Mimic: The ransomware exploiting Windows search
Discover an emerging ransomware family that’s using a legitimate Windows search tool to locate victims’ files before encrypting them.
Read MoreAt Black Hat MEA 2022, Shobha Jagathpal (India CISO at Morgan Stanley) spoke about the lifecycle of an application – and its risk journey.
One point that really stood out to us is that in order to embed security into every stage of application development, or to encourage the effective adoption of modern security processes within existing applications and businesses, engagement is crucial.
And by engagement, we mean the engagement of entire teams – every department, every division, every profession – with security work.
“As security professionals,” Jagathpal said, “we’ve got to drive a mindset and a culture wherein security is no longer an afterthought.”
And to do that, you’ve got to help everyone care about cybersecurity.
Jagathpal shared several ideas for getting your whole team involved. They’re not the standard employee awareness strategies – and we think they’re worth considering if you want to build a truly proactive, security-focused culture.
“Overall, we need to make it easy for the application developers to search and consume and share and walk with us in an integrated fashion,” Jagathpal added.
Driving meaningful, proactive engagement like this will help application developers and their security teams meet the demands of business growth, but with security embedded firmly into company culture and app development.
It’ll help security teams gain the confidence and trust of their peers.
And overall, it will help to create a security culture that will drive future resilience – because everyone’s interested in security, everyone understands how they can contribute, and everyone feels involved and responsible for securing every aspect of the business.
“The security team is required to manage risk .They’ve got to be cogniscient to understand where the risk is; what are the things that are bringing down the risk; and then put in measures to help them manage it.”
But security teams are often perceived by others as “offering non-functioning requirements; barriers to speed; [demanding] additional efforts to meet security needs.”
If everyone’s involved in security, those perceptions will change. And when those perceptions change, security teams will be better able to do their job and manage risk effectively – because everyone will be willing and able to help.
Join the newsletter to receive the latest updates in your inbox.
Discover an emerging ransomware family that’s using a legitimate Windows search tool to locate victims’ files before encrypting them.
Read MoreWhat are non-human identities (NHIs) and why are they driving a paradigm shift in identity security?
Read MoreNew research shows that a growing number of organisations view cybersecurity as a strategic priority.
Read More