Systems Engineering Cybersecurity Measures

“The first cybersecurity incident I vividly remember is the ILOVEYOU virus back in 2000. It highlighted the nascent, yet significant threat posed by cyberattacks,” says Amit Jaju, Partner and Senior MD - India at expert services and advisory firm Ankura. Since the 'love letter' virus, cyber threats have become more sophisticated, with ransomware attacks, nation-state actors, and advanced persistent threats becoming common, he adds. In Q2 2024, Indian firms faced an average of 3,201 cyberattacks per week, according to Check Point Research data, The Times of India reports. This is a 46% year-on-year growth, with education and research being the most-targeted sector. Even as the world grapples with the mounting crisis, LinkedIn data states that global demand for cybersecurity is cooling down. However, India continues to be a bright spot, with a 2.6% jump in the share of cybersecurity job postings in May 2024 over the previous year. As the need to bolster defences rises, what are the challenges to solve for? “India’s cybersecurity talent faces a gap in practical experience, coupled with the challenge of keeping pace with evolving threats. Bridging this gap requires industry-academia collaborations, and continuous upskilling opportunities,” says Swarnali Singha, co-founder and Chief Business Officer at cyber risk posture management firm ZERON. According to LinkedIn data, approaching hiring in a skills-first manner could expand India’s cybersecurity workforce by 9%. This approach can democratise access to cyber roles, allowing talent from diverse backgrounds to enter the field, says Jaju. However, it's essential to balance skills with ethical considerations, cultural fit, and soft skills, adds Singha. While India has one of the highest concentrations of cybersecurity talent among the 14 countries analysed by LinkedIn, the sector continues to be male-dominated, shows LinkedIn data. In India, women constitute almost 21% of the cybersecurity workforce — a number that has increased by a modest 1.6% over last year. To bridge this gap, Woxsen University Assistant Professor Vaishali Thakur says that we need more scholarships and internships for women. She also suggests running mentorship programmes and promoting flexible work options. A skills-first approach can also lead to a more inclusive workforce and strengthen the talent pool, Thakur adds. What can firms do to attract and retain cybersecurity talent? Tell us in the comments. Source: The Times Of India: https://lnkd.in/gczeTqca The Economic Times:  https://lnkd.in/gGips9pX ✍: Isha Chitnis Data: Akash Kaura (EGRI) Report: https://lnkd.in/geHWHaxg

>> Enhancing Government Security: Apple Indigo & BlackBerry UEM Partnership   In today’s fast-paced digital world, the stakes for securing sensitive information are higher than ever, especially within government agencies. Enter Apple Indigo, a robust security solution with certification-ID by Germany’s Federal Office for Information Security (BSI), designed specifically for Apple iOS devices like iPhones and iPads used in high-security government environments. This solution, coupled with BlackBerry's Unified Endpoint Management (UEM), presents an unprecedented level of security without sacrificing user experience. 🔍  What makes Apple Indigo & BlackBerry UEM so revolutionary? 1️⃣ High Security, Zero Specialized Hardware: Apple Indigo allows organizations to leverage standard Apple devices while meeting strict security demands up to VS-NfD (for official use only). 2️⃣ Streamlined Administration: With BlackBerry UEM’s approach, sensitive data is safeguarded on both corporate and personal devices. Its architecture, requiring only outbound firewall ports, simplifies secure installation. 3️⃣ Seamless Integration: The Apple ecosystem—including Mail, Calendar, and Contacts apps—can be securely used for official communication, eliminating the need for extra hardware or complex setups. 4️⃣ Comprehensive Solutions in One Place: BlackBerry’s expertise in secure mobile solutions, combined with Apple’s devices, offers a one-stop-shop for high-security mobile work requirements. 5️⃣ Expanding Use Cases beyond Apple Indigo: Using BlackBerry’s MDM solution for other brighsite deployments, e.g. SecuSUITE for Samsung Knox    💡 Why This Matters: In an era where data breaches can impact national security, solutions like Apple Indigo & BlackBerry UEM provide organizations with high security, usability, and ease of management.   📢  Ready to learn more? Explore how this innovative solution can empower secure communication in high-stakes environments.   🔗 Indigo Webpage: https://lmy.de/uFFiw   🔗 Nehmen Sie an diesem deutschen Webcast teil, um weitere Einzelheiten zu erfahren: https://lmy.de/uqvQB   ❓ Thought-provoking question: How are you preparing your organization for the growing demands of digital security in today’s unpredictable landscape? #GovernmentSecurity #CyberSecuritySolutions #MobileSecurity #AppleIndigo #BlackBerryUEM

🚨 95% of cyber leaders say we need to up our game in recruiting cybersecurity talent. And it's no wonder: with nearly 4 million unfilled cyber positions globally, the skills gap is a ticking time bomb for businesses. The Cybersecurity Skills Gap: Your Business is at Risk ⚠️ Here's the reality: - 71% of organizations are struggling to fill cybersecurity roles. - 52% of public organizations cite a lack of skills as their biggest challenge in cyber resilience. - Cyber attacks are on the rise, and your business could be the next target. But it's not all doom and gloom. By understanding the problem and taking action, you can protect your organization AND create opportunities: 1️⃣ Rethink Recruitment: It's not just about tech skills. Look for problem-solvers, critical thinkers, and those with a passion for learning. 2️⃣ Invest in Training: Upskill your existing workforce and create pathways for new talent to enter the field. Partner with educational institutions and training programs. 3️⃣ Cultivate a Cybersecurity Culture: Make cybersecurity everyone's responsibility. Raise awareness, promote best practices and reward vigilance. 4️⃣ Partner Up: Collaborate with other organizations, share insights, and pool resources to tackle the skills gap collectively. My Take: The cybersecurity skills gap is a serious threat, but it's also a massive opportunity. By investing in talent and fostering a culture of security, we can not only protect our businesses but also build a more resilient digital future. Let's connect! How is your organization addressing the cybersecurity skills gap? What strategies have worked for you? Let's share our experiences and build a stronger cybersecurity community together. #cybersecurity #skillsgap #talent #recruitment #training #cyberresilience

Phone theft is a big and growing problem.  It used to be about stealing the phone itself – but now it is more about stealing the phone to get access to all the important data (like your bank account, passwords, and more) While visiting the team in Brazil last year I heard from local Googlers that people had been getting really good at grabbing your phone while it’s unlocked, in your hands. The perpetrators move quickly to open the camera app (so your phone won’t lock itself), then go through all your apps resetting passwords, using NFC payments around town and causing mayhem.  After talking to a lot of people during that trip, including local law enforcement, I connected with the team back at home to ask how we could help solve this problem.  Just eight months later, incredibly, the team had built a robust set of proactive security features that can help keep your devices and data more secure: * Theft Detection Lock: Uses signals like accelerometer data to sense if someone has grabbed your phone and tries to run (or drive or bike) away.  * Remote Lock: Lets you lock your phone from any other device using your phone number and a simple security check.  * New authentication requirements in Android 15 for commonly targeted settings, like removing the SIM or disabling Find My Device. After multiple failed auth attempts, your device will lock down. That's pretty cool! We’re committed to creating a more secure experience on Android, and features like this are helping us get there. If you want to learn more, check out this Made by Google podcast episode:  https://lnkd.in/gks5J7py Huge thanks to the team for making this update possible!

Yesterday my daughter made an observation that’s relevant to all mid-market CISOs. While speaking to her on voice call, my father-in-law struggled to switch the WhatsApp call to video to show their dog’s antics. He asked my mother-in-law to help. While on the call, my mother-in-law needed to transfer money via UPI to someone. So they had to cut the call - because my father-in-law needed to step in! My daughter came to me with this question: Two people. Same house. Same everyday things. Yet their skill levels are so different. Now, imagine this inside a company with hundreds or thousands of employees. - Some struggle to identify phishing emails - Some don’t understand the risk of weak passwords - Some click on malicious links without a second thought - Some approve payment requests based on text messages - Some download & install unauthorized software - Some share sensitive information over email without realizing - Some upload company secrets into ChatGPT for projects Yet, many CISOs run just 𝙤𝙣𝙚 𝙤𝙧 𝙩𝙬𝙤 cyber awareness simulations per year & think it’s enough. It’s not. Cyber awareness needs to be continuous, personalized & measurable. A strong cyber awareness program should: 𝟭) 𝗧𝗲𝘀𝘁 𝗲𝗺𝗽𝗹𝗼𝘆𝗲𝗲𝘀 𝘄𝗶𝘁𝗵 𝗿𝗲𝗮𝗹-𝘄𝗼𝗿𝗹𝗱 𝗮𝘁𝘁𝗮𝗰𝗸 𝘀𝗰𝗲𝗻𝗮𝗿𝗶𝗼𝘀 Phishing, smishing, vishing, and deepfake attacks that mimic what attackers actually do. 𝟮) 𝗔𝗱𝗮𝗽𝘁 𝘁𝗿𝗮𝗶𝗻𝗶𝗻𝗴 𝗯𝗮𝘀𝗲𝗱 𝗼𝗻 𝗶𝗻𝗱𝗶𝘃𝗶𝗱𝘂𝗮𝗹 𝘀𝗸𝗶𝗹𝗹 𝗹𝗲𝘃𝗲𝗹𝘀 A finance executive needs different training than a new intern. 𝟯) 𝗢𝗳𝗳𝗲𝗿 𝗲𝗻𝗴𝗮𝗴𝗶𝗻𝗴, 𝗶𝗻𝘁𝗲𝗿𝗮𝗰𝘁𝗶𝘃𝗲 𝘁𝗿𝗮𝗶𝗻𝗶𝗻𝗴 Gamification, role-based training, and bite-sized learning improve retention. 𝟰) 𝗧𝗿𝗮𝗰𝗸 𝗶𝗺𝗽𝗿𝗼𝘃𝗲𝗺𝗲𝗻𝘁𝘀 & 𝗿𝗶𝘀𝗸𝘆 𝗯𝗲𝗵𝗮𝘃𝗶𝗼𝗿 Identify employees who need extra training instead of treating everyone the same. 𝟱) 𝗥𝘂𝗻 𝗰𝗼𝗻𝘁𝗶𝗻𝘂𝗼𝘂𝘀 𝘀𝗶𝗺𝘂𝗹𝗮𝘁𝗶𝗼𝗻𝘀, 𝗻𝗼𝘁 𝗼𝗻𝗲-𝘁𝗶𝗺𝗲 𝗲𝘃𝗲𝗻𝘁𝘀 Cyber threats evolve daily; training should too. 𝟲) 𝗚𝗶𝘃𝗲 𝘁𝗵𝗲 𝗰𝘆𝗯𝗲𝗿 𝗮𝘄𝗮𝗿𝗲𝗻𝗲𝘀𝘀 𝗽𝗼𝘀𝘁𝘂𝗿𝗲 𝗮𝘁 𝘁𝗵𝗲 𝗰𝗹𝗶𝗰𝗸 𝗼𝗳 𝗮 𝗯𝘂𝘁𝘁𝗼𝗻 Department-wise reports of people & the potential learning gaps Awareness is not running a simulation & calling it a day. It's the actions & the next steps: - for improvement - knowing the awareness posture of everyone - for building a culture where employees become security assets If you’re a CISO evaluating solutions that train employees further based on their actual responses, DM me. My team works with a platform designed to make cyber awareness practical, engaging & effective. -- Hi, I’m Rajeev Mamidanna. I help mid-market CISOs strengthen their Cyber Immunity.

Think there's a one-size-fits-all “best” threat modeling tool? Think again. In my latest blog post, I push back against the hype: the “best” threat modeling tool doesn’t exist—only the one that solves your specific problem. I break tools into four practical buckets—from familiar free-form options like whiteboards and Google Docs to code-native tools like pytm, through small-team favorites like Microsoft Threat Modeling Tool or OWASP Threat Dragon, and up to enterprise platforms like IriusRisk. Each has a place—and knowing which fits your team is more valuable than chasing the latest shiny new AI gimmick. Even the simplest drawing tool can work—if you’re thoughtful about what it needs to achieve. The wrong tool can lead to bloated workflows, empty checkboxes, or worse—false security. Avoid wasted time and tool fatigue. Match tooling to your team’s workflow, scale, and needs. Keep threat modeling practical and relevant. What’s your current go-to for threat modeling—and what problem does it actually solve (or fail to)? #ThreatModeling #AppSec #SecurityTools #Engineering #DevSecOps #PragmaticSecurity

Training employees on cybersecurity isn’t just a box to tick—it’s a mindset shift that turns the workforce into the first line of defense, especially as human error remains the most common entry point for digital threats. Cybersecurity training for employees is essential in today’s threat landscape, where phishing, ransomware, and social engineering continue to evolve. Educating staff with real-world examples increases vigilance and improves response time to suspicious activity. Training should be dynamic, incorporating feedback and updated regularly to reflect new risks. Clear communication of security protocols, combined with practical simulations, empowers employees to act confidently. This not only protects company data but also builds a culture of shared responsibility, reducing the likelihood of breaches caused by negligence or lack of awareness. #CyberSecurity #DigitalTransformation #EmployeeTraining #ITSecurity

Is Once or Twice-A-Year Cyber Training Enough? If your answer is "no" or "not sure", you are not alone. In Singapore, human error remains the number one cause of cyber breaches. According to the 2024 Voice of the CISO report by Proofpoint, 67% of Chief Information Security Officers in Singapore identify human error as their greatest cybersecurity risk. And while most companies are making progress, 92% of CISOs say their employees understand their role in cybersecurity, that awareness has not yet translated into lasting behavioural change. Why is this the case? A Lesson from the Past The 2018 SingHealth breach compromised 1.5 million patient records, including those of Prime Minister Lee Hsien Loong. Investigations revealed that it was not only outdated systems and delayed responses that enabled the breach, but staff hesitation and gaps in training also played a critical role. The Committee of Inquiry made it clear: it was not just the technology that failed but also the human element. Why It Still Matters The simulation was conducted as part of Proofpoint's Exercise SG Ready, which involved over 4,500 employees across 14 countries. The results revealed that 17% of participants clicked on phishing links within a two-week period in Singapore, almost double the global average, highlighting the need for continuous, rather than one-time, cyber awareness training. What Could Work Instead Real change happens when learning is continuous and relevant. That means: - Short, focused modules delivered regularly, not all at once - Real-time phishing simulations that teach by doing - Monthly nudges and refreshers to keep awareness active - Make the training content personally relevant to the employees This is how you can build what we call a "human firewall", a workforce that is alert, informed, and ready to respond. Ready to Shift the Mindset? If the idea of turning routine training into something more engaging and lasting resonates with you, there are some interesting approaches worth exploring. I would love to share some ideas with you that could work in your local business context. #alvinsratwork ✦ #ExecutiveDirector ✦ #cybersecurity ✦ #cyberhygiene ✦ #Cyberawareness ✦ #BusinessTechnologist ✦ #Cyberculture

The ability to update software on devices is a valuable tool for protecting critical systems from evolving threats. However, this capability is not without risk. There have been an alarming number of vulnerabilities that were introduced through a malicious software patch or a flaw in the update process. New software update frameworks have been developed to mitigate this risk, but they come with new levels of complexity, and they may not work on segmented network architectures or be suitable for embedded devices. Brian Romansky focuses on TUF (The Update Framework), a software update approach that addresses many common vulnerabilities and consider how it can be applied in a critical infrastructure environment. It is compared against SUIT (Software Update for IoT) and UpKit, two alternative structures that are intended for use on embedded systems. Attack trees are used to compare these models and visually explain the strengths and challenges that may be encountered when they are applied in a network that follows the Purdue or ISA-99/IEC 62443 network architecture. The role of metadata such as an SBOM and vendor test results are also be considered. These concepts are merged to re-cast software updates into the context of an integrated supply-chain and configuration management system.

A new paper is sounding an alarm about a shortage of cybersecurity educators, saying the gap is a pinch point in addressing cybersecurity workforce demands. The need for educators is particularly sharp given a workforce gap of over 500,000 computer and information technology professionals in the U.S., according to the paper. Worldwide the need is many times higher. Mike Morris, associate dean of cybersecurity programs, and Jason Hammon, lead academic program manager, at Western Governors University collaborated with doctoral candidates at Marymount University on “Help Wanted: Cybersecurity Educators.” The paper was produced for the Cybersecurity Educators Workforce Gap Project Team, which is overseen by the NICE Community Coordinating Council. The council works with the public and private sectors to develop concepts, design strategies, and pursue actions that advance cybersecurity education, training, and workforce development. NICE is the National Initiative for Cybersecurity Education and is led by the National Institutes of Standards and Technology (NIST) within the U.S. Department of Commerce. To assess the situation, the research team surveyed schools with National Centers of Academic Excellence status as recognized by the National Security Agency and the Department of Homeland Security. The team says factors that make the #cybersecurity educator gap unique include high paying industry jobs, a competitive job market, and internal budget constraints at institutions of higher education. “The schools recognize that the [hiring] demand is high, the supply is low, and there are funding limits to bridge the gap,” making it difficult to fill vacant position with qualified educators, the team found. “Institutions would do well to reassess qualifications, budgets, and curriculum to attract candidates.” Among their recommendations: • Investment and coordination between institutions of higher education, Centers of Academic Excellence and government initiatives is needed to address the talent pipeline. • Strategies must address the pay gap and rising workloads on faculty and staff. • Institutional leaders should develop appropriate faculty hiring and targets, improve retention efforts, and consider offering more teaching faculty positions. Great work, Mike and Jason! Read the paper at the link below. #cybersecurity #highereducation National Institute of Standards and Technology (NIST)