Gilbert Verdian

ESAs Publish Second Set of Rules for DORA Compliance Clarifying Third-party Risk and Reporting Requirements BCI has published an excellent distillation of the most recent DORA clarifications in ESAs publishes second sets of rules for the application of the Digital Operational Resilience Act (DORA) These rules further clarify requirements for ICT risk management, incident reporting, and digital operational resilience testing – with particular emphasis on third party software and supplier risks. As the January 2025 compliance deadline approaches, it is essential for financial firms to integrate these guidelines into their operational frameworks to ensure resilience and regulatory alignment. For more detailed info, see the article below and to learn how to best manage third party bug risk, visit www.findbugzero.com. #DORA #OperationalResilience #RiskManagement #Compliance #ICT #BugZero

3

An *outstanding* report by the IOCTA. Helping protect our day-to-day routine. The Internet Organised Crime Threat Assessment (IOCTA) this year's report highlights relevant trends in crime areas such as cyber-attacks, child sexual exploitation, and online and payment fraud schemes. Recent law enforcement operations have prompted ransomware groups to splinter and rebrand under different guises. Furthermore, continuous takedowns of forums and marketplaces on the dark web have shortened the lifecycle of criminal sites. This instability, combined with the surge of existing scams, has contributed to the fragmentation and multiplication of cyber threats. Thank you @Catherine De Bolle and the team #Europol #Cybercrime #ransomware #darkweb https://lnkd.in/gxAVYepj

6

Drawing upon a comprehensive survey of almost 400 corporate DFIR professionals, the fourth annual State of Enterprise #DFIR report examines the evolving contributions and experiences of DFIR professionals within corporate environments. Get it today: https://ow.ly/ENaK50RkeWH

16

Follow the DVMS Institute for exciting announcements on "HOW" organizations of any Size, Scale, or Complexity can Operationalize a NIST Cybersecurity Framework Digital Value Management System™ capable of delivering the Trusted, Resilient, and Auditable digital outcomes government auditors expect

16

New report on Cyber Risk Maturity reveals Geopolitical Risk is expected to be the top concern this year. Full Report: https://lnkd.in/gK_BbB8A Bravo all to @Risk.Net including Alastair Grigg for their great work on #CyberSecurity

1

According to Liminal, #phishing is the most significant ATO threat vector, accounting for 26.7% of all #accounttakeovers and standing as the most common method attackers use to access user accounts. Their 2024 guide on Account Takeover Prevention in Banking highlights the importance of innovative technologies in preventing unauthorized access. Learn how Keyless distinguishes itself by reading our recent blog 👉 https://lnkd.in/dftV9vjd #atofraud #atoprevention #fraudprevention #biometricauthentication

9

Join us on Wednesday, May 29th at 8:30 AM to discover how CERT Ukraine and CISA work together to combat cyber threats! Limited tickets available - act fast! Link in bio for more details and to get tickets. #CERTUkraine #CISA #CyberDefense #Collaboration #CyberSecurity.

8

Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile is in the public comment phase. If you have an interest in cyber IR and you haven't read rev. 3, it's well worth a look. https://lnkd.in/g8bQ_5Bp #dfir #nist Nearshore Cyber

9

Regulations, Frameworks, Best Practices, so it goes on. We've seen Emergency Directives, Executive Orders and still, by far the weakest link is a fundamental lacking of basic security discipline,managment, and seemingly knowledge. AI WILL NOT SOLVE THIS PROBLEM, IT WILL SIMPLY COMPOUND AND EXACERBATE THE EXPOSED AND INSECURE DIGITAL WORLD. Whilst we see a global spend of around $300 billion annually on cyber security, we witness that in costs and losses to cybercrime weekly. Think about that for a moment then read 'Best Practice.' One day soon we will look back and say, Do you remember when cyber crime was only a $trillion a month? Now look at the situation...That day is not too far away and the $300 billion spend currently is largely wasted. Sure the Agencies want you to be informed, made aware, even warned, but only just enough so. It provides a level of Plausible Deniability. How good is a Doctor who incorrectly prescribes a medicine to a condition caused by the medicine their patient ingests... The Agencies and Governments DO NOT WANT the world to know that the Digital Advantages they saught and continually seek, due to their own security failings, have become the Blueprint for Cybercrime. That would place a whole load of liabilities on their doorstep. So the choreographed dance continues along with Digital Whack-a-Mole and Insecurity Entrapment. Be warned, the Music is slowing down and in true Titanic fashion, there is a distinct shortage of seats... AI like most technology is being better utilized and deployed by criminals to disrupt, cause chaos, and for crime. Jen Easterly, Chris Wray, Paul Nakasone and many others keep warning us of the China crisis and Russian cyberwars, but do little to truly arm and protect by a lack of openess and honesty. That's spying for you I guess... The mindest remains Data Capture and Data Control. Security is barely on the agenda. Ask CISA how their Emergency Directive M-19-01 on DNS Tampering and Abuse is going 5 years on. Or I can simply tell you, not one Federal Agency has secure DNS records and servers. Facts can be stubborn things. Best Practice, Frameworks, and impotent Regulations DO NOT get the job done. Time is running out for us to have anything left that is not controlled, or owned by adversaries including Critical Infrastructure, Hospitals, Universities, Law Enforcement, and Governments. Immaterial of any religion you may or may not have, a greater power looking down would mark the last several decades and overall security capability with a rather large red capital F... #WhitethornShield Federal Bureau of Investigation (FBI) FBI Cyber Division The White House White House Presidential Innovation Fellows United States Air Force National Security Agency United States Attorneys'​ Offices U.S. Department of Justice #InternetSecurity #DNS #PKI CISA Alumni Group

30

14 Comments

New report on Top Operational Risks reveals Information Security is the number 1 Operational Risk in 2024. Full Report: https://lnkd.in/gK_BbB8A Bravo all to @Risk.net including David Spollen for their great work on #CyberSecurity

2

New Report on Operational Resilience reveals 18% in Europe believe their regulators have provided enough support to help implement operational resilience in their firms. Full Report = https://lnkd.in/gDerfH5p     Bravo all to The BCI including Rachael Elliott for their great work on #CyberSecurity

1

Struggling to understand the NIST CSF 2.0 framework? Download your copy of this guide to access an in-depth mapping of BeyondTrust solutions to the categories and sub-categories outlined in the NIST CSF 2.0 guidance, the CSF Reference Tool, and more! In this comprehensive free guide, you'll learn: 💡 The true impact of NIST CSF 2.0 across the cybersecurity landscape 💡 A breakdown of what's new and what’s changed in version 2.0 💡 How to increase your alignment to the framework Download now and strengthen your security posture. https://lnkd.in/ePzrrtCQ #NIST #NISTFramework #Compliance #Cybersecurity #BeyondTrust

4