Due to the nature of their business, law firms possess a tremendous volume of valuable documents and data, which are extremely attractive to hackers of a variety of motivations. Successful cyber-attacks can cause a severe negative impact to a law firm’s operations and catastrophic damage to a law firm’s reputation.

According to the recently published 2020 ABA Legal Technology Survey Report, the number of law firms experiencing a known security breach increased to 29 per cent in 2020. The survey notes that “despite the ethical issues and pending challenges, the use of certain security tools remains at less than half of respondents,” and only 36 per cent of the respondents have committed to cyber insurance policies.

This paper seeks to help all organisations and institutions, not just law firms, better understand the threats they face and why they should work toward better cyber hygiene, and a more proactive incident and threat management strategy. First, I review why law firms are attractive cyber targets and how compromising these firms is a high priority to threat actors. I will define the concept of “cyber hygiene” and show why it is critical to maintaining IT…

Read More…

It’s that time of the year, when anywhere you go (I mean on the internet, of course), there are wishlists galore. The toys wishlist, the kitchen wishlist, the tech gadgets wishlist, the list (no pun intended) is endless. But what do security leaders and CISOs want? What would be on their cybersecurity wishlist? We polled an amazing group of CISOs and CIOs and posed this question to them.

Interestingly, a similar question was also recently posed by CISO Extraordinaire, Daniel Hooper on LinkedIn. He asked, “CISO friends, what’s the one thing you wish you had in your program?” and the replies he got ranged from the practical, to the esoteric, to really funny, but all were very telling.

Here are the top 3 wishes taken from what we heard from the CISOs we spoke with directly, combined with the comments from this LinkedIn thread:

1. Depend less on gut feelings and become more data-driven

Security leaders are frustrated with their inability to accurately measure and understand their attack surface. As a result, their cybersecurity programs are based on incomplete data. They worry about unseen cyber-risks and vulnerabilities and struggle with how…

Read More…

Cybersecurity is becoming increasingly crucial for businesses in every sector, and it is especially vital for small- to medium-sized organizations. Cyberattacks continue to become a major problem in the United States and the rest of the globe, often times resulting in customer information being stolen.

Because of this increased risk, cybersecurity certifications are an important tool to prepare against the attacks. The high demand for cybersecurity skills means a top cybersecurity certification will boost one’s resumé.

With so many cybersecurity certifications to choose from, let’s take a look at the top ones on the market:

The Certified Ethical Hacker (CEH) course was developed in order to get you thinking like a hacker, which is crucial to stop one.

The class covers various topics and tools such as hacking technologies that are used against cloud computing technology, mobile platforms and operating systems. It also covers the latest malware and viruses, as well as information security laws and standards.

One of the fundamental aspects of the course is real-time scenarios, where you are exposed to various ways in which hackers breach networks and steal information. You will…

Read More…

Organisations are still underestimating the risks created by insufficiently secured operational technology (OT).

One current example comes from Germany. According to a report by heise.de, external security testers consider it “likely” that a successful serious cyberattack against the publicly owned water company Berliner Wasserbetriebe could lead to a complete failure of the German capital’s waste water management.

The good news, at least for Germany, is that a combination of engineering standards and legal requirements often prevents many worst-case scenarios from happening. One such regulation requires that utility companies must be able to control their grids manually, if necessary. This is not the case in all European countries. If the legally required basic IT protections are in place, and two-factor authentication and other best practices are used, many potentially damaging incidents can be prevented or at least contained. Germany has a number of guidelines and standards that aim to minimise cybersecurity risks, including a law on basic IT security, ISO 27001, IEC62443 standards and a compendium published by the BSI, Germany’s equivalent to the UK’s National…

Read More…

HackerOne announced that it is making its debut in AWS Marketplace. Amazon Web Services (AWS) customers can now find and purchase services from HackerOne in AWS Marketplace, a curated digital catalog of software, data, and services that run on AWS.

HackerOne is one of the first comprehensive security solutions providers to quote and contract services in AWS Marketplace.

Cloud-native organizations and those migrating to the cloud need robust security solutions to ensure their cloud development reduces security risk and identify and remediate new security vulnerabilities before they can be exploited.

When operating in the cloud, organizations face new cyber risks, and they need a way to know where these holes are to fix them quickly. HackerOne programs are designed to aid vulnerability discovery and management on AWS.

AWS customers can rely on HackerOne solutions and services to discover security risks, vulnerabilities, and misconfigurations faster and remediate priority issues with the right skills and the right team. With services from HackerOne available in AWS Marketplace, customers have a simplified way to purchase software and related services in a centralized…

Read More…

Following our “Top 10 Cybersecurity Tips for Small Businesses,” it’s necessary to look at the top cyber security companies, which are crucial for helping businesses avoid cyber-attacks. Cyber security is all-encompassing, covering various methods of protection for software, data, networks, devices, and more. The focus of cyber-attacks is often to target and collect unauthorized data, which is then used for a variety of different things, including ransom and to obtain financial and personal details.

Cyber-attacks can include fraudulent emails, social engineering, malware, ransomware, and other tools. This is why it is vital, especially for smaller-sized organizations, to seek out cybersecurity companies to help them protect this data and their systems, as any breach could be devastating for the business. Besides crucial business data, cybersecurity also prevents sites from going down, protects customer interactions and data, improves productivity, and boosts customer confidence.

Here is a look at the top 10 cyber security companies:

1. Webroot

Webroot, an OpenText company, was the first to harness the cloud and use AI to stop zero-day threats in real time. Webroot secures…

Read More…

Integration standardizes asset creation and matching for optimal data quality to identify and address vulnerable assets

COLUMBIA, Md., Dec. 01, 2020 (GLOBE NEWSWIRE) — Tenable®, Inc., the Cyber Exposure company, today announced its support of the ServiceNow Now Platform Paris release, through the Tenable Apps 3.0 integration with Vulnerability Response (VR) and ITSM workflows. The integration streamlines assessment and remediation workflows in risk-based vulnerability management programs, saving customers valuable time and resources in identifying, prioritizing and remediating high-risk vulnerabilities.

Tenable and ServiceNow predictive technologies enable IT and security teams to effectively identify and remediate security issues based on vulnerability and asset criticality. Customers can leverage Tenable’s Vulnerability Priority Ratings (VPR) directly within the ServiceNow Vulnerability Response application to view, sort and filter the remediation priority of each flaw based on the risk it poses to the business. Tenable Lumin customers can combine this with the Asset Criticality Rating (ACR) to understand the business criticality of the impacted asset. Once…

Read More…

• Cybersecurity, privacy and security startups have raised $10.7 billion so far this year, five times more than was raised throughout 2010 ($1.7 billion), according to a Crunchbase Pro query today.
• 22,156 startups who either compete in or rely on cybersecurity, security and privacy technologies and solutions as a core part of their business models today, 1.450 of which have received pre-seed or seed funding in the last twelve months based on a Crunchbase Pro query
• From network and data security to I.T. governance, risk measurement and policy compliance, cybersecurity is a growing industry estimated to be worth over $300B by 2025, according to C.B. Insight’s Emerging Trends Cybersecurity Report.

Today, 797 cybersecurity, privacy and security startups have received a total of $10.73 billion so far this year, with $4.6 million being the median funding round and $17.5 million the average funding round for a startup. The number of startups receiving funding this year, funding amounts and the methodology to find the top 25 cybersecurity startups are all based on Crunchbase Pro analysis done today.  

New startups and established vendors are…

Read More…

Here’s an overview of some of last week’s most interesting news and articles:

Challenges organizations face in combating third-party cyber risk
A CyberGRX report reveals trends and challenges organizations of all sizes face in combating third-party cyber risk today. Each insight was gleaned from proprietary assessment data gathered from a sample of 4,000 third parties.

cPanel 2FA bypass vulnerability can be exploited through brute force
A two-factor authentication (2FA) bypass vulnerability affecting the popular cPanel & WHM software suite may allow attackers to access secured accounts, Digital Defense researchers have found.

Automation to shape cybersecurity activities in 2021
Automation will play a major role in shaping cybersecurity attack and defence activities in 2021, WatchGuard predicts.

How the pandemic has accelerated existing risk trends
COVID-19 has reorganized the risk landscape for chief audit executives (CAEs), as CAEs have listed IT governance as the top risk for 2021, according to Gartner. Analysts said the pandemic is giving rise to new sets of risks while exacerbating long-standing vulnerabilities.

VMware releases workarounds for another critical flaw…

Read More…

Digital Journal: Since the COVID-19 Pandemic began and teams have become more dispersed, cybersecurity and privacy has become a priority for many businesses. But what steps should they be taking to protect ourselves?

Shitesh Sachan: At the outset of the global COVID-19 pandemic, many organisations decided to enforce social distancing by encouraging their employees to work from home. This decision created new security challenges for many organizations, who now had larger remote workforces. As people have started to work remotely, businesses are, quite rightly, concerned about their data privacy. Social engineering attacks and ransomware attacks have become 4 times more common during lockdown. Most of those attacks are a result of a lack of cybersecurity awareness and in-competent or incomplete security policies. There are five key steps all businesses should take to protect themselves. These…

Read More…