New data from Microsoft shows how the pandemic is accelerating the digital transformation of cyber-security

 The importance of cybersecurity in facilitating productive remote work was a significant catalyst for the two years-worth of digital transformation we observed in the first two months of the COVID-19 pandemic. In this era of ubiquitous computing, security solutions don’t just sniff out threats, they serve as control planes for improving productivity and collaboration by giving end-users easier access to more corporate resources. Microsoft recently concluded a survey of nearly 800 business leaders of companies of more than 500 employees in India (IN), Germany (DE), the United Kingdom (UK) and the United States (US) to better understand their views of the pandemic threat landscape, implications for budgets and staffing, and how they feel the pandemic could reshape the cyber-security long-term.

Among the key insights are data showing that an alarming number of businesses are still impacted by phishing scams, security budgets, and hiring increased in response to COVID-19, and cloud-based technologies and architectures like Zero Trust are significant areas of investment moving forward.

Improving Productivity & Mitigating Threats

Security and IT teams have been working overtime to meet business goals while simultaneously staying ahead of new threats and scams. “Providing secure remote access to resources, apps, and data” is the #1 challenge reported by security leaders. For many businesses, the limits of the trust model they had been using, which leaned heavily on company-managed devices, physical access to buildings, and limited remote access to select line-of-business apps, got exposed early on in the pandemic. This paradigm shift has been most acute in the limitations of basic username/password authentication. As a result, when asked to identify the top security investment made during the pandemic the top response was Multi-factor authentication (MFA).

BlueScope Steel enhances cyber security after mid-May attack

 As it shifts focus on its year-old 'Avenir' digital transformation.

BlueScope Steel says it is making “good progress” on cyber security “enhancements” following a ransomware attack in mid-May.

Chief financial officer Tania Archibald told BlueScope’s FY20 results briefing that the attack, which was first reported by iTnews, had been mitigated without “material” impact on its operations and sales.

“Many of you will be aware that in May we experienced a cyber incident which saw unauthorised parties access our network,” Archibald said.

“As a result of our ability to quickly detect and respond to the incident, we experienced no material impact on our operations and sales. 

Cyber skills in traditional security management careers

When I speak with candidates who are either leaving government roles or actively looking for a new role, I am often asked what programs or courses related to cybersecurity they could take to improve their marketability. A one-size-fits-all answer is a challenge because the operational knowledge needed by someone charged with cybersecurity is similarly broad and complex as the various accountabilities of non-technology security risk roles.

The concept of convergence of both roles whereby a single point of accountability leads the strategy and governance for all security risk initiatives can be an effective approach. While the idea has been out there for quite a while, it is still not widely utilized. There are, however, numerous examples of interdependencies that indicate a need to understand the points of vulnerabilities to best provide a cohesive, coordinated effort to limit and/or mitigate security related risks.

Candidates should gain an understanding of all elements that make up the role of a cybersecurity program leader. If they are considering a career development strategy, they can then decide the path they feel is the best personal fit. There are numerous programs and certifications available that range from an executive overview of cybersecurity to those in which you achieve deep technical competencies.

Cybersecurity functional domains can be broadly categorized in eight areas:

1. Emerging Technologies and Market Trends
2. Identity and Access Management
3. Incident and Crisis Management
4. Information and Privacy Protection
5. Risk and Compliance Management
6. Security Architecture
7. Organizational Resiliency Programs & Assessments
8. Threat, Intelligence and Vulnerability Management

There are numerous subsets, programs and processes that a CISO has responsibility to develop and execute. Current “Mind Map” models reflect those key topic areas of cybersecurity involvement as:

Business Enablement

• Mergers/Acquisitions
• Cloud Computing
• Mobile Technology

CyberSmart raises £5.5million to fund growth following increased demand for cybersecurity

Demand from SMBs for Cyber Essentials Certification drives growth to 300% per annum

LONDON 13th July 2020:  CyberSmart has raised £5.5 million in a heavily oversubscribed Series A funding round led by VC firm IQ Capital and respected cyber security and tech entrepreneur investors. The funding will be used to fund the growth of the company, which enables small to medium-sized businesses (SMBs) to combat the constant threat of cyber-attacks and increasing regulation in an ever-evolving technological landscape and increasingly connected digital operating space.

CyberSmart has seen a massive increase in demand from SMBs to protect their businesses, with a revenue increase of 300% over the last twelve months. The lockdown period has accelerated the uptake of their cloud-based technology, which is fully automated and can be implemented with the click of a mouse, without a time-consuming visit to a customer’s site.

Shares in cyber security group soar as digital attacks hit Japan

Shares in a Japanese tech start-up, whose chief executive correctly bet that Covid-19 would unleash a surge of cyber attacks and entrench a corporate prejudice against unlisted companies, have surged more than 670 per cent after pressing ahead with its listing at the height of the mid-March market turmoil.

The explosive rise in the shares of Cyber Security Cloud has given a company with 45 employees a market capitalisation of around $800m. It listed on the Tokyo Stock Exchange’s Mothers board on March 26, days after the benchmark Nikkei 225 Index had racked up losses of 20 per cent.

Cybersecurity the responsibility of agencies, not us, AGD and ASD say

During a hearing held by the Joint Committee on Public Accounts and Audit last month into the cybersecurity resilience of Commonwealth entities, the federal opposition poked holes in current reporting requirements and highlighted a lack of accountability for when Commonwealth entities come up short.

The Australian National Audit Office (ANAO) faced the firing line, with the committee asking why the Protective Security Policy Framework (PSPF) has not been made mandatory for all Commonwealth entities, and why, given they're called the Essential Eight, only the Top Four is looked at.

CYBER SECURITY ATTACKS

“Postal and parcel service providers and leading e-commerce companies handle an increasing amount of operational data and process millions of transactions every day.

Maximum availability of sorter capacity, optimal transportation and increase of customer satisfaction via apps on smartphones where customers can track and redirect parcels in near real time are some of the challenges the CEP market is facing.