George V. Hulme

As I discussed in Decentralized IT Clouds the Security Team’s Ability to Spot Risks, 74% of IT decision-makers in the U.S. and Canada reported that their organization has successfully decentralized its IT structure. With more business-technology decisions being made outside the IT department than ever, will security teams lose their ... Read More

The Cybersecurity and Infrastructure Security Agency (CISA) this week issued Binding Operational Directive (BOD) 23-01 to improve vulnerability detection and identify weaknesses in federal civilian agencies’ systems and networks. Dubbed “Improving Asset Visibility and Vulnerability Detection on Federal Networks,” the directive requires federal civilian agencies to improve their awareness of ... Read More

The shadow IT trend has been underway for some time, but if a recent survey from Zoho ManageEngine is any indication, the amount of decentralized IT decision-making has passed an inflection point — and data and system security are being stressed as a result. According to the IT at Work: ... Read More

With looming pullbacks in enterprise technology budgets—including, potentially, security budgets—despite rising digital attacks, regulatory pressure, increasing enterprise business-technology architectural complexity and a shortage of staff with specialized cybersecurity skills, CISOs and their peers are heading into one of the most challenging times they’ve faced. Still, a new report from Forrester ... Read More

Based solely on the dire cybersecurity headlines of the past few years, it’d be easy to assume that cybersecurity teams and incident responders were on their heels. But a just-released survey from VMware found that not only are incident response teams trying different ways to protect their systems, but they ... Read More

You’re not imagining things; new firmware threats are appearing more often. The most recent is CosmicStrand, which exploits the Unified Extensible Firmware Interface (UEFI) to avoid detection. The new UEFI rootkit, detailed in a blog post by Kaspersky Lab’s global research and analysis team, apparently targets the Intel H81 chipset ... Read More

Following months of pushback from private industry, the Transportation Security Administration (TSA) reissued a revised version of its cybersecurity directive for oil and natural gas pipeline owners and operators. The directive follows the May 2021 ransomware attack on Colonial Pipeline. That attack impacted fuel transformation and caused widespread disruption to ... Read More

The explosion of endpoint devices is making it even more challenging for IT departments and security teams to obtain both visibility and control over these devices. According to a new report from Ponemon Institute sponsored by endpoint management provider Adaptiva, the typical enterprise manages a whopping 135,000 endpoint devices. Almost ... Read More

When attackers breached Colonial Pipeline using a stolen password, it took a lot of people by surprise. But the reality is such attacks against critical infrastructure were brewing for some time. Last week, the U.S. Government Accountability Office (GAO) sought to make sure the nation is adequately prepared financially for ... Read More

Following years of nation-state cyberattacks targeting United States interests, during a Securing Cyberspace panel hosted by the Washington Post, a pair of lawmakers expressed their determination to establish harsher penalties for such attacks. As recently as March 2022, attackers affiliated with the Chinese government broke into six or more U.S ... Read More