Prior to the pandemic, financial institutions spent an average $2,700 on cybersecurity per full-time employee, up from $2,300 the previous year ), with COVID-19 now driving the need for companies to doubledown on cybersecurity going forward, according to a study from Deloitte’s cyber risk ad strategic risk services group in conjunction with the Financial Services Information Sharing and Analysis Center (FS-ISAC).

The allocation represents more than a tenth of organizations’ IT budgets, increasing slightly to 10.9 percent, up from 10.1 percent, according to data that was collected from 53 institutions late last year through January.

The third annual report from Deloitte and FS-ISAC also found that more than half of the spending went collectively to cyber monitoring and operations, endpoint and network security, and identity and access management.

COVID-19 has resulted in vast challenges for the financial sector’s cybersecurity challenges, the study noted.

“Looking ahead, given the tough macroeconomic conditions arising from the COVID-19 pandemic, many companies will likely be taking a hard look at whether they need to cut expenses across the board,”…

Read More…

Global consulting firm Protiviti releases Microsoft 365 & Microsoft Azure solutions to help organizations manage cyber risk & meet security requirements.

Read More…

Read More…

Australian Cyber Security Centre

On 27 July 2020, following the closure of the Cloud Services Certification Program (CSCP) and the associated Certified Cloud Services List (CCSL), the Australian Cyber Security Centre (ACSC) and the Digital Transformation Agency (DTA) released new Cloud Security Guidance co-designed with industry to support the secure adoption of cloud services across government and industry.

The Cloud Security Guidance will guide organisations including government, Cloud Service Providers (CSP), and Information Security Registered Assessors Program (IRAP) assessors on how to perform a comprehensive assessment of a cloud service provider and its cloud services, so a risk-informed decision can be made about its suitability to handle an organisation’s data.

Commonwealth entities will continue to self-assess their cloud solutions in accordance with the Guidance. They will also continue to be responsible for their own assurance and risk management activities. Information Security Registered Assessors Program (IRAP) will continue to support government in maintaining their assurance and risk management activities.

A Ministerial statement on the new guidance can be found…

Read More…

• To further customer and business partner commitment with ISO Information Security Management System

 ISO 27001:2013 is one of the most popular information security standards in the world. Today, all over the world more and more companies are achieving ISO 27001 certification to highlight the robustness of their information security management. Compliance with ISO 27001 was previously about having a competitive edge, but now ISO 27001 certification has become the norm for best-practice information security. 

With the rise of information security breaches currently, organisations increasingly have to show they can be trusted for information security and privacy management. Thus, having ISO 27001 demonstrates that an organisation has identified the risks, and put in place preventative measures to protect the organisation from information security breaches. 

Keeping this in mind and their stakeholders who are increasingly interested in how their valuable information is handled and protected, Just In Time Group (JIT) took the initiative of obtaining the ISO certification. The risks…

Read More…

As the restoration of normal working life begins post-pandemic, cybersecurity teams have a new trial ahead: ensuring that employees return to work securely, without triggering a security incident. Even though cybersecurity professionals have spent the past two months trying to secure the new borderless enterprise, no organization is immune from the threats of another shift in the network.  

Unlike the rushed, unexpected manner in which many organizations sent their employees home, the return to the office is something that can be planned and prepared for in a more organized and orderly fashion. Cybersecurity teams must not miss this window – they need to act now to ensure the necessary processes and tools are in place before employees head back to their workplace.

Steps to ensure a safe return to work

To reduce risk and facilitate a quick return to normal operations, cybersecurity teams need to consider what threats employees may bring back with them to the office environment. Once these are identified, cybersecurity teams must take proactive steps to mitigate these risks. Below, are three key factors to consider as organizations prepare to return to work.

Patching:…

Read More…

Присоеденяйтесь к официальной группе ИСАР в Facebook