources are more frequent. Organizations worldwide are grappling with cloud-based risks and how... Continue reading

SECURE London 2022 With a little over six weeks to go until (ISC)² SECURE London returns to the U.K.’s capital, it’s time to secure your ticket and start planning which sessions to attend. Taking place on Thursday, 21 September, at Kings Place in Kings Cross, (ISC)² SECURE London features an extensive agenda bringing together member and industry speakers from government, academia, businesses and more. With a focus on the most topical issues impacting organizations of all sizes, (ISC)² SECURE London is a valuable opportunity for members and other cybersecurity professionals from across the U.K. to come together, hear from experts... Continue reading

One of the biggest vindications of open-source software in recent years has been its widespread adoption by the finance sector. By Joe Fay In its 2022 State of Open Source in Financial Services report, the Fintech Open Source Foundation (FINOS) found that 87% of respondents agreed that open source is “valuable to the future” of the industry, with open-source consumption and the use of open standards seen as top factors in increasing productivity. Banks and other institutions have clearly decided it makes no sense to constantly develop their own software from the ground up when open-source alternatives exist. This not... Continue reading

As malware spreads from IT to OT, the focus is shifting from business interruptions to physical harm, with the final responsibility resting with the CEO. Amid this fundamental change in threat and attack strategy, organizations need to focus on asset-centric cyber-physical systems and ensure teams are in place to handle monitoring and management of these key systems. By Dave Cartwright, CISSP Cybersecurity professionals are used to defending IT systems against malware and other cyber attacks. In recent years, though, attackers have increasingly targeted Operational Technology (OT) systems. What is OT? According to the UK’s National Cyber Security Centre (NCSC) it... Continue reading

By Tara Wisniewski, EVP, Advocacy, Global Markets and Member Engagement, (ISC)² Summary The U.S. Securities and Exchange Commission (SEC) last week voted to adopt significant new rules relating to how publicly traded companies act and disclose cybersecurity-related risk and incidents. While U.S. healthcare providers, financial services firms and other critical infrastructure operators must, by law, report data and network breaches, no all-encompassing U.S. federal breach or incident disclosure law currently exists. However, the new rules passed by the SEC commissioners leave considerable ambiguity, particularly regarding the definition and measure of risk, along with not making a definitive ruling on cybersecurity... Continue reading

Transitioning military personnel - come to learn valuable insights from a panel of recruitment experts as they discuss “Critical Next Steps for Transitioning Military '' on Thursday, October 26 at 3:05 pm CT in the Career Center at (ISC)2 Security Congress. Meet the Panel This military transition discussion will feature Kirsten Renner, Tiffany Robbins, and Michael McCoy. Kirsten Renner, Talent Engagement Lead at Accenture Federal Services is a passionate supporter of active-duty service members, veterans, and transitioning military job seekers, in addition to being a proud Army mom. Kirsten has a history of providing resume reviews and guidance to transitioning... Continue reading

By Enoma Odia, CISSP, ISSMP, CSSLP In Part One of this blog, I explained how Sector-wide Integrated Cyber Defense Approach (SICDA) is intended to function, the challenges of this process, as well as some root causes to be addressed to mitigate those challenges. To overcome existing limitations in individual cybersecurity efforts, consider the adoption of a collective and cooperative model inspired by the strategies employed in conventional warfare, where allies unite for robust defense against adversaries. This model, known as the Sector-wide Integrated Cyber Defense Approach (SICDA), takes a holistic and integrated approach towards fortifying cybersecurity resilience. SICDA envisions fostering... Continue reading

By: Anindya Chatterjee, CISSP, CCSP The threat landscape has evolved a lot in the past two years following by the Kaseya incident. With the maturity of software-as-a-service (SaaS) marketplaces and an industry-wide cost saving drive for off the shelf applications, the dependency on managed service providers (MSPs) and application providers has increased. Initially, organizations had a choice of on-premise or SaaS deployment but now it’s a decision largely driven by vendor solutions. Organizations are much more dependent on cloud providers and application providers. Today, more that 50 percent of industry applications are bought off-the-shelf and hence the threat pertaining to... Continue reading

The myth of Mac’s malware invincibility, ransomware attacks skyrocketed in June and North Korean actors found to be behind the JumpCloud breach. Here are the latest threats and advisories for the week of July 28, 2023. Threat Advisories and Alerts Vulnerability Leaves 900,000 MikroTik Routers Open to Attack An estimated 900,000 MikroTik routers may be vulnerable to attack due to a new security flaw. The vulnerability (CVE-2023-30788) can provide cybercriminals entry into an organization’s network. "The worst-case scenario is that an attacker can install and execute arbitrary tools on the underlying Linux operating system," said security researcher Jacob Baines. Considering... Continue reading

By Enoma Odia, CISSP, ISSMP, CSSLP Cybersecurity is a crucial concern for modern organizations due to the rise of increasingly sophisticated cyber threats and attacks. Implementing cybersecurity controls and managing the escalating risk presents considerable challenges for organizations, especially considering the potential financial implications. It is why collaboration is a preferred approach, allowing cost and workload to be diluted to more manageable levels. While cybersecurity collaboration is not a novel concept, government agencies like ENISA and CISA-ISACs are primarily tasked with promoting collaboration to bolster cybersecurity resilience. Notwithstanding, these agencies often rely on information sharing on emerging threats, vulnerabilities, and... Continue reading

Social media giant chooses DEF CON to stress test AI models in an unusual public show of its technology and security approaches. Meta will let developers loose on its large language models at DEF CON next month, as it adopts a more “open” approach to assuring regulators and society at large that its artificial intelligence (AI) algorithms are resilient and secure. The move was revealed by Meta’s president of global affairs and the former U.K. politician, Nick Clegg, in an opinion piece in the Financial Times. The world is not anywhere close to achieving artificial general intelligence (AGI) argued Clegg.... Continue reading

By Alexander Bovell, CISSP, a seasoned IT professional with a wealth of knowledge in the field of information security. Often, I’m asked, what is cybersecurity? Why is cybersecurity important? What job sector would it be implemented in? Cybersecurity protects computers, networks, and data from unauthorized access or damage. While most users use products as intended, others use them for nefarious activities. Cyber and information security personnel help protect against these bad actors and advise where protections should be implemented. As to where it should be implemented, my answer is that information security should be implemented everywhere, from schools, businesses, and... Continue reading

Imperva sold in a multi-billion dollar exit deal for its private equity owners, U.K. businesses struggle with cyber skills shortage, the U.S. moves on AI and MOVEit keeps causing trouble. Thales Agrees $3.6 billion Deal for Imperva with Thoma Bravo French conglomerate Thales, which has operations from aerospace to defense, has agreed a $3.6 billion takeover deal for U.S.-based cybersecurity software and services company Imperva. The acquisition, which will create a combined cybersecurity business with more than €2.4 billion in annual revenues, will add Imperva’s Web Application Firewall (WAF) to the Thales product line, along with Imperva’s application security portfolio... Continue reading

By Dwayne Natwick, CISSP, CCSP, CGRC, CC, (ISC)² Authorized Trainer, author, and product manager with 30+ years of experience in the IT industry You want to take the CCSP exam with the hopes of getting (ISC)² Certified Cloud Security Professional. So, what are the best ways to prepare for this exam? People prepare and learn differently. You may prefer a study guidebook, you may test your skills through on-demand courses and quizzes, or maybe you prefer preparation through a full instructor-led training course. Whatever your preference, this article will provide you with some of the tools and materials that you... Continue reading