Author: rescue@crimefire.in

These new technologies still require data security and privacy risk assessments and proper controls in place
The construction industry is making great strides by leveraging AI technologies such as machine learning and robotics, among others. However, the industry lags behind in data security and privacy initiatives compared to others, according to an expert.
These new technologies still require data security and privacy risk assessments and proper controls in place, something that may be a second thought for those in the construction industry, said Shijas Mohidheen, the Director of Cybersecurity at Hilal Computers.
Hilal Computers is a legally authorised and approved vendor that provides cyber security consultancy, governance, and cyber technologies in the Kingdom of Saudi Arabia.
"Cybercriminals have become more sophisticated when attacking the construction industry, a key sector that is growing rapidly by adopting new technologies and going digital. This sensitive data needs to be protected," noted Mohidheen.
The exposure of cyber-attacks in construction, in part, is amplified by the amount of confidential and proprietary information digitally stored and shared across projects and their long information technology (IT) chains, he added.
Cautioning the companies on the looming threat, Mohideen said the main cyber-attacks that could hit a construction firm are in the form of ransomware; fraudulent wire transfer; downtime or business interruption; breach of intellectual property and breach of bid data.
"To keep data safe, companies must identify and address vulnerabilities and be aware of the risks associated with cyberattacks. To prevent such attacks, cloud computing has been adopted by many leading construction firms, as it is seen by some to be more secure than software installed locally," explained Mohidheen.
"It is essential for construction businesses to have a solid cybersecurity reputation and to protect their sensitive information. Hilal’s government-grade security and managed security services provide many businesses with secure data protection and daily monitoring," he stated.
Hilal Computers is listed on the website of the National Cybersecurity Authority (NCA) Saudi Arabia.
Mohidheen pointed out each of these cyber-attacks will hit businesses in a different manner.
"In the case of Downtime or Business Disruption, the construction industry is heavily reliant on the ability to deliver projects on a deadline. A cyber-attack on a construction company’s software or equipment could potentially cause a delay in the project until the cyber-attack is properly addressed," he said.
"In the competitive construction sector in Saudi Arabia it is vital to protect a company’s intellectual property whether it be in the form of designs, blueprints or bidding strategies or information from being exposed to lose any competitive edge," he added.
Mohidheen said it was important to put safeguards in place to prevent cyber-attacks from occurring as their effects were becoming more damaging to the industry.
"The solutions are not a 'one size fits all' but requires to be designed according to the needs and budgets of construction companies," he explained.
"We have options available not only reliant on cybersecurity software, but advice on levels of defensive walls to protect data and of course the companies' internal policies and procedures. Sophisticated software will be of little help if passwords and entry points are left vulnerable for cyber-hackers," he added.
Copyright 2022 Al Hilal Publishing and Marketing Group Provided by SyndiGate Media Inc. (Syndigate.info).
Get insights and exclusive content from the world of business and finance that you can trust, delivered to your inbox.
Subscribe to our newsletters:
DAILYWEEKLYGREEN

source

source

Turbocharge your IT career with cybersecurity training for just $50
Your email has been sent
Whether you have one year or ten years of IT experience, you’ll have an edge when applying to the best cybersecurity positions by preparing for certifications with this e-learning bundle.
If you’ve been working on your taxes and thinking your IT career could use a good boost, then you may want to consider specializing in cybersecurity. With as little as a year’s experience in IT — and even if you have as much as ten years’ experience — acquiring cybersecurity certifications really makes your resume stand out. Now, you can prepare for six of those certifications with the 2022 CompTIA Cyber Security & PenTest Super Bundle.
CompTIA is a vendor-neutral organization that offers certifications respected by companies all over the globe. All of the exams are very thorough; with the help of the preparation materials found in these courses, you should be able to pass them on your first try.
With just one year of experience as an IT professional, the CompTIA Security+ (SY0-601) certification can have you jumping right onto a cybersecurity career path. In our preparation materials, you’ll learn about analyzing security issues in enterprise environments and recommending the best solutions. In addition to your experience, however, CompTIA A+ and Network+ certifications are required for this course.
Once you have two years of experience and the Security+ certification, you can then take both penetration testing courses: CompTIA PenTest+ (PT0-001) and CompTIA PenTest+ (PT0-002), which is a favorite of previous students, who have rated it a perfect 5 out of 5 stars. They will teach you about testing systems in a variety of environments, such as in the cloud or on servers. Alternatively, you may prefer taking CompTIA CySA+ (CS0-002), which covers risks, vulnerabilities and threat identification.
IT professionals who have a minimum of 10 years’ experience can really move up in their careers by preparing for the CompTIA CASP+ (CAS-003) and CompTIA CASP+ (CAS-004) certification exams. While you are required to have a Security+ certification before taking these courses, it is highly recommended that you also have PenTest+ and CySA+ certifications. CAS-003 and CAS-004 cover advanced risk management, enterprise-level security operations, implementing solutions in complex environments and more.
These courses are presented by iCollege, a leading e-learning platform trusted by top tech organizations to train their employees. The bundle is rated an average of 4.5 out of 5 stars by verified purchasers.
Make it easier to land the jobs you want most and get the 2022 CompTIA Cyber Security & PenTest Super Bundle now while it’s on sale for just $49.
Prices and availability are subject to change.
Stay up to date on the latest in technology with Daily Tech Insider. We bring you news on industry-leading companies, products, and people, as well as highlighted articles, downloads, and top resources. You’ll receive primers on hot tech topics that will help you stay ahead of the game.
Turbocharge your IT career with cybersecurity training for just $50
Your email has been sent
Your message has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.
Microsoft’s latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.
Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.
With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We’ve compiled a list of 10 tools you can use to take advantage of agile within your organization.
With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to ‘eliminate’ passwords entirely.
Stay up to date on the latest in technology with Daily Tech Insider. We bring you news on industry-leading companies, products, and people, as well as highlighted articles, downloads, and top resources. You’ll receive primers on hot tech topics that will help you stay ahead of the game.
PURPOSE This Media disposal policy from TechRepublic Premium provides specific instructions for ensuring organization data is properly protected when disposing of old storage media. From the policy: POLICY DETAILS When disposing of damaged, unusable, obsolete, off-lease, decommissioned, old, or end-of-service-life equipment and media, the organization requires that the guidelines outlined herein be followed: Hard drives, …
PURPOSE To take some of the effort out of writing (and rewriting) emails to share with company staff and executives, TechRepublic Premium has assembled basic templates to handle the most common types of communications. Simply copy the text into your favorite word processor and customize it to fit your needs. Then, paste it into an …
PURPOSE The purpose of this policy from TechRepublic Premium is to provide guidelines for developing mobile applications from a security, procedural and best practices standpoint. While it contains technical guidelines, it is not intended to serve as a programming guide but as a framework for operations. This policy can be customized as needed to fit …
PURPOSE This checklist from TechRepublic Premium provides a method for auditing and documenting a client site and assembling an inventory of systems and software, as well as giving you a framework for developing recommendations, applying costs to them, and storing all that information in one file. Tracking client contact details, circuit information, network equipment, cloud …

source

Copyright © 2023 Entrepreneur Media, Inc. All rights reserved. Entrepreneur® and its related marks are registered trademarks of Entrepreneur Media Inc.
Save big on our most comprehensive cybersecurity training bundle.
By Entrepreneur Store • Jan 13, 2023
Share
Disclosure: Our goal is to feature products and services that we think you’ll find interesting and useful. If you purchase them, Entrepreneur may get a small share of the revenue from the sale from our commerce partners.
For entrepreneurs and small business owners, cybersecurity is no longer an option. Of course, nobody is immune to cybercrime, but an attack can have far more devastating consequences for a small business than it would for a big one.
As such, you need to invest in cybersecurity, but who has the resources to bring in an entire IT or cybersecurity team? So instead, become your own cybersecurity expert. You can build a strong foundation with The Complete 2023 Cyber Security Developer & IT Skills Bundle.
One of the most comprehensive cybersecurity resources you’ll find anywhere, it’s comprised of 26 courses from one of the world’s leading online learning providers, iCollege. You’ll get study materials for many of the world’s most in-demand cybersecurity certification exams. iCollege is trusted by Silicon Valley startups and Fortune 500 companies to help employees keep their skills up to speed, so you know their materials are some of the best available on the web.
Courses cover exams from Microsoft, Cisco, CertNexus, Linux, CompTIA, NIST, and many more top-certifying bodies. From penetration testing and ethical hacking to cloud security, cybersecurity infrastructure, and more, you’ll develop a comprehensive skill set that will help you protect your own business, start a side hustle, or even launch a lucrative new career path. With lifetime access and so many certifications to cover, you can choose where you want to devote your attention based on your interests and needs.
This bundle is rated 5/5 stars online. One reviewer raved, “The instruction videos are absolutely magnificent, and all of the extra materials will surely assist come exam time!”
For a limited time, you can get The Complete 2023 Cyber Security Developer & IT Skills Bundle on sale for just $79 (reg. $7,774) — best of web pricing!
Prices subject to change.
Entrepreneur Leadership Network Contributor
Entrepreneur Store
One employee said he was asked to pay back more than he ever made at the company.
By Gabrielle Bienasz
AMC operates 600 theaters across North America, Europe, and the Middle East.
By Emily Rella
Once you have the night-vision skills of Fortune 500 restaurants, scaling becomes effortless. Here are 3 ways to scale, hidden in plain sight.
By Thalia Toha
Today's consumers expect personal, impactful ads. There's an advertising method that can get you there for half the price, making it the next frontier in digital advertising.
By Joshua Kreitzer
Make self-improvement easy to schedule.
By Entrepreneur Store
To start one of these home-based businesses, you don't need a lot of funding — just energy, passion and the drive to succeed.
By The Staff of Entrepreneur Media, Inc.
Successfully copied link
We'll be in your inbox every morning Monday-Saturday with all the day’s top business news, inspiring stories, best advice and exclusive reporting from Entrepreneur.
I understand that the data I am submitting will be used to provide me with the above-described products and/or services and communications in connection therewith.
Read our privacy policy for more information.
Copyright © 2023 Entrepreneur Media, Inc. All rights reserved. Entrepreneur® and its related marks are registered trademarks of Entrepreneur Media Inc.

source

The largest technology companies in the world have a vested interest in addressing the global cybersecurity talent shortage. By 2025, there will be 3.5 million cybersecurity jobs open globally—a 350% increase over eight years, according to Cybersecurity Ventures—and Microsoft is intent on closing this gap.
The high demand for cybersecurity experts is reflected by the salaries for these roles in the U.S. Microsoft estimated that in 2021, the country had 464,200 unfilled positions that required cybersecurity skills and the average salary for these jobs is $105,800. Some estimates for cybersecurity worker salaries are even higher. Companies like Booz Allen Hamilton report the annual earnings of entry-level cybersecurity employees to be around $150,000. The median base compensation for chief information security officers, which typically requires a master’s degree, is $584,000, according to a survey by Heidrick & Struggles. 
Despite steep demand and six-figure salaries, only 3% of U.S. bachelor’s degree-holders have cybersecurity-related skills, Cybersecurity Ventures reports. This skills gap is what Microsoft is hoping to change by honing in on the lack of diversity in the computing and cybersecurity fields. Among cybersecurity specialist jobs, 83% of these roles are held by men and 72.6% by white people. 
In 2021, Microsoft launched its cybersecurity skills initiative, which included the company giving $150 million to federal, state, and local governments to support upgrading government agencies’ cyber protection and committing to spending $20 billion on advancing their security solutions over the next five years. The initiative also included a large-scale effort to support cybersecurity education.
Microsoft is collaborating with 181 community colleges across 44 states in an attempt to provide accessible pathways into the profession. The tech company launched a campaign to recruit 250,000 people into the cybersecurity workforce by offering a free cybersecurity curriculum to all U.S. public community colleges, providing training for college faculty, and offering financial support to 25,000 students. Microsoft declined to provide the full list of partnering schools to Fortune. 
Alongside Abbott and Raytheon Technologies, Microsoft also supports the HBCU Cybersecurity Industry Collaboration Initiative Pilot. The program, which will run through Fall 2022, involves collaboration with with the schools of engineering at four historically black colleges and universities: Hampton University, North Carolina A&T State University, Prairie View A&M University, and Virginia State University.
To learn more about how the Big Tech company is striving to close the cyber skills gap, Fortune spoke with Naria Santa Lucia, senior director of digital skills and employability at Microsoft Philanthropies. 
The following interview has been edited for brevity and clarity. 
Fortune: The demand for cybersecurity experts is nothing new, so why has Microsoft decided to launch these initiatives in the past couple of years? 
Santa Lucia: We are a digital company, and so when there’s an alignment between what the company is driving towards and what we’re driving towards societally, the nexus of those two things is where we can really make a big difference.
COVID-19 obviously created a ton of opportunities for digital transformation. At one point, our CEO noted that at the beginning of COVID, two years’ worth of digital transformation happened in just two months—and that only grew from there. Additionally, cyber attacks and threats have increased significantly. So everywhere from our products to the communities, to nation states—how does Microsoft help?
From my perspective, cybersecurity is going to be a huge growth industry. So we asked ourselves: How can we make sure that people who have the talent, aptitude, and interest—especially those who are currently excluded—have a pathway into those roles? 
Fortune: How is Microsoft supporting colleges’ efforts to expand cybersecurity programming, and how are you ensuring these efforts are sustainable? 
Santa Lucia: We partnered with the American Association of Community Colleges to help build the capacity of the administrations and the faculty to teach computer science at all of these schools. We also are working with the National Cyber Training and Education Center—they designate the Centers for Excellence for community colleges—which allows schools to prove that they’re ready to deploy cybersecurity content.
There are many different ways to find cyber talent. On one end, there are those people who are maybe in a different IT role that with a little bit of re-skilling can go into cybersecurity. On the other end, there are those individuals who maybe never had a chance in a tech role, but can pursue the whole learning process and gain those skills, certifications, or credentials to enter the field. 
Both of those audiences are served at our nation’s community colleges. Not only do they have people who are going for those degree programs, but also there are workforce members that can go in and kind of brush up their skills. Community colleges are also so affordable and they are everywhere. So that’s why we think doubling down on the investment in community colleges is a really great way to close that talent gap quickly.
Right now, there are so many cyber threats and there is so much opportunity for new jobs and new roles in this space. I think if someone has even a little bit of interest in being a problem solver and is curious about the cybersecurity field, a really good place to check it out is your local community college.
Fortune: To address the demand for cybersecurity skills, why is it so critical to focus on career pathways for underserved communities?
Santa Lucia: We have found that the more targeted we can really be—especially for underserved populations—the better. Previously, we launched a global tech skilling initiative at the start of COVID. We’ve far exceeded our goal of reaching 25 million people and when we started looking underneath the hood of that initiative—we found that some roles are popping, and cybersecurity was one of those. There are lots of different kinds of jobs in cybersecurity, from analysts all the way to people that create the technology—it’s also a diverse set of roles. 
After we realized that this is a big opportunity to upskill talent and find roles for underserved individuals to be successful, we went out and spoke with several community colleges and asked them if students were interested and if so, what were the barriers to producing more cybersecurity talent. And we found out that students are very interested. The barriers included lack of access to up-to-date curriculums, limited bandwidth from faculty, and students themselves often needing financial assistance to pursue these programs. 
There is a lot of stereotyping of computer science professionals and I think a lot of the diversity issue in cybersecurity and computer science has to do with those stereotypes. Once I asked a leader from a community college about what kinds of people are really good at cybersecurity. And he said to me, honestly, anyone who is curious and loves problem-solving. When you frame it like that, that’s a lot of types of people, right? Many people could say that they love a good mystery or a good puzzle. 
So I think that we need to break those stereotypes, which is why I’m really proud that we’ve started our work first with community colleges because it is a system that is very robust across the U.S.—and that system has a lot of women and lots of students of color. If we can really tap that infrastructure to start getting that message out, that’s a good start to diversifying the pipeline.
See how the schools you’re considering fared in Fortune’s rankings of the best master’s degree programs in data science (in-person and online), nursing, computer science, cybersecurity, psychology, public health, and business analytics, as well as the doctorate in education programs MBA programs (part-time, executive, full-time, and online).

source

Advertisement
Supported by
The policy document urges more mandates on the firms that control most of the nation’s digital infrastructure, and an expanded government role to disrupt hackers and state-sponsored entities.
Send any friend a story
As a subscriber, you have 10 gift articles to give each month. Anyone can read what you share.
By David E. Sanger
WASHINGTON — The Biden administration issued a new cybersecurity strategy on Thursday that calls on software makers and American industry to take far greater responsibility to assure that their systems cannot be hacked, while accelerating efforts by the Federal Bureau of Investigation and the Defense Department to disrupt the activities of hackers and ransomware groups around the world.
For years, the government has pressed companies to voluntarily report intrusions in their systems and regularly patch their programs to fix newly discovered vulnerabilities, much as an iPhone does with automatic updates every few weeks.
But the new National Cybersecurity Strategy concludes that such good-faith efforts are helpful but insufficient in a world of constant attempts by sophisticated hackers, often backed by Russia, China, Iran or North Korea, to get into critical government and private networks. Instead, companies must be required to meet minimum cybersecurity standards, the new strategy contends.
The strategy is a policy document, not an executive order, although it represents a significant shift in attitude toward the “public-private partnerships” that the government has talked about for years. While some aspects of the new strategy are already in place, others would require legislative changes — potentially a major challenge in a Republican-dominated Congress. And the federal government does not have the ability to impose cybersecurity requirements on state-run facilities like hospitals, which have been targeted by hackers.
“The fundamental recognition in the strategy is that a voluntary approach to securing” critical infrastructure and networks “is inadequate,” Anne Neuberger, the deputy national security adviser for cyber and emerging technologies, said at an event at the Center for Strategic and International Studies, a Washington think tank.
Every administration since that of George W. Bush, 20 years ago, has issued a cybersecurity strategy of some kind, usually once in a presidency. But President Biden’s differs from previous versions in several respects, chiefly by urging far greater mandates on private industry, which controls the vast majority of the nation’s digital infrastructure, and by expanding the role of the government to take offensive action to pre-empt cyberattacks, especially from abroad.
The Biden administration’s strategy envisions what it calls “fundamental changes to the underlying dynamics of the digital ecosystem.” If enacted into new regulations and laws, it would force companies to implement minimum cybersecurity measures for critical infrastructure — and, perhaps, impose liability on firms that fail to secure their code, much like automakers and their suppliers are held liable for faulty airbags or defective brakes.
“It just reimagines the American cybersocial contract,” said Kemba Walden, the acting national cyber director, a White House post created by Congress two years ago. “We are expecting more from those owners and operators in our critical infrastructure,” added Ms. Walden, who took over last month after the country’s first cyber director, Chris Inglis, a former deputy director of the National Security Agency, resigned.
The government also has a heightened responsibility, she added, to shore up defenses and disrupt the major hacking groups that have locked up hospital records or frozen the operations of meatpackers around the country, along with government operations in Baltimore, Atlanta and small towns across Texas.
“We have a duty to do that,” Ms. Walden said, “because the internet is now a global commons, essentially. So we expect more from our partners in the private sector and the nonprofits and industry, but we also expect more of ourselves.”
Read alongside the cybersecurity strategies issued by the previous three presidents, the new document reflects how offense and defense in the sphere have become increasingly central to national security policy.
The Bush administration never publicly acknowledged American cyberattack capabilities, even as it mounted the most sophisticated cyberattack one state has ever directed at another: a covert effort to use code to sabotage Iran’s nuclear fuel facilities. The Obama administration was reluctant to name Russia and China as the powers behind major hacks of the U.S. government.
The Trump administration bolstered American offensive initiatives against hackers and state-backed actors abroad. It also raised the alarm about having Huawei, the Chinese telecommunications giant it accused of being an arm of the Chinese government, set up high-speed 5G networks in the United States and among allies, fearing that the company’s control of such networks would aid in Chinese surveillance or allow Beijing to shut down systems at a time of conflict.
How Times reporters cover politics. We rely on our journalists to be independent observers. So while Times staff members may vote, they are not allowed to endorse or campaign for candidates or political causes. This includes participating in marches or rallies in support of a movement or giving money to, or raising money for, any political candidate or election cause.
But the Trump administration was less active in requiring American companies to establish minimum protections on critical infrastructure, or seeking to make those firms liable for damage if vulnerabilities they had left unaddressed were exploited.
Imposing new forms of liability would require major legislative changes, and some White House officials acknowledged that Mr. Biden could face insurmountable opposition from Republicans in Congress if he sought to pass such sweeping new corporate regulations.
The Biden administration’s move to establish corporate liability for failure to meet basic security needs “will have decades-long ramifications,” said Glenn S. Gerstell, a former general counsel at the National Security Agency.
“In the cyberworld, we’re finally saying that Ford is responsible for Pintos that burst into flames, because they didn’t spend money on safety,” he added, referring to the famously combustible car that was recalled in 1978.
Many elements of the new strategy are already in place. In some ways, it is catching up with steps the Biden administration took after struggling through its first year, which began with major hacks of systems used by both private industry and the military.
After a Russian ransomware group shut down the operations of Colonial Pipeline, which handles much of the gasoline and jet fuel along the East Coast, the Biden administration used little-known legal authorities held by the Transportation Security Administration to regulate the nation’s vast network of energy pipelines. Pipeline owners and operators are now required to submit to far-reaching standards set largely by the federal government, and later this week, the Environmental Protection Agency is expected to do the same for water pipelines.
There are no parallel federal authorities for requiring minimum standards of cybersecurity at hospitals, which are largely regulated by states. Health centers have been another target of attacks, from Vermont to Florida.
“We should have been doing many of these things years ago after cyberattacks were first used to disrupt power to thousands of people in Ukraine,” Ms. Neuberger said in an interview on Wednesday. She was referring to a series of attacks on the Ukrainian power grid that began seven years ago.
Now, she said, “we are literally cobbling together an approach sector by sector that covers critical infrastructure.”
Ms. Neuberger cited Ukraine as an example of a proactive cyberdefense strategy: In the weeks after the Russian invasion, Ukraine changed its laws to allow ministries to move their databases and many government operations to the cloud, backing up computer servers and data centers around Kyiv and other cities that were later targets for Russian artillery. Within weeks, many of those server farms were destroyed, but the government kept running, communicating to servers abroad using satellite systems like Starlink, also brought in after the war broke out.
The U.S. strategy is catching up with its offensive program, which has become increasingly aggressive. Two years ago, the F.B.I. began to use search warrants to find and dismantle fragments of malicious code found on corporate networks. More recently, it hacked into the networks of a ransomware group, removed the “decryption keys” that would unlock documents and systems belonging to the group’s victims and foiled efforts to collect large ransoms.
The F.B.I. can operate in domestic networks; it is up to U.S. Cyber Command to go after Russian hacking groups like Killnet, a pro-Moscow group responsible for a series of denial-of-service attacks starting in the early days of the war in Ukraine. Cyber Command also slowed the operations of Russian intelligence agencies around the 2018 and 2020 American elections.
But none of those are permanent solutions; some groups the United States has targeted have formulated themselves anew, often under different names.
Mr. Biden’s only face-to-face meeting as president with Russia’s leader, Vladimir V. Putin, in 2021 in Geneva, was driven largely by the fear that rising ransomware attacks were affecting the lives of consumers, hospital patients and factory workers. Mr. Biden warned the Russian leader that his government would be held responsible for attacks emanating from Russian territory.
There was a lull for a number of months, and a prominent hacking group was raided by Russian authorities in Moscow. But that cooperation ended with the opening of the war in Ukraine.
In a speech this week at Carnegie Mellon University, Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency, described the efforts of the administration as “shifting liability onto those entities that fail to live up to the duty of care they owe their customers.”
“Consumers and businesses alike expect that products purchased from a reputable provider will work the way they are supposed to and not introduce inordinate risk,” Ms. Easterly said. She added that the administration needed to “advance legislation to prevent technology manufacturers from disclaiming liability by contract,” a common practice that few notice in the fine print of software purchases.
Advertisement

source

TL;DR: The Ultimate Advanced Cybersecurity Professional Certification Bundle(Opens in a new tab) is on sale for only $59.97 through April 3. That breaks down to only $11.99 per course.
As large as the cybersecurity industry could grow, entry-level positions may still be steeply competitive. If you want to stand out from the crowd, you may want to seek out professional certifications that you can study for on your own time. The Ultimate Advanced CyberSecurity Professional Certification Bundle gives you unlimited access to 175 hours of expert instruction on the fundamentals of cybersecurity(Opens in a new tab). During the Spring Digital Blowout, you can get this bundle for life for only $59.97, but that deal only lasts until April 3 at 11:59 p.m. PT. 
Whether you’re taking charge of your own education or supplementing formal classes, this bundle may have something valuable for you to learn. If you’re still a beginner, you can start by getting familiar with the basics. Study up on the National Institute of Technology Framework (NIST) that is used by 30 percent of all U.S. firms(Opens in a new tab). 
There’s more than one way to get your foot in the door of your first IT job, and one proven method is to get CompTIA-certified(Opens in a new tab). The two CompTIA courses in this bundle do not come with the certification exam itself, but they do give you access to nearly 100 hours of prep materials including video lectures on risk analysis and cyber defense, risk metrics, and more. 
Round out your IT education(Opens in a new tab) with courses on CISSP and CISM taught by pros from iCollege. Learn the technical and managerial skills that an IT team faces in a big company. That includes lessons on governance security principles, security ethics, and security architecture, and there’s even information on exam candidates for certification. 
Start studying. Get the Ultimate Advanced CyberSecurity Professional Certification Bundle(Opens in a new tab) while it’s only $59.97 (reg. $1,475). You don’t need a coupon to get this deal, but it only lasts until April 3.
Prices subject to change.
More in Cybersecurity

source

The White House
1600 Pennsylvania Ave NW
Washington, DC 20500
Promoting gender equity and equality is a cornerstone of U.S. foreign policy in Africa and around the world. Advancing the economic status of women and girls is not only a matter of human rights, justice, and fairness—it is also a strategic imperative that reduces poverty and promotes sustainable economic growth, increases access to education, improves health outcomes, advances political stability, and fosters democracy.
In particular, the digital gender gap undermines women’s full participation in the 21st century economy. Globally, approximately 260 million more men than women were using the internet in 2022—and this gap has increased by 20 million in the last three years. The gap is especially acute across Africa, where International Telecommunication Union data show that sixty-six percent of women do not use the internet.
To address this disparity, the Biden-Harris Administration will continue to work with other governments, private sector, foundations, and multilateral organizations to help close the digital divide, improve meaningful access to equitable digital finance and other online services, and address social norms that prevent women from participating fully in the digital economy. More broadly, the Biden-Harris Administration will continue to promote the economic empowerment of women.
In support of these goals, in Accra, Ghana, the Vice President is announcing a series of investments and initiatives—from the U.S. government, and in response to her call for investment from the private sector, and philanthropic community. The Vice President is also making a series of announcements on behalf of the Biden-Harris Administration to foster women’s political, economic, and social inclusion in Africa, building upon initiatives launched at the U.S.-Africa Leaders Summit in December 2022, including the Digital Transformation with Africa (DTA) Initiative.
.
Women in the Digital Economy Fund
The U.S. Agency for International Development and the Bill & Melinda Gates Foundation are announcing the Women in the Digital Economy Fund, a joint effort toward closing the gender digital divide. USAID will commit $50 million and the Gates Foundation will commit $10 million respectively by 2026, with at least half of these resources focused on Africa.
This new Fund will accelerate progress to close the gender digital divide by scaling evidence-based, proven solutions that improve women’s livelihoods, economic security, and resilience. The Fund will support programs that advance digital access and affordability; develop relevant products and tools; provide digital literacy and skills training; promote online safety and security; and invest in gender-disaggregated data and research.
USAID will mobilize its commitment to this effort, subject to the availability of funds, alongside additional U.S. government initiatives focused on advancing gender equality and digital connectivity in Africa as part of the DTA.
Additional Private Sector and Philanthropic Commitments to Support Closing the Gender Digital Divide
The Vice President is announcing nearly $400 million in private sector and philanthropic commitments, made in response to the Vice President’s call to support the key pillars of the Women in the Digital Economy Fund:
Private Sector Commitments to Support Women’s Economic Security in Africa
To build upon support for the Women in the Digital Economy Fund, and in response to the Vice President’s call to promote women’s economic security across Africa, the following five companies and organizations collectively announced $528 million in major new commitments today:•
U.S. Government Initiatives to Advance Gender Equality Across Africa
The Biden-Harris Administration is also making an additional $47 million in commitments in Africa to foster women’s economic participation, environmental stewardship, health, and freedom from gender-based violence, building on initiatives launched at the U.S.-Africa Leaders Summit.
Economic Participation
Environmental Stewardship
Health
Gender-Based Violence
We’ll be in touch with the latest information on how President Biden and his administration are working for the American people, as well as ways you can get involved and help our country build back better.
Opt in to send and receive text messages from President Biden.
The White House
1600 Pennsylvania Ave NW
Washington, DC 20500

source

On March 2, 2023, the Biden administration released the 2023 National Cybersecurity Strategy (the “Strategy”).¹ The Strategy acknowledges that the United States “must [effect] fundamental shifts in how . . . [it] allocates roles, responsibilities, and resources in cyberspace.”²To that end, that Strategy highlights two specific shifts that it seeks to accomplish: “rebalance[ing] the responsibility to defend cyberspace” and “realign[ing] incentives to favor long-term investments.”³ Achieving those goals relies on five distinct pillars:
Importantly, for the technology sector, the Strategy explains that “[i]ndividuals, small businesses, state and local governments, and infrastructure operators have limited resources and competing priorities.”⁴In light of those limitations, the Strategy seeks to strengthen the nation’s cybersecurity capabilities by
“ask[ing] more of the most capable and best-positioned actors to make our digital ecosystem secure and resilient. In a free and interconnected society, protecting data and assuring the reliability of critical systems must be the responsibility of the owners and operators of the systems that hold our data and make our society function, as well as the technology providers that build and service those systems.”⁵
In press briefings, Acting National Cyber Director Kemba Walden has described the Strategy as “fundamentally reimagining America’s cyber social contract.” From the perspective of the technology sector, the focus on rebalancing cybersecurity risk mitigation responsibilities will have potentially significant practical repercussions as the administration will “focus on points of leverage,” including efforts to place greater burdens on the technology industry through legislative and administrative action.⁶We discuss below some of the contemplated “points of leverage,” as well as some opportunities the Strategy may present for the technology sector.
Among the more significant elements of the Strategy is its contention that past efforts to rely on market forces to drive enhanced cybersecurity have proven unsuccessful. The Strategy asserts that rather than seeking to enhance cybersecurity capabilities, the industry has chosen not to adopt best practices and instead continues to engage in practices such as shipping products with unsafe default configurations or known vulnerabilities. Similarly, the Strategy states that software providers regularly take advantage of their market power to disclaim liability via agreements thrust upon their consumers. Software is a particular area of focus, with the Strategy noting that cyber weaknesses in software are primary drivers of “systemic risk across the digital ecosystem.”⁷
In sum, the Strategy concludes that because market forces have generally not been as effective as the administration would like, cyber incidents have disproportionally affected small businesses and individuals. In light of the ineffectiveness of the market, the Strategy clearly articulates the Biden administration’s intent to hold the industry more accountable for cybersecurity and to utilize the government’s purchasing power and grant-making authority, among other means, to better incentivize enhanced cybersecurity efforts. To that end, the administration specifically asserts that it will seek to shift liability onto companies that “fail to take reasonable precautions to secure their software.” According to the Strategy, emphasis will be placed on those organizations best able to prevent cyber-related problems rather than continuing to allow the impact of cyber vulnerabilities to fall on end-users and open-source developers whose products are included in commercial products.
The Strategy proposes legislative solutions that will seek to establish a new liability framework for software products and services. These efforts will seek to establish limits on collecting, using, transferring and maintaining personal data, as well as particular protection for data related to health and location. Included in the desired legislative outcome would be efforts to prevent manufacturers and software providers from disclaiming liability through contracts users have no means to avoid, i.e., click-through agreements and the like. The Strategy does put forward a carrot to go with its legislative stick in the form of a contemplated safe harbor from liability for those companies who achieve compliance with best practices for secure development and maintenance of software products and services. It is of course uncertain whether with a divided federal government the administration will be able to achieve its goals through the legislative process.
The Strategy notes that Executive Order 14,028 “Improving the Nation’s Cybersecurity”⁸ took steps to utilize the federal procurement process to strengthen cybersecurity-centric contract requirements and standardize those requirements across agencies. The Strategy builds upon that work by explaining that contractors “must live up to” their commitments to follow best cybersecurity practices.⁹ Specific reference is made to the Department of Justice’s (DoJ) Civil Cyber-Fraud Initiative¹⁰ to hold accountable those companies that put U.S. information or systems at risk by providing deficient systems or products or misrepresenting their cybersecurity capabilities. Although not a direct result of the DoJ initiative, the July 2022 $9 million settlement of a False Claims Act case with Aerojet Rocketdyne illustrates the risk of non-compliance with government contract cybersecurity requirements.¹¹
In addition to legislative action, the Strategy contemplates new regulations in critical sectors of the economy. According to the Strategy, if enacted, the new regulations will be “performance-based” and will seek to “leverage” existing guidance including that from the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST). The focus of the regulations will be on defining minimum expected cyber practices and outcomes. From an industry perspective, active involvement in any rulemaking process will be critical to ensuring that any established minimum requirements are both achievable and reasonable.
Importantly, the Strategy acknowledges that key sectors often rely on the cybersecurity capabilities of third-party service providers, specifically including cloud-based services. The Strategy explains that regulators will be focused on identifying gaps in existing authorities as a means to achieve improved cybersecurity practices in the cloud computing space, as well as other types of third-party service providers. Here too, industry input will be critical as any rulemaking proceeds.
Recognizing that cybersecurity is a global issue with varying standards, the Strategy acknowledges that, to the extent necessary, the United States will work with its global partners to achieve cross-border harmonization of regulations, assessments and audit standards.
While the Strategy does seek to implement certain actions that would increase the technology sector’s burden in the cybersecurity space, it also offers some opportunities, including a plan to “reinvigorate” cybersecurity-focused research and development initiatives. Specifically, the Strategy recognizes that investing in research and development efforts focused on developing a stronger cybersecurity architecture with fewer vulnerabilities will pay dividends in the future in terms of more secure products and systems. Consistent with that objective, and as an element of updating the Federal Cybersecurity Research and Development Strategic Plan, the government will seek to implement research and development initiatives aimed at mitigating cybersecurity risks in both existing and next generation technologies. Focus areas will include artificial intelligence, cloud infrastructure, encryption, telecommunications and data analytics, among others. Key nodes within the federal government for those programs will include the National Science Foundation, the Department of Energy and its National Laboratories and other federally funded research and development centers. Public private partnerships with academia and technology companies will also be leveraged in this area.
In addition to investing in cybersecurity-related research and development, the Strategy also focuses on investments aimed at modernizing federal information and operational technology systems. In recent years, the government has expressed a desire to move toward a zero-trust architecture that would include multi-factor authentication, improved oversight of system management and access, and improvements to cloud security. Those enhancements, however, require upgrades that cannot be implemented until the government modernizes its systems. These efforts may lead to increased procurement activity in the technology sector and thus new opportunities for technology companies to increase their government business.
The Office of the National Cyber Director is charged with coordinating implementation efforts in conjunction with the National Security Staff and the Office of Management and Budget. It is unclear how quickly these efforts will move forward. In addition, as noted above, certain key elements of the Strategy are focused on legislative and/or regulatory actions. Industries should monitor implementation developments and weigh in when opportunities present themselves.
¹Available here: https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf.
²Strategy at 4.
3 Id. at 4-5
⁴Id. at 4.
⁵Id.
⁶Id. at 5.
⁷Strategy at 20.
⁸Available here: https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/.
⁹Strategy at 22.
¹⁰Available here: https://www.justice.gov/opa/pr/deputy-attorney-general-lisa-o-monaco-announces-new-civil-cyber-fraud-initiative.
¹¹Available here: https://www.justice.gov/opa/pr/aerojet-rocketdyne-agrees-pay-9-million-resolve-false-claims-act-allegations-cybersecurity.
See more »
DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
© Akin Gump Strauss Hauer & Feld LLP | Attorney Advertising
Refine your interests »
Back to Top
Explore 2023 Readers’ Choice Awards
Copyright © JD Supra, LLC

source

Despite increased emphasis on cybersecurity from authorities and high-profile breaches, critical gaps in vulnerability management within organizations are being overlooked by executive leadership teams, according to Action1. These gaps leave organizations vulnerable to cyber threats.

According to the survey, the time required to combat low cybersecurity awareness among employees has increased over the past year. This worrying trend makes organizations more vulnerable to phishing and other cyber-attacks.
The survey found that 10% of organizations suffered a breach over the past 12 months, with 47% resulting from known security vulnerabilities. Phishing was the most common attack vector reported by 49% of respondents, and 54% of victims had their data encrypted by ransomware.
IT teams ranked the lack of support from the executive team for cybersecurity initiatives as a critical threat to cyber resilience. Many IT teams also face operational issues that leave no time for cybersecurity.
30% of organizations take more than a month to detect known vulnerabilities. 38% of organizations fail to prioritize security flaws, while 40% take over a month to remediate known vulnerabilities (of them, 24% take more than 3 months). On average, 20% of endpoints remain continuously unpatched due to laptop shutdowns or update errors.
“The gaps in the detection and prioritization stages of vulnerability management suggest the actual proportion of unpatched endpoints could be much higher. Organizations must ensure effective communication on all levels to eliminate these gaps, implement automation, and build cyber resilience,” said Alex Vovk, CEO of Action1. “Otherwise, we risk another year of costly breaches.”
The most common root cause of breaches is known vulnerabilities, for which proof-of-concept exploit code is publicly available and is broadly leveraged by attackers. That is why any delays in patching publicly known security flaws put the company at significant risk.
Organizations must ensure that methods and processes across their fleet of remote and in-office endpoints enable them to detect unpatched security vulnerabilities, prioritize them effectively, and remediate them before they are exploited.
Justifying the need for cybersecurity investment to the executive team may be challenging for tech leaders. Compared to other business functions, the return from investing in IT security could be more apparent to executives.
However, the importance of investing in a strong security posture becomes more evident when compared to the damage from data breaches and ransomware attacks. By highlighting savings in terms of improved quality of execution of cybersecurity policies and improved IT productivity through automation, it becomes easier to articulate the value of cybersecurity initiatives to the executive team.
Modern social engineering attacks often use a combination of communication channels such as email, phone calls, SMS, and messengers. With the recent theft of terabytes of data, attackers are increasingly using this information to personalize their messaging and pose as trusted organizations.
In this context, organizations can no longer rely on a passive approach to cybersecurity awareness training. Low cybersecurity awareness among employees is not an option anymore. All employees must not only know how to identify phishing, but also follow the principle of verifying requests before trusting them.
This can be done by using methods other than the initial contact and assuming that any data received may have already been leaked and is now being used for hacking purposes.

source