The pandemic-driven remote working brought about unforeseen challenges that the pre-pandemic corporate world would have never imagined. From transitioning to a work-from-home as a ‘perk’ to a ‘necessity’, the organizations had to realign their operatio…
Tag: Top Stories
Security Bloggers, Vulnerabilities
How Vulnerability Management Has Evolved And Where It’s Headed Next
by Lisa Xu •
The blocking and tackling work of scan management is becoming a commodity, writes Lisa Xu, the CEO of NopSec in this Expert Insight. What organizations need now is complete visibility of their IT infrastructure and business applications.
The post How …
Europe, Global Security News, North America
Fireside chat: The inevitable replacement of VPNs by ‘ZTNA’ — zero trust network access
by bacohido •
Virtual Private Networks – VPNs – remain widely used in enterprise settings. Don’t expect them to disappear anytime soon.
This is so, despite the fact that the fundamental design of a VPN runs diametrically opposed to zero trust security principles.… …
Europe, Global Security News, North America
GUEST ESSAY: The many benefits of infusing application security during software ‘runtime’
by bacohido •
Vulnerabilities in web applications are the leading cause of high-profile breaches.
Related: Log4J’s big lesson
Log4j, a widely publicized zero day vulnerability, was first identified in late 2021, yet security teams are still racing to patch and prot…
Europe, Global Security News, North America
Q&A: The lesser role VPNs now play for enterprises, SMBs — in a post-pandemic world
by bacohido •
During the first two decades of this century, virtual private networks —VPNs—served as a cornerstone of network security.
Related: Deploying human sensors
VPNs encrypt data streams and protect endpoints from unauthorized access, essentially by requirin…
Europe, Global Security News, North America
GUEST ESSAY: Threat hunters adapt personas, leverage AI to gather intel in the Dark Web
by bacohido •
The Deep & Dark Web is a mystery to most in the mainstream today: many have heard about it, but few understand just a fraction of what’s going on there.
Related: ‘IABs’ spread ransomware
Planning your roadmap, executing your projects, … (more…)
Th…
Europe, Global Security News, North America
RSAC insights: How IABs — initial access brokers — help sustain, accelerate the ransomware plague
by bacohido •
Specialization continues to advance apace in the cybercriminal ecosystem.
Related: How cybercriminals leverage digital transformation
Initial access brokers, or IABs, are the latest specialists on the scene. IABs flashed to prominence on the heels of g…
Security Bloggers
Episode 239: Power shifts from Russia to China in the Cyber Underground
by Paul Roberts •
Naomi Yusupov, a Chinese Intelligence Analyst at the threat intelligence firm CyberSixGill talks to host Paul Roberts about that company’s new report: The Bear and the Dragon: Analyzing the Russian and Chinese Cybercriminal Communities.
The post Epis…
Security Bloggers, Vulnerabilities
Identity Fraud: The New Corporate Battleground
by John Buzzard •
The pandemic accelerated the migration to digital services, with millions of U.S. consumers turning to the internet for everything from medical care to shopping and banking. But as consumers increasingly move their transactions online, criminals enjoy …
Europe, Global Security News, North America
GUEST ESSAY: The Top 5 online privacy and data security threats faced by the elderly
by bacohido •
What is it about the elderly that makes them such attractive targets for cybercriminals? A variety of factors play a role.
Related: The coming of bio-digital twins
Unlike many younger users online, they may have accumulated savings over their lives … (…
Europe, Global Security News, North America
GUEST ESSAY – The role of automation in keeping software from malicious, unintended usage
by bacohido •
Writing a code can be compared to writing a letter.
Related: Political apps promote division
When we write a letter, we write it in the language we speak — and the one that the recipient understands. When writing a code, … (more…)
The post GUEST ESSAY…
Europe, Global Security News, North America
RSAC insights: ‘CAASM’ tools and practices get into the nitty gritty of closing network security gaps
by bacohido •
Reducing the attack surface of a company’s network should, by now, be a top priority for all organizations.
Related: Why security teams ought to embrace complexity
As RSA Conference 2022 gets underway today in San Francisco, advanced systems to help … …
Europe, Global Security News, North America
RSAC insights: Security platforms arise to help companies discover, assess and mitigate cyber risks
by bacohido •
Pity the poor CISO at any enterprise you care to name.
Related: The rise of ‘XDR’
As their organizations migrate deeper into an intensively interconnected digital ecosystem, CISOs must deal with cyber attacks raining down on all fronts. Many are … (mor…
Europe, Global Security News, North America
RSAC insights: How ‘TPRM’ can help shrink security skills gap — while protecting supply chains
by bacohido •
Third-Party Risk Management (TPRM) has been around since the mid-1990s – and has become something of an auditing nightmare.
Related: A call to share risk assessments
Big banks and insurance companies instilled the practice of requesting their third-par…
Europe, Global Security News, North America
RSAC insights: ‘SaaS security posture management’ — SSPM — has emerged as a networking must-have
by bacohido •
Companies have come to depend on Software as a Service – SaaS — like never before.
Related: Managed security services catch on
From Office 365 to Zoom to Salesforce.com, cloud-hosted software applications have come to make up the nerve center … (more…)…
Europe, Global Security News, North America
RSAC insights: Why vulnerability management absolutely must shift to a risk-assessment approach
by bacohido •
Vulnerability management, or VM, has long been an essential, if decidedly mundane, component of network security.
Related: Log4J’s long-run risks
That’s changing — dramatically. Advanced VM tools and practices are rapidly emerging to help companies mit…
Europe, Global Security News, North America
GUEST ESSAY: A Memorial Day call to upskill more veterans for in-demand cybersecurity roles
by bacohido •
It’s no secret that cybersecurity roles are in high demand. Today there are more than 500,000 open cybersecurity roles in the U.S., leaving organizations vulnerable to cyber threats.
Related: Deploying employees as threat sensors
Meanwhile, 200,000 wel…
Europe, Global Security News, North America
GUEST ESSAY: Why organizations need to prepare for cyber attacks fueled by quantum computers
by bacohido •
In today’s times, we are more aware of cyberattacks as these have become front-page news. We most recently witnessed this as Russia invaded Ukraine. Cyberattacks were used as the first salvo before any bullet or missile was fired.
Related: The … (more……
Europe, Global Security News, North America
GUEST ESSAY: Deploying ‘XDR’ can help companies avoid the security ‘vendor-silo’ trap
by bacohido •
According to recent data from Oracle and KPMG, organizations today employ over 100 cybersecurity products to secure their environments. These products play essential roles in detecting and preventing threats.
Related: Taking a ‘risk-base’ approach to s…
Europe, Global Security News, North America
MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward
by bacohido •
Modern digital systems simply could not exist without trusted operations, processes and connections. They require integrity, authentication, trusted identity and encryption.
Related: Leveraging PKI to advance electronic signatures
It used to be that tr…
Europe, Global Security News, North America
GUEST ESSAY: Here’s why managed security services — MSS and MSSP — are catching on
by bacohido •
The unification revolution of cybersecurity solutions has started – and managed security service providers are leading the way. Managed security services (MSS) refer to a service model that enable the monitoring and managing of security technologies, s…
Europe, Global Security News, North America
GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them
by bacohido •
You very likely will interact with a content management system (CMS) multiple times today.
Related: How ‘business logic’ hackers steal from companies
For instance, the The Last Watchdog article you are reading uses a CMS to store posts, display them … …
Europe, Global Security News, North America
MY TAKE: How ‘CAASM’ can help security teams embrace complexity – instead of trying to tame it
by bacohido •
The shift to software-defined everything and reliance on IT infrastructure scattered across the Internet has boosted corporate productivity rather spectacularly.
Related: Stopping attack surface expansion
And yet, the modern attack surface continues to…
Security Bloggers
Understanding the Economic Impact of Credential Stuffing Attacks
by Anastasios Arampatzis •
Credential stuffing attacks rose by 49% in 2020, according to one report. In this Expert Insight piece, Anastasios Arampatzis talks about simple steps companies can take to stop these attacks.
The post Understanding the Economic Impact of Credential S…
Europe, Global Security News, North America
GUEST ESSAY: Rising global tensions put us a few lines of code away from a significant cyber event
by bacohido •
Reflecting on the threats and targets that we are most concerned with given the Russia-Ukraine war, cybersecurity is now the front line of our country’s wellbeing. Cyber threats endanger businesses and individuals — they can affect supply chains, cause…
Europe, Global Security News, North America
GUEST ESSAY: Best practices checklists each individual computer user still needs to follow
by bacohido •
In the days of non-stop attacks on personal and work devices, the common day consumer wouldn’t know where to begin in order to protect their devices.
Related: Apple’s privacy stance questioned
The rise of attacks is unavoidable and with the … (more…)
…
Europe, Global Security News, North America
GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks
by bacohido •
Ransomware? I think you may have heard of it, isn’t the news full of it? Well, the stats are even scarier with over 50% increase in ransomware attacks in 2021, compared to 2020.
Related: Make it costly for cybercriminals
The … (more…)
The post GUEST E…
Security Bloggers, Vulnerabilities
Feel Good Ukraine Tractor Story Highlights Ag Cyber Risk
by Paul Roberts •
The good news? John Deere bricked expensive farm equipment taken by thieving Russian troops. The bad news: those same remote access features could be used to launch crippling, large scale attacks on US farms.
The post Feel Good Ukraine Tractor Story H…
Europe, Global Security News, North America
GUEST ESSAY: A primer on Biden’s moves to protect U.S. water facilities from cyber attacks
by bacohido •
Potable water and wastewater management is a top priority for cybersecurity professionals and the Biden administration alike. With new regulations and funding, companies must find the best way to implement and manage cybersecurity to protect these syst…
Europe, Global Security News, North America
GUEST ESSAY: Why automating distribution of strong passwords to employees is wise to do
by bacohido •
Passwords have become ubiquitous with digital. Yet most people don’t know how to use them properly. The humble password is nothing more than a digital key that opens a door.
Related: The coming of passwordless access
People use keys to … (more…)
The p…
Europe, Global Security News, North America
GUEST ESSAY: A call to blur the lines between cybersecurity training, up-skilling and higher ed
by bacohido •
In a recent survey of US-based CEOs, talent shortages and cybersecurity were listed as two of the top five business concerns in 2022.
Related: Cultivating ‘human sensors’
They may not entirely realize that when compounded, these two concerns could pose…
Europe, Global Security News, North America
GUEST ESSAY: The wisdom of taking a risk-based approach to security compliance
by bacohido •
Today, all organizations are required or encouraged to meet certain standards and regulations to protect their data against cybersecurity threats. The regulations vary across countries and industries, but they are designed to protect customers from the…
Security Bloggers
Episode 237: Jacked on the Beanstalk – DeFi’s Security Debt Runs Wide, Deep
by Paul Roberts •
The hack of Beanstalk is just the latest major compromise of a decentralized finance (DeFi) platform. In this podcast, Jennifer Fernick of NCC Group joins me to talk about why DeFi’s security woes are much bigger than Beanstalk.
The post Episode 237: …
Europe, Global Security News, North America
SHARED INTEL: How Russia’s war mongering compromises those holding security clearances
by bacohido •
While global commerce is an important aspect of the world economy, individuals who hold national security clearances need to be aware that some of the activities they engage in could pose a security risk and may negatively impact their security … (more…
Europe, Global Security News, North America
GUEST ESSAY: Defending ransomware boils down to this: make it very costly for cybercriminals
by bacohido •
From financial institutions to meat producers, it seems every industry has been impacted by ransomware in the past year — maybe even the past week. The world’s largest enterprises to the smallest mom-and-pop shops have been devastated by cybercriminals…
Europe, Global Security News, North America
GUEST ESSAY: Here’s why ‘purple team’ mock attacks trumps traditional ‘red team’ assaults
by bacohido •
Purple teaming is a way to use red teaming to understand and improve your defensive posture. Militaries improve operations through wargames. In the 1820s, the Prussian military labeled the two teams for this as “red” and “blue,” with red traditionally …
Europe, Global Security News, North America
GUEST ESSAY: NewsCorp hack shows cyber espionage, squelching of press freedom on the rise
by bacohido •
As the dust settles following the recently disclosed hack of NewsCorp, important lessons are emerging for the cybersecurity and journalism communities.
Related: How China challenged Google in Operation Aurora
The Chinese government is well known for it…
Europe, Global Security News, North America
GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs
by bacohido •
APIs have become a security nightmare for SMBs and enterprises alike.
Hackers don’t discriminate based on the number of employees or the size of the IT budget. The same types of security risks impact businesses, whatever their size.
Related: Using … (m…
Europe, Global Security News, North America
MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks
by bacohido •
Log4j is the latest, greatest vulnerability to demonstrate just how tenuous the security of modern networks has become.
Related: The exposures created by API profileration
Log4j, aka Log4Shell, blasted a surgical light on the multiplying tiers of attac…
Europe, Global Security News, North America
GUEST ESSAY: Embracing ‘Zero Trust’ can help cloud-native organizations operate securely
by bacohido •
Some 96 percent of organizations — according to the recently released 2021 Cloud Native Survey — are either using or evaluating Kubernetes in their production environment, demonstrating that enthusiasm for cloud native technologies has, in the words of…