Insights blog.

Over the last several years Shadow IT has grown from a minor annoyance into a major threat to business operations. While the term is often used to refer to runaway tech spending by users in marketing or dev-ops or finance, it has in fact become a much larger issue that involves the very core of organizational infrastructure with the potential to pose enormous cyber risk.

In the world of cybersecurity, there’s one ultimate truth that applies in every scenario: You can’t secure what you can’t see. Making informed, comparative decisions about your digital ecosystem requires you to understand where all your critical assets live — and any inherent risks present there. With as much as 75% of the workforce shifting to remote work in some industries, this visibility is more critical than ever.

The cornerstone of digital transformation is the migration of apps and data to the cloud. There are obvious benefits to doing this. Businesses become more nimble and agile, and the cost of maintenance and development is off-loaded to a third-party. The benefits are so profound that, as of 2019, 84% of businesses used cloud-based SAAS (software as a service) apps. 

Security leaders are increasingly making their cases through metrics. Data-driven measurement of cybersecurity performance can be used to justify spending, quantify risk, and more. 

It’s often said that our reputation precedes us. When it comes to the damage that can be done by a cybersecurity incident, that couldn’t be more true. In today’s security-focused world, a single breach can dramatically impact the public perception of your organization, ultimately leading to a loss of business and a hit to your bottom line.

Cyber risk reduction is emerging as one of the most significant issues organizations face when managing their cybersecurity. As digital ecosystems expand, it’s crucial that organizations have insight into their core digital assets and the level of risk present. To improve performance over time, it’s critical to have visibility into your attack surface across various environments. With as much as 75% of the workforce shifting to remote work in some industries, this visibility is more important than ever.

As the nation struggles to come to terms with the coronavirus and questions linger around our readiness for such a pandemic, government leaders are already grappling with the next potential catastrophe — a major cyberattack against the U.S.

As the world wrestles with the spread of the COVID-19 coronavirus, many businesses are instituting new work from home (WFH) policies to keep employees safe and do their part to help halt the rate of infection. While remote work has long been a reality for many employees and businesses, remote work on such a large scale is frankly unprecedented and has the potential to open entirely new problems for security teams. It may make already challenging but essential work more difficult, and will require a careful reexamination of long standing policies, systems, and procedures.

The Department of Defense (DoD) has one of the largest supply chains in the world, scaling to hundreds of thousands of different vendors and partners. Yet, these vital partners in our nation’s defense infrastructure pose a huge cyber risk.

As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on a day-to-day basis.

Back in 1990, Hollywood producers imagined a complex plot in which an army of mercenaries with malicious intent hack into and take over the air traffic control system at Washington Dulles International Airport. The result was the classic movie, Die Hard 2.

2020 is not only the beginning of a new year, but the start of a new decade, and with it comes the dawn of a new era for the digital world. We’re now in the midst of the once far-off, “futuristic” time periods old books and movies used to dream about. But does your security performance management strategy match the functionality of today’s technology? 

No one wants to talk about their failures, especially in the cybersecurity realm where the stakes are high. But new insight from Symantec and Goldsmiths, University of London, finds that security professionals who have lived through a cybersecurity attack or breach could be the answer to protecting your organization against future threats.

Management consultants, accountants, public safety offices, marketing firms, and many more business and professional services organizations are high-value targets for cybercriminals due to the range of confidential client information they handle. Companies in this sector should all have solid security postures — and many do. But there’s still an alarming number of enterprises that do not.

A new report from the Information Security Forum (ISF) contains some fascinating insights into how hackers probe and exploit people's psychological vulnerabilities to gain access to corporate systems. From phishing to "whaling" (targeting high level executives) to "baiting" (offering something in return for credentials or information), hackers are using several tactics to gain a foothold. They also know the best time to deploy those tactics – at the end of the day, for example, when a person is tired and may not make the best decisions.