Some of the decisions by IT and security professionals are innovative, secure and even cutting-edge, while others are downright cringe-worthy and laden with potential risk. One security decision I’ve seen is allowing the installation of your organization’s virtual private network (VPN) software on an employee’s home computer for remote access. While some security professionals may think of this as an acceptable practice, this policy is high risk with an undesirable attack vector when permitting access into your environment.
It’s time to evolve the role of the Chief Information Security Officer. According to Michael Greene, CEO of Enzoic, That includes technology around data sharing. “CISOs today have the opportunity to help enable the organization to grow by delivering a digital experience that delights customers while mitigating digital risk. This requires the CISO to advise the business about when and where cyber risks could manifest. Security leaders must now be able to transform their security practices in lockstep with all the other changes wrought by business-wide digital transformation.”
Deepfakes and ransomware: Security Boulevard explains how to protect yourself in 2020. “In 2019, 50% of all global organizations fell victim to ransomware, compromised accounts, or spoofed credentials, many due to falling for a phishing attack. In the same year, Australians reported $61.6 million lost due to investment scams. As alarming as these statistics are, we expect cybersecurity threats for 2020 to increase.”
The U.S. National Security Agency took the unusual step Tuesday of announcing what it calls a “severe” vulnerability in Microsoft’s Windows 10 operating system ahead of Microsoft’s Patch Tuesday security update. The flaw could allow attackers to execute man-in-the-middle attacks or decrypt confidential data within applications.
“Looking back, it may well have been the most tumultuous decade ever in changing how legal services are delivered,” writes Bob Ambrogi on LawSites. “In legal technology, it was a decade of tumult and upheaval, bringing changes that will forever transform the practice of law and the delivery of legal services. Feisty startups took on established behemoths. The cloud dropped rain on legacy products. Mobile tech untethered lawyers. Clients demanded efficiency and transparency. Robots arrived to take over our jobs. “Alternative” became a label for new kinds of legal services providers. An expanding justice gap fueled efforts at ethics reform. Investment dollars began to pour in. Data got big.”
Read a roundup of major information security breaches: Capital One, Equifax, Uber, Facebook, Target, JP Morgan, and San Francisco State University. According to writer Dan Swinhoe, “While the CISO is not always let go — Kaspersky reports that senior non-IT employees are laid off at 27% of enterprises (those with over 1,000 employees) that suffer a breach – their positions can often be at risk if there were clear security failures.”
Writer Louis Columbus checks in with five cybersecurity experts who predict the continued growth of AI tools in the coming year. He notes that tech consulting firm “Capgemini predicts 63% of organizations are planning to deploy AI in 2020 to improve cybersecurity, with the most popular application being network security.”
David H. Deans, writing in Cloud Tech News, talks about the advances in artificial intelligence and machine learning. Both sides of the battle leverage the latest tech. “AI and ML have been used widely in cybersecurity industries, by both hacking and security communities, making the security landscape even more sophisticated. Many organisations, regardless of size, are now facing greater challenges in day-to-day IT security operations.”
According to Cyber Security Hub, the concept of a cyber security perimeter intrigues security experts, who have long fought against emerging malware strains and external threats to fortify a network’s interior. Today, is a castle-and-moat strategy a thing of the past?