Each week, we’ll bring you seven of the most compelling cloud- and Salesforce-security-related stories from the last seven days. This week, we have the Nordstrom insider threat, a new bill that promises jail time for security-negligent executives, and more.
A major security fear within companies is the “insider threat” — an employee or contractor who poses a threat to data security by something they’ve done either accidentally or maliciously. For Nordstrom, that insider was a contractor, whose actions exposed the names, Social Security numbers, birthdates, checking account and routing numbers, and salaries of an untold number of employees.
Organizations that take a creative approach to cyber skill development and IT recruiting will be well-positioned over their dangerously shorthanded competitors. Attracting and retaining experienced, certified security experts can be a constant battle — so how do you build a cybersecurity workforce that’s future-proofed?
U.S. Sen. Ron Wyden recently proposed a bill to beef up corporate cybersecurity and oversight of commercial data-sharing partnerships — something he says the C-suite has been lax on for some time. Fines are hefty, matching the GDPR’s formula of four times the company’s annual revenue. If the bill is successful, it would not only place a spotlight on corporate cybersecurity efforts, but could force many executive leaders to pay closer attention to its organization’s policies and initiatives.
Gartner predicts that, by 2020, 75 percent of organizations will experience “visible business disruptions” due to skills gaps — up from under 20 percent in 2016. But as the technology industry fights to close that skills gap through training, recruiting, and employee retention program, it may widen in such niche areas as Salesforce. As the cloud ecosystem booms — IDC has predicted the Salesforce economy alone will create 3.2 million jobs by 2022 — it becomes more important than ever to work to fill gaps in areas like Salesforce development.
More than a year ago, a researcher reported an API flaw to the United States Postal Service — one where a user could log into the API and gain unauthenticated access to email addresses, user IDs and usernames, street addresses, phone numbers and mailing campaign data. This opens USPS users to scamming and targeted phishing — and highlights the growing threat to API security.
The National Institute of Standards and Technology (NIST) recently reversed its stance on organizational password management requirements. It no longer recommends regular “forced” password changes or complexity requirements. Was security pundit Frank Abagnale right when he called passwords the “root of all evil”? And if so, what’s the solution?
More than one-third of all acquiring companies have stumbled upon a cybersecurity issue while integrating the acquired company. So what are the growing potential risks — legal, financial, reputational, and operational – associated with cybersecurity? And how can you practically identify, understand, and mitigate those risks during the M&A due diligence process?