Pavel Volosen

Episode 3024 - Join the insightful discussion on navigating cybersecurity challenges in a remote world with Taylor May, MBA of Resonance. The talk highlights common cybersecurity issues, focusing on software vulnerabilities and the emergence of AI-enabled threats. Discover the crucial need to prioritize cybersecurity in today's interconnected and vulnerable landscape. Explore key topics such as securing remote work environments, proactive strategies, fostering cross-departmental communication, and adopting a holistic cybersecurity approach. The discussion also stresses the importance of education, accessibility, and affordability in the realm of cybersecurity. Watch the discussion here: https://lnkd.in/gawM_9QB. #Cybersecurity #RemoteWork #AI #CyberThreats #Education #Accessibility #Resonance

3

1 Comment

This Kiteworks article provides a thorough overview of how government agencies can utilize secure file transfer solutions to protect sensitive information and comply with regulatory requirements. 3 Real Government Uses for Secure File Transfer (and more) 👉 Learn more: https://gag.gl/kP9Anj #cybersecurity #FileTransfer #SecureFileTransfer #CyberResilience

7

📢 Hot off the Press: Verizon's 2024 Data Breach Investigations Report (DBIR) Highlights Alarming Cybersecurity Trends! 🚨 After following Verizon Business' annual release of their DBIR report for many years, many of their findings come as no surprise. Key findings include: 🔺 Vulnerability exploitation surged by a whopping 180%, primarily driven by ransomware actors targeting unpatched systems and zero-day vulnerabilities. 💣 🔺 Ransomware and extortion techniques accounted for a third (32%) of all breaches. 🔐💰 🔺 Over two-thirds (68%) of breaches involved human error or social engineering. 🤦‍♂️ For the 911 industry, these findings are (another) strong reminder of the need for 911 authorities to prioritize cybersecurity measures. As critical infrastructure, there is no question that 911 and emergency services agencies are prime targets for ransomware attacks and vulnerability exploits. Successful cyberattacks create interruptions that will negatively affect 911 operations, putting lives at risk. 🚑⚠️ Implementing robust vulnerability management, educating users on improving cyber hygiene, and investing in advanced threat detection and response capabilities are crucial steps to safeguard 911 systems. Collaboration between industry stakeholders and cybersecurity experts is vital to stay ahead of the ever-evolving threat landscape. Don't know where to start? Give me a call. 🤝🛡️ https://lnkd.in/eidHAHm7 Mission Critical Partners #CyberSecurity #VulnerabilityManagement #DataBreach #DBIR #CriticalInfrastructure

11

Responsible for managing #operationaltechnology (OT)? In this guide, we explore actionable strategies to fortify your organization’s OT security posture and extend your IT vulnerability management strategy to safeguard OT and IoT. #ot 🔗: http://ow.ly/aNte105NAtF

4

Hope you can join us for a robust discussion on an important topic!

9

Recent industry incidents underscore the critical importance of robust Business Impact Analysis (BIA) and Third-Party Risk Management (TPRM). Join CISO Russell Teague for another #CybersecurityMonth session and discussion on building tailored BIA and TPRM strategies. Register now: https://hubs.ly/Q02MYnwS0 #HealthcareIT #CyberResilience #RiskManagement #keepinghealthcarehealthy

22

Power up ⚡ your vulnerability remediation cycle with the platform designed to zap 21st century headaches. We're talkin' saving time spent patching, automating your work, and getting back on CISA's good side. Here's how Vicarius helps: 🔹 See everything in one place: Forget siloed data and endless spreadsheets. Vicarius provides a single source of truth for all your vulnerability data. 🔹 Prioritise like a pro: Vicarius goes beyond just severity scoring. It uses real-time context to prioritise vulnerabilities that matter most to your organisation. 🔹 Patch smarter, not harder: Integrate patching for Windows, Linux, Mac, and third-party applications – all from the same platform. 🔹 Automate the mundane: Free yourself from repetitive tasks. Vicarius automates patching, threat mitigation, and even vulnerability scans. Try vRx today, risk-free, pain-free. (Seriously, why wait? ) #vulnerabilitymanagement #cybersecurity #CISA #automatedsecurity #patching

2

🚀 Navigating ISO42001 AIMS Controls: Your Roadmap to Controls Implementation 🚀 As compliance executives, implementing ISO42001 AIMS controls can be a daunting task. Below are my thoughts on how to incrementally select, design, and then implement controls for your AIMS. 1️⃣ Identify Standards & Conduct Risk Assessments: Start by understanding the specific ISO42001 requirements applicable to your AI systems. Conduct a detailed risk assessment to uncover potential vulnerabilities and threats. For instance, if your AI handles sensitive data, focus on controls that address data privacy and security risks. 2️⃣ Design Tailored Solutions: Design controls that are tailored to the risks you’ve identified. Ensure these controls not only comply with legal and ethical standards but are also practical for your daily operations. Engage stakeholders from various departments—like IT, legal, and operations—to gather a variety of insights that ensure comprehensive coverage. For example, if your risk assessment highlights a potential for data breaches, you might design an AI control that includes both encryption of data at rest and rigorous access controls. 3️⃣ Implement Controls "Smoothly": Integrate these controls seamlessly into your existing business and IT processes. Before full implementation, pilot these controls in a controlled/dev environment to iron out any issues. Comprehensive training for all users is critical to ensure smooth adoption. For example, after introducing a new AI monitoring tool, conduct training sessions to help your staff understand how to use the tool effectively and recognize signs of system anomalies. 4️⃣ Monitor, Document, and Adjust: Maintain detailed documentation of all AI controls, their implementation processes, and their effectiveness. Regular monitoring is vital — set up dashboards that track compliance in real-time and alert you to any deviations if you aren’t using a platform like Vanta or Drata. Regularly review and refine your new controls to adapt to new technological developments or changes in regulatory requirements. For instance, if a new data protection regulation is passed, review your AI data handling controls to ensure they remain compliant across geographies. 🌐 Interested in a deeper dive or specific examples tailored to your industry? Connect with me for a personalized discussion on optimizing your ISO42001 AIMS implementation!  #AICompliance #AIManagement #ISO42001 #Cybersecurity A-LIGN #iso42001 #TheBusinessofCompliance #ComplianceAlignedtoYou

5

This is a great post that summarizes 5 key trends in the MSP space. These insights come from Jay McBain's speaking session at the Pax 8 event earlier this month. One thing that stood out was that security has become a major MSP opportunity, with 99% of MSPs deeply engaged with cybersecurity. #MSP #ChannelPartners #CybersecurityServices

3

1 Comment

Infosec Leaders - we are about 2 weeks out from our IANS 2024 Dallas Virtual CISO Roundtable. IANS faculty Steven Martano will talk on Benchmarking to Develop Your Career. October 10th at 8:30ct - Message me here/email me to join. #cybersecurity #CISO #securityleaders #securityleadership #infosec #informationsecurity

11

Earlier this year, Cyentia Institute published a meta-study analyzing the top ATT&CK techniques reported across 20+ industry sources. NOT ONE OF THEM reported observing T1195.003 - Compromise Hardware Supply Chain. Hold on - my aid has an urgent message for me...oh my...they what?!...pagers exploding - really?...I see...got it...will do... Sorry for the interruption. As I was saying, T1195.003 was THE MOST REPORTED sub-technique in the entire study! Download it today from the compromised device of your choice: https://lnkd.in/eafNi5u3 #supplychain #cybersecurity #fud

91

6 Comments

Utilizing cloud security is a no brainer as it allows security professionals to utilize features like AI, touchless access, and mobile credentialing; However, another important reason is the long term savings an enterprise can reap from a system that is easier to maintain and far less costly than an analog or hybrid system. For a consultation on how we can upgrade your business drop us a line below or moreinfo@gridsquared.com#gridsquared #getonthegrid #ai #cloudsecurityhttps://lnkd.in/eTGjeqCF

3

AC-02 is in the top 5 most important controls I'd recommend developing familiarity with 🚨 Let's continue our Neverending Story through NIST 800-53 with: AC-02 Access Control Account Management Simply stated: AC-02 governs: - Accounts and people (users, managers, roles, groups, etc.) - Access authorizations and privileges - Account management processes - Account monitoring and review - Account PII privacy ➡️ There are 12 control elements (A-L) within AC-02 🙂‍↕️ which each need to be fulfilled or inherited for overall AC-02 compliance How to simplify control implementation: - Consider how account management is conducted throughout the enterprise, application team, cloud service provider, data center, etc. - Map to Identity and Access Management tools and services - Leverage inheritance for external team services - Revisit onboarding and off-boarding processes How to automate control implementation & assessment: - Integrate configuration checks for access control mechanisms - Leverage Identity and Access Management capabilities - Configure logging and alerts for audits and monitoring - Automate account review checks ⬇️ Let me know what I missed ⬇️ #GRCEngineering #NIST #NIST80053 #Cybersecurity #ZeroTrust #GRC #AccessControl #PoliciesandProcedures #AI #AccountManagement

19

5 Comments

This breach at #GlobeLife serves as a reminder that security isn't a one-time setup — it's a continuous process. Regular audits of access permissions and user identity management are essential. Orgs have to continuously evaluate their security posture to address vulnerabilities before they are exploited.

3