Navigating the cybersecurity doldrums in 2016 and beyond

| October 17, 2016

article image
While the broader SaaS stocks have recovered from Q1 lows, I couldn’t help but wonder why IT security companies haven’t bounced back [see Figure 1]. There is a lot of confusion and skepticism among investors, and they have good reason to be wary. The security sector is oversaturated. A shakeout is inevitable, and scores of security startups will fail. But savvy investors need not shun the sector’s tremendous potential if they look for three key indicators that can help determine whether a security vendor is built to last. Cybersecurity is a market unto itself, primarily because the speed at which security software evolves stands out even within the constantly changing technology sector. Just think – we didn’t even have smartphones before 2005, few devices were connected to the Internet of Things in 2010, and wearables didn’t come into the picture until 2013. Now we’re talking about connected cars. Given the stakes, it’s little surprise that cybersecurity spending is at an all-time high [see Figure 2].

Spotlight

SinglePoint Global

Single Point Global Inc. (SPG) is an IT services vendor focusing on the infrastructure needs agnostic of industry or size since 2007. Our core services include cloud, phones, internet and support which currently are servicing companies across 8 different countries around the world large and small. Our mission is to provide our services to every customer, at the best rate, in the most redundant way and in any location giving you one point of contact for each of these primary IT needs. Our value-add is to be the core service provider by delivering these specific offerings in an effective, dynamically growing and market leading approach.

OTHER ARTICLES

We Need to Improve Cybersecurity Standards in Space

Article | February 27, 2020

Last month, SpaceX became the operator of the world’s largest active satellite constellation. As of the end of January, the company had 242 satellites orbiting the planet with plans to launch 42,000 over the next decade. This is part of its ambitious project to provide internet access across the globe. The race to put satellites in space is on, with Amazon, UK-based OneWeb and other companies chomping at the bit to place thousands of satellites in orbit in the coming months. These new satellites have the potential to revolutionise many aspects of everyday life – from bringing internet access to remote corners of the globe to monitoring the environment and improving global navigation systems. Amid all the fanfare, a critical danger has flown under the radar: the lack of cybersecurity standards and regulations for commercial satellites, in the US and internationally. As a scholar who studies cyber conflict, I’m keenly aware that this, coupled with satellites’ complex supply chains and layers of stakeholders, leaves them highly vulnerable to cyberattacks.

Read More

Information Security Management System to Protect Information Confidentiality, Integrity, and Availability

Article | June 18, 2021

In this modern world of technology, ensuring information security is very important for the smooth running of any organization. Unfortunately, there are many information/cyber security threats, including malware, ransom ware, emotet, denial of service, man in the middle, phishing, SQL injection, and password attacks. Whatever your business is, no doubt, it can collapse your business and your dreams. However, the severity of its after-effects depends upon the type of business you do. As information security threat has become a hurdle for all organizations, companies must implement an effective information security management system. In 2019 alone, the total number of breaches was 1473. It is increasing every year as businesses are doing digital transformation widely. Phishing is the most damaging and widespread threat to businesses, accounting for 90% of organizations' breaches. This article lets you understand what ISMS is and how it can be effectively implemented in your organization. Information Security Management System (ISMS) According to ISO/IEC 27001, Information Security Management System (ISMS) refers to various procedures, policies, and guidelines to manage and protect organizations' information assets. In addition, the system also comprises various other associated resources and activities frameworks for information security management. Organizations are jointly responsible for maintaining information security. People responsible for security in an organization ensure that all employees diligently meet all policies, guidelines, and other objectives regarding protecting information. Also, they safeguard all assets of the organization from external cyber threats and attacks. The goal and objective of the system are to protect the confidentiality, integrity, and availability of assets from all threats and vulnerabilities. Effectively implementing an information security management system in your organization avoids the possibility of leaking personal, sensitive, and confidential data and getting exposed to harmful hands. The step-by-step implementation of ISMS includes the process of designing, implementing, managing, and maintaining it. Implementing ISMS in Organizations The standard for establishing and maintaining an information security management system in any organization is ISO 27001. However, as the standard has broad building blocks in designing and implementing ISMS, organizations can shape it according to their requirements. Effectively implementing ISMS in organizations in compliance with ISO 27001 lets you enjoy significant benefits. However, an in-depth implementation and training process has to be ensured to realize these benefits comprehensively. Therefore, let us look into how an information security management system can be successfully implemented in your organization. Identification The first step in implementing ISMS is identifying the assets vulnerable to security threats and determining their value to your organization. In this process, devices and various types of data are listed according to their relative importance. Assets can be divided across three dimensions: confidentiality, integrity, and availability. It will allow you to give a rating to your assets according to their sensitivity and importance to the company. Confidentiality is ensuring that the assets are accessed by authorized persons only. Integrity means ensuring that the data and information to be secured are complete, correct, and safeguarded thoroughly. Availability is ensuring that the protected information is available to the authorized persons when they require it. Policies and Procedures and Approval from the Management In this step, you will have to create policies and procedures based on the insights you got from the first step. It is said to be the riskiest step as it will enforce new behaviors in your organization. Rules and regulations will be set for all the employees in this step. Therefore, it becomes the riskiest step as people always resist accepting and following the changes. You also should get the management approval once the policies are written. Risk Assessment Risk assessment is an integral part of implementing an Information Security Management System. Risk assessment allows you to provide values to your assets and realize which asset needs utmost care. For example, a competitor, an insider, or a cybercriminal group may want to compromise your information and steal your information. With a simple brainstorming session, you can realize and identify various potential sources of risk and potential damage. A well-documented risk assessment plan and methodology will make the process error-free. Risk Treatment In this step, you will have to implement the risk assessment plan you defined in the previous step. It is a time-consuming process, especially for larger organizations. This process is to get a clear picture of both internal and external dangers that can happen to the information in your organization. The process of risk treatment also will help you to reduce the risks, which are not acceptable. Additionally, you may have to create a detailed report comprising all the steps you took during the risk assessment and treatment phase in this step. Training If you want effectively implement all the policies and procedures, providing training to employees is necessary. To make people perform as expected, educating your personnel about the necessity of implementing an information security management system is crucial. The most common reason for the failure of security management failure is the absence of this program. Implementing ISMS Once policies and procedures are written, and necessary training is provided to all employees, you can get into the actual process of implementing it in your organization. Then, as all the employees follow the new set of rules and regulations, you can start evaluating the system's effectiveness. Monitoring and Auditing Here you check whether the objectives set were being met or not. If not, you may take corrective and preventive actions. In addition, as part of auditing, you also ensure all employees are following what was being implemented in the information security management system. This is because people may likely follow wrong things without the awareness that they are doing something wrong. In that case, disciplinary actions have to be taken to prevent and correct it. Here you make sure and ensure all the controls are working as you expected. Management Review The final step in the process of implementing an information security management system is management review. In this step, you work with the senior management to understand your ISMS is achieving the goals. You also utilize this step to set future goals in terms of your security strategy. Once the implementation and review are completed successfully, the organization can apply for certification to ensure the best information security management practices. Summing UP Organizations benefit from implementing and certifying their information security management system. The organization has defined and implemented a management system by building awareness, training employees, applying the proper security measures, and executing a systematic approach to information security management. Thus implementation has the following benefits: Minimized risk of information loss. The increased trust of customers in the company as the company is ISO/IEC 27001 certified. Developed competencies and awareness about information security among all employees The organization meets various regulatory requirements. Frequently Asked questions What are the three principles of information security? Confidentiality, integrity, and availability (CIA) are the three main principles and objectives of information security. These are the fundamental principles and the heart of information security. How does information security management work? Information security management works on five pillars. The five pillars are assessment, detection, reaction, documentation, and prevention. Effective implementation of these pillars determines the success of the information security management in your company. What are the challenges in information security management? Challenges in information security management in your company can be the following: You can’t identify your most critical data Policies aren’t in place for protecting sensitive information. Employees aren’t trained in company policies. Technology isn’t implemented for your policies. You can’t limit vendor access to sensitive information.

Read More

The Coronavirus is Already Taking Effect on Cyber Security– This is How CISOs Should Prepare

Article | March 18, 2020

Cynet has revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by threat actors. The Coronavirus is hitting hard on the world’s economy, creating a high volume of uncertainty within organizations. Cynet has revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by threat actors. In light of these insights, Cynet has shared a few ways to best prepare for the Coronavirus derived threat landscape and provides a solution (learn more here) to protect employees that are working from home with their personal computers, because of the coronavirus. Cynet identifies two main trends – attacks that aim to steal remote user credentials, and weaponized email attacks:

Read More

Malicious coronavirus map hides AZORult info-stealing malware

Article | March 11, 2020

Cyberattackers continue to seize on the dire need for information surrounding the novel coronavirus. In one of the latest examples, adversaries have created a weaponized coronavirus map app that infects victims with a variant of the information-stealing AZORult malware. The malicious online map, found at www.Corona-Virus-Map[.]com, appears very polished and convincing, showing an image of the world that depicts viral outbreaks with red dots of various sizes, depending on the number of infections. The map appears to offer a tally of confirmed cases, total deaths and total recoveries, by country, and cites Johns Hopkins University’s Center for Systems Science and Engineering as its supposed data source. Malwarebytes issued a warning about the map last week, and Reason Cybersecurity this week has followed up with its own blog post, reporting additional details on the scam, gathered by Reason Labs researcher Shai Alfasi.

Read More

Spotlight

SinglePoint Global

Single Point Global Inc. (SPG) is an IT services vendor focusing on the infrastructure needs agnostic of industry or size since 2007. Our core services include cloud, phones, internet and support which currently are servicing companies across 8 different countries around the world large and small. Our mission is to provide our services to every customer, at the best rate, in the most redundant way and in any location giving you one point of contact for each of these primary IT needs. Our value-add is to be the core service provider by delivering these specific offerings in an effective, dynamically growing and market leading approach.

Events