What we do as cybersecurity defenders is important, but how we do it is just as important. And like any company with a diverse and distributed global workforce, the how is built upon our values, which are the foundation of our culture.

Cyber-attacks have intensified in the last eight months of 2021. The Straits Times reported an increase of ransomware attacks on mid-sized enterprises across healthcare finance across Singapore.

Today more than ever, companies are on high alert for ransomware attacks. Even as companies seek to protect themselves, however, they may not realize how the very nature of ransomware attacks has shifted. We spoke with David Bishop, CISO at Trustwave and Darren Van Booven, Lead Principal Consultant at Trustwave and former CISO of the U.S. House of Representatives, to discuss ransomware preparedness and what organizations might be missing from their cyber resilience strategy.

In July 2021, the Australian Cyber Security Centre (ACSC) released an update to its Essential 8 (the E8). Originally published in 2017 as an evolution of the Australian Signals Directorate’s Strategies to Mitigate Cyber Security Incidents, the E8 has been put forward as a baseline set of strategies that are most effective in making it harder for cyber adversaries to compromise an organisation’s systems.

In today’s digital economy, data is the lifeblood of business. Protecting sensitive data has become more challenging for organizations in recent years.

We are very excited to see Trustwave named as a Top 10 MSSP by Cyber Defense Magazine. This latest recognition is a welcome addition to our growing list of recent analyst and award validation that positions us as a leader in managed security services (MSS) and managed detection and response (MDR).

As we announce Managed Vendor Risk Assessment (MVRA), the importance of cyber risk mitigation has been at the forefront of conversations we’ve been having with our customers. And on the heels of the SolarWinds breach, it hasn’t been far from any IT leader’s mind.

Healthcare is unlike any other industry when it comes to cybersecurity. Criminals are prepared to take full advantage of the vulnerable nature of healthcare, as people are far more likely to comply if the threat relates to their private information and wellbeing. In fact, the end of 2020 saw a 45% increase in cyber attacks on healthcare organizations globally. What’s more, the pressure from legal regulations, including GDPR and HIPAA, is also a big motivation as most companies would struggle to pay the fines should they experience a data breach with subpar defenses in place.

The COVID-19 pandemic dramatically pushed businesses to become more digital at an unprecedented pace and today – more than a year and a half after lockdowns first started – remote work remains the default work arrangement in many industries and countries around the globe. Yet, many businesses have not considered the unique cybersecurity needs of now-remote workers who are connecting to potentially unsecured home networks while accessing company resources from personal devices. This makes it more important than ever for your company to ensure the secure exchange of business information and sensitive data.

For several years now, artificial intelligence (AI) and machine learning (ML) have been all the buzz in the cybersecurity industry. Solutions like Security Orchestration, Automation and Response (SOAR) platforms, as well as other AI and ML-powered technologies, are often portrayed as a cybersecurity savior – able to completely protect organizations from threats and fully automate the cybersecurity function. Though AI and ML are powerful tools, they are not a panacea.

In December of 2020, perhaps the most devastating cybersecurity breach to date took place. It was discovered that a highly sophisticated, advanced persistent threat (APT) infiltrated SolarWinds, a popular network management solution to several federal government agencies.

Today’s manufacturing industry is straddling a line between traditional, legacy operations and modern times. While manufacturing facilities across the nation are more internet-connected than ever, the cybersecurity practices at most have lagged – putting the industry at great risk.

As a high-profile target for breach attempts, banks are all too familiar with having a bullseye on their backs. Over the past ten years, there has been a massive industry shift in the financial services sector from compliance-based cybersecurity to proactive and predictive threat detection and response operations.

The recent Kaseya VSA ransomware attack compromised approximately 60 MSPs and 1,500 of their respective clients’ systems, resulting in more than one million individual lockups.

On the afternoon of Friday, July 2, reports indicated that the REvil ransomware gang was actively targeting managed service providers (MSPs) who use Kaseya Virtual System/Server Administrator (VSA) to manage the networks of other businesses with a zero-day attack.

Most security leaders look at Internal Audit as performing assessments or investigations and looking for deficiencies with a set due date and time. But today, internal audits are a continuous lifecycle. Internal Audit is constantly evaluating controls – even when it's the off-cycle for audits – to ensure controls are properly designed, operating effectively and the right people are in the right roles to perform the control activities.

One of the key themes discussed at the conference was the cloud. Reaching a state of cyber resiliency in the age of the cloud is one the biggest challenges security leaders and organisations across the state-level or enterprise-level face.

The daily work of an Information Security Advisors (ISA) at Trustwave is as diverse as our client base. I recently spoke with two of our leading advisors on the Pacific team to learn more about what they do for our clients.

EDR and XDR are both impactful technologies on their own; combined with MDR, these solutions can take visibility and efficiency to the next level. Security Operations Center (SOC) can require an in-depth understanding of a variety of cybersecurity solutions and how they work together and complement each other.

The COVID-19 pandemic created enormous challenges for businesses worldwide – and cybersecurity challenges were prominent among them.