Top ISACA Cybersecurity Content from 2022

Audit and Assurance
Author: ISACA
Date Published: 5 October 2022

October is Cybersecurity Month and a great time to catch up on some of the top cybersecurity content ISACA has produced so far this year.

See below for 15 of the most popular ISACA cybersecurity articles, blogs, podcasts and webinars of 2022, and find more ISACA cybersecurity resources here.

Reducing Cybersecurity Security Risk from and to Third Parties
A major lesson from the COVID-19 pandemic is that protecting oneself is only part of the solution that will put a stop to the virus. It is also important to prevent the virus from infecting others to mitigate disease cases, hospitalizations, deaths, and economic and social consequences.

When it comes to cybersecurity, the main objective to date has been protection, with much research and many products and services aimed at attempting to identify and stop cyberattackers in their tracks. Relatively little research has addressed how to stop malicious software (malware) that has already affected a system from infecting other systems within or external to infected organizations.
READ MORE >

What Business Leaders Need to Know About Cybersecurity Preparedness
Many cybersecurity incidents occur when organizations think they’re doing the right thing. Strong antivirus software is in place, employees are using multifactor authentication, and all systems seem to have been properly configured. Despite feeling secure, this is actually a perfect time for disaster to strike.

It’s common knowledge that cybersecurity attacks are not a matter of if an incident occurs, but when. “Why would we invest significant time and resources into improving cybersecurity if that is only delaying the inevitable?” you may be wondering. The truth is that taking a proactive approach to enhancing your organization’s incident prevention and response capabilities can make the difference between encountering an intrusion that is quickly snuffed out and a full-blown data breach.
READ MORE > 

Zero Trust: How to Beat Adversaries at Their Own Game
This white paper describes the Zero Trust principle and outlines benefits for securing enterprises of all sizes against cybersecurity threats. It delves into the mechanisms hackers typically employ to gain insider access to networks and describes how they move within them to carry out ransomware and other cyberattacks. It explains how a Zero Trust approach defends against those threats. It also includes a historic analysis of breaches that resulted from inadequate attention to infrastructure protection, and it makes the business case for adopting the ZT model to shore up enterprise security.
READ MORE >  

Defending Data Smartly
With the growing prevalence of digital banking, our collective financial and intellectual wealth and value have begun to transition to a digital model. As a result of this transformation, our reliance on digital data has become increasingly intertwined with our personal and professional lives. This has made data security a vital component of building digital trust with customers and stakeholders.

However, protecting digital data is not without challenges. Despite billions of dollars being spent on cybersecurity efforts and initiatives, breaches continue to occur, and the threat of cyberattacks remains high across the globe.
READ MORE > 

Twenty Ways Information Security Has Become More Challenging in the Past 20 Years
ISACA’s Certified Information Security Manager (CISM) certification is now in its 20th year, with more than 65,000 people earning the globally respected credential during that time. To mark the anniversary, we spoke with 20 CISM-holders to collect their commentary on the biggest challenges that have emerged in infosec since CISM came on the scene in 2002. This is part two of our CISM anniversary blog series; previously, we explored the progress that has been made over the past two decades.
READ MORE >

Managing Cybersecurity Risk as Enterprise Risk
Cybersecurity risk is a critical enterprise concern. Cybersecurity incidents such as ransomware have the potential to bring an organization’s operations to a standstill.
READ MORE >

Boosting Cyberresilience for Critical Enterprise IT Systems With COBIT and NIST Cybersecurity Frameworks
The term cyberresilience is defined as “[T]he ability of a system to continue to operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities and recover to an effective operational posture in a time frame consistent with mission needs.” The term is also frequently used to refer to the overall organizational ability “…to protect electronic data and systems from cyberattacks, as well as to resume business operations quickly in case of a successful attack.” Understanding best practices for enhancing cyberresilience outlined in the US National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and COBIT®enable organizations to better protect critical enterprise applications and help limit potential damage from cyberbreaches.
READ MORE >

Volatile Times Call for Heightened Cybersecurity Preparedness
The recent attacks on Ukraine are a daunting reminder that today’s battles occur on two fronts: the physical world and the digital one. As predicted, Russian-based threat actors launched cyberattacks at systems in Ukraine government and businesses. In a show of increased aggression, the first wave of attacks involved DDoS attacks, while the second consisted of malware designed to destroy data that was initially disguised as ransomware. There are many sources listing the technical details around the malware, and security agencies within the EU and the United States have provided information on the cyberattacks, along with security recommendations to various organizations within the public, private and critical infrastructure sectors.
READ MORE >  

Archived Webinar—Surviving a Ransomware Apocalypse
The lifecycle of ransom and ransomware is constantly changing. It’s being refined by cyber criminals for efficiency and malice. It’s a combination of social engineering, deception, technology, encryption, stealth, data analytics, business analysis, high-pressure negotiations, and a highly unusual manifestation of customer service.
WATCH > 

The Impact of People on Today’s Information Security Landscape
There is much written about long lists of cybersecurity problems (most of which practitioners may already be aware) or even potential solutions, so perhaps it is beneficial to take a moment to reflect on how the state of information security has changed over the years. Security challenges—the way they are approached, the processes in place to address them, the people trying to solve them—all seem to repeat themselves without anything fundamentally changing.

Undoubtably, most would agree that organizations, governments, and society as a whole rely on the Internet with all of its associated technology, services, and conveniences now more than ever before. Combined with the shift to a hybrid workforce triggered by the COVID-19 pandemic, the threat landscape has changed throughout the past several decades and a wide range of products and solutions has entered the market to tackle the new and increasing number of threats from a technology perspective.
READ MORE >

Archived Webinar—State of Cybersecurity 2022
State of Cybersecurity 2022, Global Update on Workforce Efforts, Resources and Cyberoperations reports the results of the annual ISACA® global State of Cybersecurity Survey, conducted in the fourth quarter of 2021. This survey report focuses on the current trends in cybersecurity workforce development, staffing, cybersecurity budgets, threat landscape and cybermaturity.
WATCH >  

Addressing the Biggest Challenges in Cloud Security
Gartner has predicted that by 2026 the public cloud expenditure will exceed 45 percent of all enterprise IT. Sustainability is another hot topic that is linked to cloud services and is predicted to cut down CO2 emissions. Cloud services, along with being sustainable and environment-friendly, help organizations maintain a digital infrastructure without having to put in as much effort as with a physical one, which improves efficiency, scalability and collaboration.

While some might argue that cloud is insecure and potentially opens the gates to severe breaches, if we were to implement security practices and procedures right from the start, we can build a more secure cloud environment.
READ MORE > 

Celebrating Women in Cybersecurity
Joanna Karczewska, a longtime ISACA member from Poland, is among several ISACA members who recently was featured in the book, “Hacking Gender Barriers: Europe’s Top Cyber Women.” Karczewska recently visited with ISACA Now to discuss the book and her views on progress made by women in the cybersecurity field. The following is a transcript of the interview.
READ MORE >

Current State of Cybersecurity in K-12
ISACA Director of Professional Practices and Innovation Jon Brandt hosts Doug Levin, co-founder and National Director of K12 Security Information eXchange (K12 SIX), a national non-profit dedicated solely to helping schools protect themselves from emerging cybersecurity threats.
LISTEN >

Proven Methodology to Fight Ransomware
Though the topic of ransom and ransomware is extremely popular, a lot of discussions center around a few topics: prevention, insurance and recovery. After responding to countless ransom and ransomware attacks, I can tell you that even the most informed security teams still make basic mistakes.

In my presentation on “Surviving a Ransomware Apocalypse,” at ISACA Conference North America 2022, I will focus on less discussed topics that must be on the top of your consideration list while preparing for and dealing with these types of incidents. You are never going to be 100 percent ready, but you can be more informed about common mistakes.
READ MORE >