{"id":5003,"date":"2021-12-30T12:23:22","date_gmt":"2021-12-30T12:23:22","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/?p=5003"},"modified":"2021-12-30T12:23:22","modified_gmt":"2021-12-30T12:23:22","slug":"it-security-news-mon-5-dec-2021","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2021\/12\/30\/it-security-news-mon-5-dec-2021\/","title":{"rendered":"IT Security News – Mon, 5 Dec 2021"},"content":{"rendered":"\n

 Gauging Cybersecurity Resiliency and Why It Matters<\/strong>
Joao-Pierre S. Ruth<\/em>
Information Week<\/em>
Early this month, Accenture released results of its annual State of Cyber Resilience study, which asked more than 4,700 executives questions about their organizations\u2019 effectiveness in halting cyberattacks.
Ryan LaSalle, senior managing director and Accenture Security\u2019s North America lead, says resiliency (as the survey defines it) is a measure of the ability to survive and thrive while under cyberattack.
Which Cyber Defender Are You?
\u201cBusiness Blockers\u201d sought to prioritize cybersecurity resilience over the organization\u2019s business strategy even to the point of being seen as impeding business objectives.
\u201cThe Vulnerable\u201d did not have security measures aligned with their business strategy and held security at bare minimum.
\u201cCyber Risk Takers\u201d focused on business growth and speed to market for the sake of the company strategy, though they understood and accepted the risks.
\u201cCyber Champions\u201d pursued a balance where they aimed to protect the organization\u2019s key assets while also aligning with business strategy so key objectives could still be pursued in a meaningful, reasonable fashion.
Security spending is up, LaSalle says, coming in at 15% of IT budgets in 2021 compared with 10% in 2020.
How organizations invest in security can determine whether increased spending actually results in improved performance, he says. \u201cFor a lot of people in the \u2018Vulnerable\u2019 category, their security and technology debt is pretty high,\u201d he says. \u201cThey haven\u2019t historically kept up with [tech] investment; they haven\u2019t been able to get security embedded into all the programs they need; they\u2019re always playing catchup and they will always be behind the curve.\u201d
Numerous enterprises are still trying to figure out how to securely advance their business strategies in the cloud.
The conversation is changing, he says, with organizations showing that by making security part of the plan early, it is possible to accelerate cloud adoption. \u201cYou can get there faster and more surely by having security at the table in the beginning and starting to look at ways to automate the capabilities that are needed,\u201d LaSalle says.
Link:<\/strong> https:\/\/www.informationweek.com\/security-and-risk-strategy\/gauging-cybersecurity-resiliency-and-why-it-matters?_mc=NL_IWK_EDT_IWK_daily_20211116&amp;cid=NL_IWK_EDT_IWK_daily_20211116&amp;elq_mid=10759<\/a><\/p>\n\n\n\n

 90% of IT Decision Makers Believe Organizations Compromise on Cybersecurity in Favor of Other Goals<\/strong>
VS Daily<\/em>
Trend Micro Incorporated has announced new research revealing that 90% of IT decision makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals.
Additionally, 82% have felt pressured to downplay the severity of cyber risks to their board.

The research reveals that just 50% of IT leaders and 38% of business decision makers believe the C-suite completely understand cyber risks.
Although some think this is because the topic is complex and constantly changing, many believe the C-suite either doesn\u2019t try hard enough (26%) or doesn\u2019t want (20%) to understand.

However, 31% of respondents believe cybersecurity is the biggest business risk today, and 66% claiming it has the highest cost impact of any business risk \u2013 a seemingly conflicting opinion given the overall willingness to compromise on security.

There are three main ways respondents believe the C-suite will sit up and take notice of cyber risk:
62% think it would take a breach of their organization
62% it would help if they could better report on and more easily explain the business risk of cyber threats
61% say it would make an impact if customers start demanding more sophisticated security credentials
Link:<\/strong> http:\/\/vsdaily.com\/90-of-it-decision-makers-believe-organizations-compromise-on-cybersecurity-in-favor-of-other-goals\/<\/a><\/p>\n\n\n\n

 Study Reveals 70% of Security and IT Pros Find Security Hygiene and Posture Management Increasingly Challenging Over the Past Two Years<\/strong>
TMC Net News<\/em>
MORRISVILLE, N.C., Nov. 18, 2021 \/PRNewswire\/ — JupiterOne, the cybersecurity industry’s leading cyber asset management and governance solutions provider, today announced the findings of a new survey by Enterprise Strategy Group (ESG), which warns of inadequate security hygiene and posture management practices at many organizations.

The ESG research found that 86% of organizations believe they follow best practices for security hygiene and posture management.
However, 70% of organizations said they use more than ten security tools to manage security hygiene and posture management, which raises concerns about data management and operations overhead, according to Jon Oltsik, ESG Principal Analyst and Fellow, and author of the report.

In addition, 73% of security professionals admitted that they still depend on spreadsheets to manage security hygiene and posture at their organizations.
As a result, 70% of respondents said that security hygiene and posture management had become more difficult over the past two years as their attack surfaces have grown.

Overall, the report suggests that security asset management programs are too often informal, disorganized, and immature.
It sugests that organizations would benefit from adopting greater integration technologies, advanced analytics, and process automation, according to ESG.

The survey exposed many dangerous vulnerabilities, as nearly one-third of respondents (31%) said they discovered sensitive data in previously unknown locations, and 30% found websites with a path to their organizations.
In addition, 29% uncovered employee corporate credentials or misconfigured user permissions, while 28% exposed previously unknown SaaS applications.

Perhaps most troubling is the fact that 69% of organizations admitted they had experienced at least one cyber-attack that started through the exploit of an unknown or unmanaged internet-facing asset, including software, cloud-based workloads, user accounts, and IoT devices.

As a result of these threats, the survey found that 80% of organizations plan to increase spending for security hygiene and posture management within the next 18 months.
The top budget priorities areas include data security tools (31%); cyber-risk quantification tools (30%); and cloud security posture management (28%).
Link:<\/strong> https:\/\/www.tmcnet.com\/usubmit\/2021\/11\/18\/9496001.htm<\/a><\/p>\n\n\n\n

 Xenith Names Bill Long Chief Information Security Officer<\/strong>
TMC Net News<\/em>
RESTON, Va., Nov. 17, 2021 \/PRNewswire\/ — Xenith Solutions (Xenith) today announced Bill Long has been named as the new Chief Information Security Officer (CISO) overseeing cybersecurity operations and strategy for Xenith and TRI-COR Industries (TCI); a wholly owned subsidiary of Xenith.

Mr. Long, who has been working as a Sr.
Cybersecurity Engineer for Xenith since it was founded, has over 40 years of industry experience in large enterprise network environments specializing in cybersecurity architecture, design, engineering, and operations.
Mr. Long will report directly to the owners of Xenith.
Link:<\/strong> https:\/\/www.tmcnet.com\/usubmit\/2021\/11\/17\/9494467.htm<\/a><\/p>\n\n\n\n

 Survey Finds CISOs are Missing Holidays like Thanksgiving and Not Taking Vacation Due to Work Demands<\/strong>
Vigilance Security Magazine<\/em>
A new report from Human Layer Security company Tessian reveals that two in five Chief Information Security Officers (CISOs) have missed holidays like Thanksgiving due to work demands.
In addition, one-quarter have not taken time off work in the past 12 months.

In addition to missing national holidays, Tessian\u2019s report reveals that CISOs work, on average, 11 more hours than they\u2019re contracted to each week while one in 10 works 20 to 24 hours extra a week.
As a result of their stressful jobs, 59% of CISOs say they struggle to always switch off from work once the working day is over.

A quarter of security leaders said they spend between nine and 12 hours per month investigating and remediating each threat caused by human error, while more than one in 10 spend over a day.
So it\u2019s no surprise that 34% of CISOs reported spending excessive time on triaging and investigation.

In addition, 38% of CISOs believe they\u2019re spending too much time in departmental meetings and reporting to the board on cybersecurity, while one-third also feel drained by administrative tasks.
Similarly, 38% of CISOs also report feeling that they are spending too little time on their own career development.
When asked to elaborate on what they are not spending enough time on, CISOs said: hiring talent for my team (36%), attending non-departmental meetings (38%), communicating to customers (35%), researching new industry updates and trends (36%) and working on my own career development (38%).

In addition, 42% of CISOs say they have missed a federal or national holiday like Thanksgiving or Christmas, and 40% have missed a family vacation due to work.
One-third of CISOs report being unable to exercise regularly.
Link:<\/strong> https:\/\/vigilance-securitymagazine.com\/news\/top-categories\/case-studies\/10900-survey-finds-cisos-are-missing-holidays-like-thanksgiving-and-not-taking-vacation-due-to-work-demands<\/a><\/p>\n\n\n\n

 Report: Only half of companies employ a CISO<\/strong>
Venture Beat<\/em>
According to a new report from managed cloud service provider Navisite, nearly half (45%) of companies surveyed do not employ a chief information security officer (CISO).
However, 58% believe they should hire a CISO or CSO.

Due to a noticeable lack of cybersecurity leadership, Navisite found that 60% rely on other parts of their organization outside the CISO\/CSO or security team, including IT, executive leadership, and compliance.
75% of organizations also reported an increase in overall threat volume over the last year, with ransomware (37%) and phishing\/spear-phishing (33%) reported as the top cyberthreats.
Link:<\/strong> https:\/\/venturebeat.com\/2021\/11\/19\/report-only-half-of-companies-employ-a-ciso\/<\/a><\/p>\n\n\n\n

 The dangers of \u201cconnected\u201d healthcare: predictions for 2022<\/strong>
Maria Namestnikova<\/em>
Secure List<\/em>
For a second consecutive year, the time for Kaspersky to make its predictions for the healthcare sector comes amid the global COVID-19 pandemic.
Unfortunately, the virus still dominates most aspects of our lives, and, of course, the pandemic remained the biggest and most-discussed topic in medicine.

Predictions for the year 2022<\/p>\n\n\n\n