November 2021 Roundup – Latest News, Trends & Updates in Data Centric Security
45% of companies do not employ a CISO
Nearly half (45%) of companies do not employ a Chief Information Security Officer (CISO) as part of their security strategy. Of this group, 58% of security, IT and compliance professionals think their company should hire a CISO.
Only 40% of respondents stated their cybersecurity strategy was developed by a CISO or member of the security team, with 60% relying on other parts of their organization, including IT, executive leadership and compliance.
Data security has never been more important. Many high-profile companies suffering major data breaches costing millions and more importantly losing the trust of their customers has forced companies to rethink their data security strategies.
The introduction of new cybersecurity laws has also forced companies across the globe to get serious about how they collect, store, and use the personal information of their customers. As a result, a growing number of companies have started actively hiring a dedicated CISO to help them handle their data security and mitigate the threat of data leaks and breaches that can cost their company dearly.
A CISO who once focussed on purely technical aspects of security has to now be the more proactive and business-focused approach to security. He is also responsible for establishing and maintaining the enterprise vision and strategy of an organization. He drives the organization to reduce IT risks and ensures that people, processes, and technology are rightly used. As threat actors get smarter and cyberattacks become more sophisticated, the need for a CISO to protect your data and the security of the company is far too valuable to be left at risk.
Are your critical IT assets safe from cyberattacks?
Telos unveiled findings from a research conducted by Vanson Bourne that explores how organizations approach network and critical IT asset protection. The study, which polled 250 information technology, IT security, legal and risk/fraud/compliance professionals, revealed that 99 percent of organizations believe an attack on their critical IT assets would have repercussions not just for their organizations, but for society at large.
Perhaps more concerning, 83 percent of respondents reported having experienced a successful cyber attack in the past two years, with half indicating the attackers managed to reach their critical IT assets.
Critical assets are an organization’s lifeblood. They are essential to maintaining operations and achieving the organization’s stated mission. Organizations should identify their crown jewels and design an appropriate security strategy that minimizes the risks associated with the potential breach of these critical assets.
Firstly, organizations must be aware of what data is being collected, stored, and used by the organization. This will give a fair idea of what data is important and needs to be protected. Secondly, they must assess the probable threats, keeping in mind even the internal threats that they could face. Lastly, they should plan and implement necessary data security measures that will protect the critical assets.
SECUDE with more than two decades of expertise in the data security field would be your right choice to protect your critical assets. To know more about how we can help you identify and protect your critical assets please send us an email at
Ransomware Actors Use Financial Events to Select Targets
As companies consider mergers and acquisitions, risk management and security professionals perform their due diligence into assets, valuations, and vulnerabilities. Ransomware actors are doing the same.
According to a new Private Industry Notification (PIN) from the FBI, ransomware actors are likely using significant financial events like mergers or acquisitions to target and leverage victim companies for ransomware infections—threatening to disclose non public financial information that could trigger investor backlash if victims do not pay up promptly.
A ransomware attack involves a threat actor deploying malware that seizes data on an organization’s IT network, making it inaccessible to them until a ransom is paid. The attackers also steal sensitive information forcing the organization to engage in negotiations else the information is leaked.
Ransomware has become a much greater threat these days for organizations while proving to be profitable for attackers. The sensitive data sought by these attackers is housed in strategic business applications, such as ERP and HR systems. This highlights the need for established access controls and rulesets for how users are designed, provisioned, and continually enforced.
Multi-factor authentication, least privilege access, data encryption are some of the ways that would help to limit access to information. With more than two decades of expertise, SECUDE can help protect your sensitive data wherever it resides. To know more, write to us at
CyberArk Research: Lack of visibility into user activity to put organizations at risk
Research conducted by CyberArk reveals that organizations continue to operate with limited visibility into user activity and sessions associated with web applications, despite the ever-present risk of insider threats and credential theft. While the adoption of web applications has brought flexibility and increased productivity, organizations often lag in implementing the security controls necessary to mitigate risk of human error or malicious intent.
The global survey of 900 enterprise security leaders found that 80 percent of organizations experienced employees misusing or abusing access to business applications in the past year. This comes as 48 percent of organizations surveyed said they have limited ability to view user logs and audit user activity, leaving a blind spot for catching potentially risky behavior in user sessions.
Following a recent spike in cyberattacks, the need for improved security has increased. The growing number of IoT has fundamentally shifted the threat landscape. With anything being connected to the internet, and many of these devices having poor security has compounded the security challenge.
The question is how well is an organization prepared to face an attack? The lack of visibility especially insiders have put organizations in a fix. Current employees, former employees, contractors, business partners, are all insiders with the right level of access to an organization’s systems and data. Insider attacks are costly for organizations.
It is important to distinguish between a user’s regular activity and potentially malicious activity to detect insider threats. Privilege access management, monitoring user activity, authentication will help to monitor user activity and risks across the enterprise.
Report: Zero-trust architecture is expected to increase cybersecurity efficacy by 144%
As 2022 quickly approaches, Symmetry Systems and Osterman Research have released a report detailing how organizations plan to deploy zero-trust architecture, with 53% of respondents citing high-profile ransomware attacks as their primary motivator.
Incorporating zero-trust principles into modern data security ensures no one point of failure when systems are breached. Zero-trust principles can ensure that even if attackers know the database location/IP, username, and password, they cannot use that information to access privileged information given to specific application roles, identity and access management (IAM), and cloud-network perimeters.
When ransomware is rampant and data breaches are common, Zero Trust seems to be an apt response to the growing threat landscape. Zero trust helps to minimize the lateral movement of attackers through the principle of “Never trust, always verify”.
Zero Trust shifts from a reactive perimeter-based approach to a more proactive data-centric approach. Though Zero Trust isn’t a silver bullet for ransomware, yet if implemented properly, it can help create a much robust security defense against ransomware attacks.
As companies begin to realize that revenues and reputation are at stake during a data breach, an investment in Zero Trust architecture far outweighs the implementation challenges. Once you implement a Zero Trust strategy it will limit ransomware attacks.