Often, in the world of information security and risk management, the question facing threat intelligence teams is amidst this sea of vulnerability disclosures, which ones matter the most to my organization? Which can impact us the most? And, how do I best explain threats to internal stakeholders in a way that helps minimize risk?

Reducing risk through proper patch management is not always simple. Not all common vulnerabilities and exposures (CVEs) are equally important. In July 2020, for example, the U.S. Department of Homeland Security released multiple top-priority advisories. One covered known exploits against certain application delivery systems (CVE-2020-5902) and another covered detected vulnerabilities in a domain name system (DNS) server (CVE-2020-1350). While both are top priorities, how do they apply to the network you use? Which threats are the most likely to impact your core business?

To better answer this, we must be able to identify relevant threats before beginning to address patching or manage risks. Enter threat identification: a necessary process that has become increasingly complicated.

Why Is Spotting Threats More Complex…

Read More…

Israel Martinez, Axon Global CEO and Forbes Technology Council member.

DHS CISA has been a powerful force positively impacting cybersecurity in the private sector

WASHINGTON (PRWEB)
October 22, 2020

NACD in the News

Forbes in the News

Axon Global Services (Axon), at the request of the Department of Homeland Security Cybersecurity & Infrastructure Agency CISCP, presented its experience on the topic, “How executive leadership teams view cyber security; risk; and how they make decisions regarding people, process, and funding.” Presenting as subject matter experts were Israel Martinez, President & CEO of Axon, and Stuart Tryon Senior Vice President of Axon and formerly the Deputy Assistant Director of the U.S. Secret Service.

The U.S. Department of Homeland Security (DHS) Cyber Information Sharing and Collaboration Program (CISCP), who hosted the session, enables actionable, relevant, and timely information exchange through trusted public-private partnerships across all…

Read More…

Last month, the Cybersecurity and Infrastructure Security Agency (CISA), which is part of the U.S. Department of Homeland Security (DHS), published two important resources that deserve special attention. While many of these CISA status reports may seem a bit like “alphabet soup” to those not familiar with the process, the importance of this National Critical Function (NCF) topic is paramount to our joint efforts to protect our nation’s critical infrastructure from numerous threats.

The “NCF: Status Update to the Critical Infrastructure Community” was released directly to stakeholders in July 2020, and the NCF Fact Sheet is new.

The release of this NCF report on progress in protecting our National Critical Functions is ground-breaking. In order to better understand the importance of this topic and dive deeper into what it means, I interviewed Thad Odderstol,…

Read More…

Cybercriminals are targeting businesses of all kinds with ransomware attacks. As these attacks become more sophisticated, carrying the potential to effect a wholesale inability to access a firm’s entire electronic infrastructure, ransom demands have increased — often reaching eight figures. Because these denial of access attacks have been so effective, making ransom payments has become mainstream in corporate America.

Private fund managers may be particularly attractive targets. Firms that are active traders could face potentially large trading losses if locked out of their systems. Firms that buy controlling stakes in companies could face ransomware attacks at both the manager and portfolio company levels.

With the recent surge in ransomware incidents, driven in part by vulnerabilities created due to the COVID-19 pandemic,[1] it is more important than ever for fund managers to take steps to safeguard their systems and data against an attack. Recent alerts from the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) and the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (“CISA”) underscore the importance of…

Read More…

Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our daily newsletters. Signing up for any of our section newsletters will opt you in to the daily Coronavirus briefing.

Law360 (June 9, 2020, 4:18 PM EDT) —

Elliot Golding

Kristin Bryan

Robust cybersecurity continues to be of paramount importance as the COVID-19 outbreak develops and cybercriminals seek to exploit a remote workforce.

The Cybersecurity and Infrastructure Security Agency at the U.S. Department of Homeland Security recently issued an alert identifying the top 10 cybersecurity vulnerabilities routinely exploited by foreign malicious actors.[1]

The U.S. Department of Health and Human Services Office for Civil Rights shared the alert so health care organizations can likewise take appropriate action to reduce the potential risk of exploitation, as entities in this field are increasingly the target of cyberattacks.

This article provides a summary of the most common vulnerabilities and…

Read More…