Here’s a look at some of the most interesting news, articles and interviews from the past week:

Released: MITER ATT & CK v10
MITER Corporation has released the tenth version of ATT & CK, its globally accessible (and free!) Knowledge base on cyber adversary tactics and techniques based on real world observations.

Microsoft launches privacy management for Microsoft 365
Microsoft has made available Privacy Management for Microsoft 365, a new AI-powered solution to help businesses manage data privacy risks and create a privacy-resilient workplace, as well as automate responding to large-scale requests for rights from subjects.

The importance of crisis management in the age of ransomware
Cyber ​​security crises are becoming commonplace. With the massive increase in ransomware attacks over the past few years, businesses cannot afford to ignore the growing possibility of dealing with them and should invest money and effort in crisis management.

Remote access security policy under surveillance while hybrid / remote work persists
A report from Menlo Security highlights growing concerns about securing users as the trend towards hybrid and remote work is expected to continue.

How do I select a GRC solution for my business?
To select a GRC solution that is right for your business, you need to consider a number of factors. We spoke to several industry professionals to get their perspective on the subject.

Cyber ​​risk trends driving the rise in ransomware incidents
During the COVID-19 crisis, another epidemic took place in cyberspace: a digital pandemic caused by ransomware. In a recent report, Allianz Global Corporate & Specialty (AGCS) analyzes the latest developments in ransomware risk and describes how businesses can strengthen their defenses through good cyber hygiene and IT security practices.

Analyze and implement a national zero trust architecture
The zero-trust security model has been around for over a decade, but has only recently been widely adopted. But as today’s perimeter-based cybersecurity solutions continue to fail and produce reports of high-profile data breaches and ransomware attacks, zero-trust security continues to gain traction.

BEC attacks: the latest tips from crooks
BEC attacks are typically low volume, but according to a recent GreatHorn survey, 71% of organizations have experienced at least one in the past year. The latest research from Trend Micro has revealed that crooks have stepped up their efforts and some have shifted to identity theft and targeting ordinary employees rather than executives or senior executives.

The WFH is here to stay: five tactics to improve the safety of remote teams
There are many safety issues associated with working from home. Companies considering remote working as a long-term strategy should take the time to re-evaluate any ‘fallback’ security solutions that may have been applied at the start of the pandemic and look for ways to prioritize the issue. permanent security.

Multi-factor authentication skyrockets as companies ditch passwords to secure hybrid workers
Businesses are taking steps to move away from passwords and adopt low-friction authentication methods to protect the hybrid workforce, a Cisco Duo Security report reveals.

SASE emerges as the periphery becomes a focal point of the company
By transforming WAN and security architectures with SASE, organizations can ensure direct and secure access to applications and services in multi-cloud environments, regardless of the location or devices used to access them.

Secure your databases against opportunistic attackers
If you connect databases / servers to the internet and secure them poorly, you can rely on them to get compromised quickly.

Compliance is not synonymous with safety
With most CISOs’ careers rooted in security, it’s time for regulators to trust experts to achieve expected results of compliance, while protecting the organization’s brand and reputation in a way. that enables business.

Organizations lack basic cybersecurity practices to tackle the growing wave of ransomware
Organizations are not equipped to defend against ransomware due to weaknesses in implementing and maintaining core cybersecurity practices, including management of privileged administrator credentials and visibility of risks associated with supply chain, reveals an Axio research report.

Why virtual offices make sense for a virtual workforce
How to enable the workforce to be productive and secure is a major concern, as new employees may not be familiar with best practices in secure computing and remote working, or that Long-time employees may be working with remote devices that don’t meet required security standards or using devices that they haven’t updated recently.

Increased activity around stolen data on the dark web
Dark web activity, the value of stolen data and the behavior of cybercriminals have changed dramatically in recent years, according to a Bitglass study.

Five game-changing factors for businesses facing ransomware attacks
Here are five ways that cloud file storage systems provide IT teams with a way to avoid disruption caused by ransomware attacks.

What are the post-pandemic security concerns for IT professionals?
COVID-19 has had a huge impact on businesses across all industries, and while the urgent need to adapt in early 2020 may have been replaced by greater stability, residual effects remain. In fact, the IT policies implemented to deal with the impact of the pandemic are among the main macroeconomic trends that are currently influencing the IT risk of the company.

Smartphone counter-espionage for travelers
If you are traveling to a foreign country, especially a country hostile to your home country or known to engage in economic espionage, you should assume that your smartphone will be compromised at some point. The key is to limit both the data available for espionage and any signals that may trigger heightened surveillance.

Fraud never sleeps: why biometrics are essential for effective fraud prevention
When the pandemic forced organizations to send customer service agents to work from home, scammers quickly seized the new opportunity presented by lone employees. Social engineering and bribery attempts have increased rapidly, with fraudsters targeting agents without the usual support of their colleagues and managers.

Embrace Secure Hybrid Work with Four Fundamental IT Controls
As organizations formalize work strategies from anywhere, it has become painfully obvious that many age-old security schemes no longer work effectively. With employees moving more and more from the office to their home and everywhere in between, asset tags, badges, perimeter firewalls and network segmentation are not doing enough to protect the workforce. decentralized work.

CDR: The secret cybersecurity ingredient used by defense and intelligence agencies
More commercial companies should turn to the defense and intelligence community for advice on improving the security posture. It’s not that they have the latest or the most sophisticated products; government agencies are focused on identifying the main vectors of risk, such as those created by endemic hazards in files shared every day.

The CISO’s Guide to Evaluating Third-Party Security Platforms
A comprehensive third-party security program can align your vendor’s security with your internal security controls and your risk appetite. Such a program can also help you address risks if your suppliers are not up to par. And the right third-party security management platform can be a smart way to jumpstart your program or automate the one you already have in place.

Mobile Application Security Guide, from Development to Operation
Mobile applications are exposed to two types of risks. They may have hidden behaviors (data exfiltration, malware, etc.) that often accompany the integration of third-party libraries, or they may have flaws that make them vulnerable to external threats. In any case, ensuring the security of the mobile applications that you develop, distribute or use is now a crucial step.

New infosec products of the week: October 22, 2021
Here’s a look at some of the more interesting product releases from the past week, with releases from SecLytics, SecurID, Splunk, ThreatConnect, and ZeroFox.