January 2022

The headaches for security and IT continue after December’s Log4J multiple patches. January security and compliance news include other wide-sweeping vulnerabilities that became known in addition to a vulnerability with McAfee’s security agent. Just a reminder to review the security of your security tools.  

Another top concern to be aware of is that our digital lives, business, and government footprint are prime vectors to carry out nation-state skirmishes and disruptions. Concerns about Russia’s recent activities CISA (Cybersecurity and Infrastructure Security Agency) dropped an alert to review the patches and protection against critical potential threats to ensure the remediation of these exposure points as activities seem to escalate.

It does make you feel that leading up to January the volume of activity was on the rise and that it continued for security and IT teams this month. In fact, research reported by Dark Reading indicates that businesses saw a 50% increase in cyberattack attempts per week for Q4 2021. Some of this is driven by Log4J exposure and subsequent attacks. An interesting point was that education and research incurred the most attacks followed by the category of government and military. 

How if any of this news might change company dynamics. CIOs intend to spend more time and effort on cybersecurity and security management. 51% of CIOs say they are currently focused on security management in their role. They will also increase their involvement by 76% anticipating an increase in their involvement over the next year.  

These challenges are also contributing to issues with employee satisfaction and the ability to retain top cybersecurity talent. There is an increase in vulnerabilities, an increase in cyberattack attempts, and an increase in CIOs security management. Not an ideal situation for the security first responders of organizations.  

It might make sense to alter the cybersecurity model of your organization where your existing security and IT staff can make more of a difference. The day-to-day threat detection and response can be left to an organization that specializes in this as a managed security service. For CIOs or IT managers realizing that security needs additional support, review this guide on evaluating MSSPs to save time. The volume of attack attempts and the increasingly critical vulnerabilities is causing most organizations to have coverage issues as they cannot staff or keep up with all the evolving security news.  

Cybersecurity is about communicating solutions to problems, communicating threats to risks, and mitigations to those threats and risks. This is something TECH LOCK provides in addition to managed security operations at a fixed cost, even as the volume of threats increases.