companies

now browsing by tag

 
 

Learning Questions Posed As Tech Companies Connect Students Through Covid | #teacher | #children | #kids | #parenting | #parenting | #kids

Technology Private technology companies are rolling out free initiatives for students as Covid-19 highlights the importance of connectivity. Laura Walters takes a look at the opportunities for tech companies and what […] View full post on National Cyber Security

School Administration Software Market 2020: Potential Growth, Challenges, and Know the Companies List Could Potentially Benefit or Loose out From the Impact of COVID-19 | Key Players: Rediker Software, ThinkWave, PowerVista RollCall, Fedena, RenWeb, etc. | #coronavirus | #kids. | #children | #schools | #parenting | #parenting | #kids

Source: National Cyber Security – Produced By Gregory Evans

School Administration Software Market 2020: Potential Growth, Challenges, and Know the Companies List Could Potentially Benefit or Loose out From the Impact of COVID-19 | Key Players: Rediker Software, ThinkWave, […]

The post School Administration Software Market 2020: Potential Growth, Challenges, and Know the Companies List Could Potentially Benefit or Loose out From the Impact of COVID-19 | Key Players: Rediker Software, ThinkWave, PowerVista RollCall, Fedena, RenWeb, etc. | #coronavirus | #kids. | #children | #schools | #parenting | #parenting | #kids appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Quantzig Explains Why Fortune 500 Companies Are Using Web Crawling to Transform Critical Business Functions

Source: National Cyber Security – Produced By Gregory Evans

LONDON–(BUSINESS WIRE)–Mar 12, 2020–

Quantzig, a global data analytics and advisory firm, that delivers actionable analytics solutions to resolve complex business problems revamps its web analytics solutions portfolio and expands its web analytics capabilities beyond web scraping and web monitoring.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20200312005266/en/

Today leading companies across industries are focusing their resources on mining different types of data to make well-informed decisions. But most are unaware of the fact that a huge trove of data is readily available on the web. A detailed analysis of these data sets can help businesses to extract actionable insights that aid decision-making.

If you are looking for ways to extract actionable insights from websites through automation, a web crawling service is the best method to go about it.Request a FREE proposalto gain comprehensive insights.

Quantzig’s web analytics solutions leverage cutting web crawling techniques technologies and revolutionary analytics methodologies that inform your marketing decisions by collecting, measuring, and visualizing customer activity on web portals. Using insights gained from web crawling, you can build, optimize, and deliver experiences that are engaging, relevant, and personalized.

According to Quantzig’s web analytics experts, “We offer real-time updates on pricing, product availability and other details of products across eCommerce websites by crawling them at custom intervals, thereby helping you make smarter, real-time decisions to stay competitive.”

Through our holistic web analytics solutions, we help businesses architect and implement an integrated data-driven approach to address the most pressing challenges faced by them. Book a FREE solution demo to learn more about our offerings.

Quantzig’s Web Crawling Solutions Cover the Following Functionalities

1. Competitor Price Monitoring

Cutting-edge yet easy to use competitor price monitoring solutions empower you to look at your competitor’s price deviations in real or near real-time.

Still unsure about how advanced web analytics can help your business? Talk to our analytics experts for comprehensive insights.

2. Data Augmentation & Enrichment

Our unique approach to web crawling enables businesses to leverage proprietary data aggregation platforms and robust deep-learning models, to analyze product data sets, enabling e-commerce executives and brand managers to detect counterfeit products.

3. Product Listing Monitoring

The product catalog is crawled using web crawling techniques to extract data that can provide insights on why a product performs the way it does. This can help businesses in better targeting the audience through personalized offerings.

[FREE Webinar Alert]: Join us to gain detailed insights on why you should factor-in cannibalization while calculating the ROI generated from your marketing campaigns. Book a seat now! https://bit.ly/2TDFAzQ

About Quantzig

Quantzig is a global analytics and advisory firm with offices in the US, UK, Canada, China, and India. For more than 15 years, we have assisted our clients across the globe with end-to-end data modeling capabilities to leverage analytics for prudent decision making. Today, our firm consists of 120+ clients, including 45 Fortune 500 companies. For more information on our engagement policies and pricing plans, visit: https://www.quantzig.com/request-for-proposal

View source version on businesswire.com:https://www.businesswire.com/news/home/20200312005266/en/

CONTACT: Press Contact

Quantzig

Anirban Choudhury

Marketing Manager

US: +1 630 538 7144

UK: +44 208 629 1455

Our Global Offices

KEYWORD:

INDUSTRY KEYWORD: TECHNOLOGY MARKETING COMMUNICATIONS DATA MANAGEMENT

SOURCE: Quantzig

Copyright Business Wire 2020.

PUB: 03/12/2020 09:55 AM/DISC: 03/12/2020 09:55 AM

http://www.businesswire.com/news/home/20200312005266/en

Source link
——————————————————————————————————

The post #deepweb | <p> Quantzig Explains Why Fortune 500 Companies Are Using Web Crawling to Transform Critical Business Functions <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | NEW TECH: CyCognito employs offensive bot network to put companies a step a head of attackers

Source: National Cyber Security – Produced By Gregory Evans

When it comes to defending their networks, most companies have had it drilled into them, by now, that it’s essential to erect layered defenses.

Related:Promise vs. pitfalls of IoT

For small- and mid-sized businesses, firewalls, antivirus suites and access management systems  represent the entry stakes for participating in today’s digital economy. Security-mature SMBs go the next step and embrace incidence response and disaster recovery planning, as well

Meanwhile, large enterprises pour tens of billions of dollars annually into next-gen firewalls, EDR, DLP and IDS technologies, each system generating a fire-hose of threat feeds, with all of this threat intel flooding, hour-by-hour, into SIEMs, UEBAs and other analytics platforms.

And yet, after a couple of decades of piling up layer upon layer of defenses, catastrophic breaches persist — they’re occurring as often as ever, and causing more harm than ever. Threat actors simply seek out the endless fresh attack vectors arising as an unintended consequence of digital transformation. In short, layered defenses have turned out to be cheesecloth.

Acknowledging this, a few cybersecurity innovators are taking a different tack. Instead of offering up more layers of defense, they’ve slipped on the shoes of the attackers and taken an offensive approach to defending IT assets. One of the most single-minded of these security vendors is startup CyCognito.

The company was launched in Tel Aviv in 2017 by a couple of former Israeli military cyber ops attack specialists, Rob Gurzeev and Dima Potekhin. Gurzeev and Potekhin set out to mirror the perspective of threat actors — and then help companies tactically leverage this attackers’ view to shore up their porous networks.

https://securityboulevard.com/

Gurzeev

“The attackers need only to find a single blind spot to gain entry – it’s like singling out the weakest zebra in the herd,” says Gurzeev, CyCognito’s CEO. “Defenders, meanwhile, have to guard everything all of the time, and most organizations have many more Internet pathways than they even know about, much less are taking steps to defend.”

Botnet turnaround

CyCognito’s employment of a bot network is what struck me most after I sat down with the team and learned in more detail what they’re up to. They’re not just borrowing a few pages from the attackers’ handbook; they’re actually utilizing the bad guys’ core tool – botnets They’ve set out to boldly redirect botnet-power towards helping, instead of exploiting, the good guys.

I first wrote about criminal botnets at USA TODAY in 2004. Botnets at the time were just emerging; they’ve since become entrenched as the engine that drives all of cybercrime. A bot is a computing nodule that strictly obeys instructions from a command and control server. A criminal botnet is a network of bots under control of an individual  attacker.

Botnets are the nimble infrastructure that enables criminals to blast out massive ransomware and denial of service attacks and also to execute intricate advanced persistent threat (APT) hacks that play out over months and go very deep. Bots traditionally have arisen from compromised, or “pwned,” computing devices. Today bots are more often spun up as virtual instances of computing devices. Bad actors are spinning up these virtual bots by the million, utilizing computing resources sold, no questions asked, by the major cloud service providers, Amazon Web Services, Microsoft Azure and Google Cloud .

By contrast, CyCognito’s 60,000 nodule-strong bot network is comprised of computing instances  distributed globally with the expressed intent to help enterprises protect themselves. Bots do what they’re told. CyCognito’s bot network actively crawls the Internet identifying and mapping all exposed IP assets, fingerprinting each asset. This is essentially identical to the ground-level crawling and probing reconnaissance tasks that criminal botnets perform every day.

Upon finding an exposed IT asset, say a web server or a gateway router, CyCognito can pinpoint the IP address, confirm what type of asset it is and check whether the asset has any open ports; it can even ferret out snippets of coding or text, such as a copyright, that indicates more granularly what specific functions the asset performs, who the asset belongs to and what other assets it communicates with.

https://securityboulevard.com/

Reich

CyCognito’s bots feed this ground-level intelligence back to an analytics platform, which makes correlations and may ask for more information. This results in an assessment of  the business context surrounding each asset. “We’re building a live picture of what’s out there, not specifically looking for problems, at that stage,” explains Raphael Reich, CyCognito’s vice president of product marketing. “We’re collecting information to build associations between assets that other solutions miss: assets in the cloud, in subsidiaries, in third-party networks.”

Shadow risks

Another thing about bots, they do what they’re told — for as long as they’re told to do it. Over the past couple of years, CyCognito’s botnet has surveilled and fingerprinted some 3.5 billion Internet-exposed IT assets, resulting in rich data sets that are fed into the company’s analytics. CyCognito has been able to map details of specific assets to thousands of organizations in much the way a criminal ring would do, which allows it to understand attackers’ easiest pathways i

Last November, the company released findings from an analysis it conducted to identify what it calls “shadow risk” – exposures that, for whatever reasons, enterprise IT and security teams are often blind to. Shadow risk creates attack vectors that are externally exposed to anyone with the skill and desire to go find them. The data reveals that a stunning percentage of organizations have a significant number of security blind spots, most often stemming from third-party and cloud interconnectivity. For instance, CyCognito’s research found:

•Organizations are unaware of as much as 75% of their attack surface.

•Some 82% of these hidden assets impact the organization’s cybersecurity posture and are managed by their cloud providers, partners or subsidiaries.

•Some 87% of organizations have critical exposures that are visible to attackers at a given point in time.

Offensive defense

These findings are not at all surprising. Quite the opposite, they ring very true. Companies never found a way to stop intruders from breaching and plundering with impunity, even when all they had to defend were on-premises IT systems. Today we’re in the throes of digital transformation. Agility, speed, and modular transactions happen on the fly and in the cloud. This sets up a much more complex security challenge than setting up trip-wire alarms around an on-prem data center.

https://securityboulevard.com/

Potekhin

“Most organizations have expanded and broadly diversified their IT resources on-premises and in the cloud, making continuous monitoring and timely mitigation extremely challenging,” observes Potekhin, CyCognito’s CTO. “The inspiration for the CyCognito platform was the realization that the explosive growth in the numbers of threat actors and the sophistication of their tools has leapfrogged the capabilities of legacy security solutions and most of today’s enterprises, even those who are highly security-aware.”

What CyCognito has set out to do is outflank attackers and one of the results is a high-definition snapshot of the threat landscape, on any given day. That’s a major step forward. I hope they are able to trigger a new era of advances in the overall field of attack surface monitoring.

Meanwhile, as you might expect, the company has also designed its botnet and analytics platform to be available for hire — to drill down on individual companies’ IT assets. This can help companies identify and address open attack vectors — before the bad guys can get to them. “We looked to create a new class of solution to beat the attackers at their own game,” Gurzeev says. “It’s heartening that from Day One on our platform, customers are finding, assessing and closing open pathways.”

I expect layered defenses will continue to have a place, moving forward. But it’s going to be fascinating to see how adding a bit of offensive punch to defending networks catches on, and how much of a difference offensive security solutions will make, overall. I’ll keep watching.

https://securityboulevard.com/

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.


(LW provides consulting services to the vendors we cover.)

*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/new-tech-cycognito-deploys-offensive-bot-network-to-put-companies-a-step-a-head-of-attackers/

Source link

The post #cybersecurity | #hackerspace |<p> NEW TECH: CyCognito employs offensive bot network to put companies a step a head of attackers <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Why Infastructure Companies Need to Protect Themselves Against Hostile Foreign Powers

Source: National Cyber Security – Produced By Gregory Evans

Cybersecurity is the set of practices, processes and systems for protecting Information Technologies (IT), which consists of computers, networks, software and stored information, from digital attack. Cybersecurity has become a preoccupation for the government, private sector, institutions and individuals. Billions are spent annually to defend governmental, corporate, and personal IT from cyber intrusion. Innovative companies have developed new ways of providing security.

A major aspect of cybersecurity is the protection of critical infrastructure. The Department of Homeland Security defines critical infrastructure as “the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety.” There are 16 critical infrastructure sectors, including energy, communications, food and agriculture, transportation, water and wastewater, nuclear power and materials, major manufacturing, and defense industries.

All these sectors are dependent on IT, not merely for communications or billing, but for the operation of major physical systems. Most of them employ IT-based supervisory control and data acquisition (SCADA) systems to monitor and operate a wide variety of hardware. For example, the energy sector is critically dependent on SCADA technology to manage the flow of power, direct the operation of production and storage facilities, and monitor the state of energy usage.

The threat to these large, complex systems, essential to not only the way we live but our very lives, is quite severe. The same IT and SCADA systems that allow for the efficient management and operation of critical infrastructure sectors also create enormous vulnerabilities that adversaries will seek out to exploit. The cyber threat to our energy sector, perhaps the most critical of all, has been growing for years. According to a report by the Idaho National Laboratory prepared for the Department of Energy: “Cybersecurity for energy delivery systems has emerged as one of the Nation’s most serious grid modernization and infrastructure protection issues.”

The dominant focus of infrastructure security is on protecting computers and networks from the introduction of malware. When it comes to critical infrastructure, hackers look for ways of entering the networks and then wend their way to the software programs that control operations. Often, the hackers will look for easy entry points, such as electronic billing systems or supply chain communications, from which they can then launch attacks against SCADA systems or other IT-based means of monitoring and directing operations within a sector.

It is becoming harder to protect entire networks from hacking. The explosive growth in the use of IT for personal and business purposes, and the move to a world where the so-called Internet of Things is ubiquitous, has resulted in a massive increase in potential entry points for hackers. Recently, it was discovered that IT-enabled baby monitors could be hacked. Moreover, hackers keep finding new network vulnerabilities and investing in ever-more sophisticated malware.

Protecting critical infrastructure is a never-ending problem. Operating systems must be constantly patched as vulnerabilities are uncovered. Computer systems and networks are routinely needing upgrades as new malware is developed. The expense of that is significant. Some experts have characterized IT security spending as a “black hole.” Any new approach that does not have to be constantly enhanced would significantly reduce future costs of cyber defense.

An alternative approach to establishing a high level of infrastructure security at an affordable cost is by focusing on operational technologies or OT. OT consists of hardware, such as valves, pumps, generators and SCADA-enabled machinery, all of which are critical to the operation of networks that deliver power, water, and oil and gas.

By focusing appropriate critical infrastructure protection on keeping OT secure, utility companies and others in critical infrastructure sectors can simplify their cybersecurity requirements and significantly reduce costs. The key is to focus on protecting IT-directed OT, rather than an entire network. This can be done by placing a device that only allows pre-defined, legitimate signals to be sent to the OT on a network. No non-specified commands could pass through a protective device. Even if a hacker could penetrate an electric utility’s network, no malware intended to cause OT malfunction could penetrate a device or machine.

Such a system, called Binary Armor, already exists. It could revolutionize the protection of OT. Essentially, it places an in-line barrier to cyber intrusion on a network in front of the OT device. The Binary Armor unit monitors all communications to a piece of OT. Only legitimate commands within the defined operating parameters of the OT can pass through. A command that would cause the OT to behave improperly, or self-destructively, could not pass, regardless of how cleverly the malware was written. This system also will prevent accidentally sending the wrong command to the OT, which is what happened in the Chernobyl disaster.

Because the system is “pre-loaded” with the legitimate commands and operating parameters for that OT, it will rarely need to be upgraded, unlike typical cybersecurity systems. Moreover, Binary Armor would allow utilities and other critical infrastructure sectors to use commercial networks, rather than proprietary ones, further reducing cybersecurity costs. Finally, it would radically increase the problem and costs for the hacker, primarily because a Binary Armor unit must be physically accessed to be reprogrammed.

Currently, a Binary Armor unit must be installed on a network. This is not difficult. The current Binary Armor unit is a 3x2x2 inch box with two Ethernet access ports and a power source. It weighs about six pounds. But in the future, the basic technologies could be embedded into OT, simplifying the cybersecurity challenge.

Strong action needs to be taken now by all critical infrastructure sectors, particularly for energy, to enhance their cybersecurity protections. Public utilities would be remiss in not testing Binary Armor to understand its applicability for their networks.

Source link

The post #hacking | Why Infastructure Companies Need to Protect Themselves Against Hostile Foreign Powers appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Top 10 Cybersecurity Companies to Watch in 2020

Source: National Cyber Security – Produced By Gregory Evans Worldwide spending on information security and risk management systems will reach $131B in 2020, increasing to $174B in 2022 approximately $50B will be dedicated to protecting the endpoint according to Gartner’s latest Information Security and Risk Management forecast. Cloud Security platform and application sales are predicted […] View full post on AmIHackerProof.com

Companies Pursue Zero Trust, but Implementers Are …

Source: National Cyber Security – Produced By Gregory Evans Almost three-quarters of enterprises plan to have a zero-trust access model by the end of the year, but nearly half of cybersecurity professionals lack the knowledge to implement the right technologies, experts say. Worried about protecting data, the likelihood of breaches, and the rise of insecure […] View full post on AmIHackerProof.com

#cybersecurity | #hackerspace | Smaller Companies Need to Step Up Their Cyber Security Efforts

Source: National Cyber Security – Produced By Gregory Evans

Whenever we hear about major cyber security attacks such as data breaches, it’s typically larger enterprises that are the victims. That makes sense, considering those events can potentially impact a lot of people and therefore are more likely to grab headlines and garner attention.

But that doesn’t mean small and mid-sized companies (SMBs) are immune to such attacks. In fact, smaller organizations are frequent targets of cyber incidents, and they generally have far fewer resources with which to defend themselves.

A recent study by the Ponemon Institute, which conducts research on a variety of security-related topics, presents a clear picture of the cyber security challenges SMBs are facing. The report, “The 2019 Global State of Cybersecurity in SMBs,” states that for the third consecutive year small and medium-sized companies reported a significant increase in targeted cyber security breaches.

For its report, Ponemon conducted an online survey of 2,391 IT and IT security practitioners worldwide in August and September 2019, and found that attacks against U.S., U.K., and European businesses are growing in both frequency and sophistication.

Nearly half of the respondents (45%) described their organization’s IT posture as ineffective, with 39% reporting that they have no incident response plan in place.

Cyber criminals are continuing to evolve their attacks with more sophisticated tactics, and companies of all sizes are in their crosshairs, noted Larry Ponemon, chairman and founder of the Ponemon Institute. The report shows that cyber attacks are a global phenomenon, as is the lack of awareness and preparedness by businesses globally, he said.

Overall, cyber attacks are increasing dramatically, the report said. About three quarters of the U.S. companies surveyed (76%) were attacked within the previous 12 months, up from 55% in a 2016 survey. Globally, 66% of respondents reported attacks in the same timeframe.

Attacks that rely on user deception are on the rise, the study said. Overall, attacks are becoming more sophisticated, with phishing (57%), compromised or stolen devices (33%), and credential theft (30%) among the most common attacks waged against SMBs globally.

Data loss is among the most common impact of cyber security events. Worldwide, 63% of businesses reported an incident involving the loss of sensitive information about customers and employees in the previous year.

SMBs around the world increasingly are adopting emerging technologies such as mobile devices and apps, the Internet of Things (IoT), and biometrics, despite having a lack of confidence in their ability to protect their sensitive information.

Nearly half of the survey respondents (48%) access more than 50% of their business-critical applications from mobile devices, yet virtually the same portion of respondents said the use of mobile devices to access critical applications diminishes their organization’s security posture.

Furthermore, a large majority of respondents (80%) think it is likely that a security incident related to unsecured IoT devices could be catastrophic. Still, only 21% monitor the risk of IoT devices in the workplace.

The report also suggests that biometrics might finally be moving toward the mainstream. Three quarters of SMBs currently use biometrics to identify and authenticate users or have plans to do so soon.

Small and mid-sized companies can take several steps to bolster their cyber security programs. One is to educate users and managers throughout the organization about the importance of strong security and taking measures to keep data safe.

Because so many attacks begin with employees opening suspicious email attachments or clicking on links that lead to malware infestations or phishing, training users to identify these threats is vital. Companies can leverage a number of free training resources online to help spread the word about good security hygiene.

Smaller companies, particularly those will limited internal cyber security skills, can also consider hiring a managed security services provider (MSSP) to help build up a security program. Many of these firms are knowledgeable about in the latest threats, vulnerabilities, and tools, and can help SMBs quickly get up to speed from security standpoint.

And companies can deploy products and services that are specifically aimed at securing small businesses. Such tools provide protection for common IT environments such as Windows, macOS, Android, and iOS devices. They are designed to protects businesses against ransomware and other new and existing cyber threats, and prevent data breaches that can put personal and financial data at risk.

Some of these offerings can be installed in a matter of minutes with no cyber security or IT skills required, which is ideal for smaller companies with limited resources and a need to deploy stronger defenses quickly.

Source link

The post #cybersecurity | #hackerspace |<p> Smaller Companies Need to Step Up Their Cyber Security Efforts <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | hacker | APT40 hackers linked to 13 alleged front companies in Hainan, China

Source: National Cyber Security – Produced By Gregory Evans The mysterious research group Intrusion Truth has unleashed a new series of reports claiming that 13 businesses based in the southern island province of Hainan, China are collectively a front for reputed Chinese state-sponsored hacking group APT40. The alleged front companies all purport to be science and […] View full post on AmIHackerProof.com

#cybersecurity | #hackerspace | Do Midsized Companies Need a CISO?

Source: National Cyber Security – Produced By Gregory Evans

Chief information security officer, or CISO for short—it’s a very popular title lately, being added to C-suites at companies of all sizes. It seems corporate boards feel a company isn’t considered serious if it doesn’t have a CISO or similarly titled executive in board meetings. And due to their popularity, they are not cheap positions to fill. According to Salary.com, the average base salary for a CISO runs $168,000 to $287,000 per year. And yet, a survey by Bitglass showed that 38% of the Fortune 500 did not have a named CISO.  

Company size alone may not indicate when it’s appropriate to add a CISO to your executive team. Other factors come into play, including regulatory requirements, industry, geography and whether there’s a focus on information security as a corporate priority. 

Do You Need a CISO?

The most important factor as to whether a company has a CISO seems to be how regulated their industry is. In fact, many compliance regulations require having a named officer in charge of security, privacy or related matters. The FDIC and OCC, major regulators of the finance sector, both highly recommend in their guidance documents having an owner at the executive level for security functions. The GDPR (the sweeping EU privacy regulation) and CCPA (a similar law covering California residents) require officers managing the privacy of their customer’s data. Health care, gaming, legal, transportation, energy and many sectors of manufacturing also require various levels of executive involvement in information security.  

When a company is highly regulated, the size really doesn’t matter. Even the smallest community bank will generally have an information security officer, though sometimes these roles have a dual responsibility. Even if your industry regulations don’t specifically require a CISO position, you may want a CISO just to coordinate the large amount of security and compliance reporting at the management and board level. However, in compliance-focused industries, it is not generally recommended that CISOs report up through IT or operational lines. You don’t want the person checking the security of your corporate infrastructure to be the same person building that infrastructure.

Does Your Industry Need a CISO?

The industry also takes a larger role than size when it comes to needing a CISO. Certain industries seem to be more security-focused than others, which might be due to the regulatory concerns listed above, the value of trade secrets and IP, public safety or other considerations. For example, the transportation industry has the highest rate of CISO positions overall. This seems obvious when you consider we don’t want hackers inside our self-driving cars or accessing airliner flight systems. Technology companies also seem to have a higher number of CISOs, especially in the security sector, since their work is more likely to have digital and online outputs. The same study by Bitglass found the hospitality industry has the lowest level of security officer positions. And, possibly not unrelated, that industry has been the target of a number of high-profile, large breaches, with both the Hilton and Marriott chains suffering multi-million record breaches in the last few years. 

Does Location Matter?

Geography also has a bit to do with whether a company has a CISO. Midsized companies in the European Union are more likely to have appointed a security officer due to the GDPR regulation, which affects every size of a company in the EU. Companies located in the United States and other first-world countries also have a higher rate of CISO penetration of the C-suite compared to those in less developed countries. Hackers are generally after the richer, more established companies, and where more of a premium is placed on information security. 

Should Your Company Invest in a CISO?

Forward-thinking board of directors, even at midsized companies, are adding CISOs. This isn’t always just because of regulations or significant IP to protect, but because threats to company security are being seen as existential threats more than ever before. The near-total reliance on the internet and IT services at most companies means that having secure and available information services is as essential as having functional sales, marketing and accurate financial reporting. Indeed, with the increasing use of external SaaS services for those functions, the security and availability of those services must be there for the other departments to do their jobs properly.  

So there are many reasons that a midsized company may decide to add a CISO to its management team. Above the smallest companies, it seems that size does not have as much to do with it as the company’s industry, the amount of compliance and regulation it faces, location and an increasing belief among boards and top company leaders that information security and privacy is a core business function worthy of C-level responsibility and management.

Source link

The post #cybersecurity | #hackerspace |<p> Do Midsized Companies Need a CISO? <p> appeared first on National Cyber Security.

View full post on National Cyber Security