The first step to cybersecurity compliance lies in creating controls. Nearly every standard or regulation requires you to establish policies, procedures, and protocols. However, the adage holds: “actions speak louder than words.” Ensuring that everyone within the organization complies with policies and procedures can sometimes be a more formidable process than creating them.
Gartner just released their 2018 Magic Quadrant for Security Information and Event Management (SIEM), which we’re once again excited to be part of!
We finally made it to another new year, and that means it’s time to reflect on the learnings from the previous year while also preparing for many new opportunities and challenges ahead. The enterprise tech and security industry didn’t seem to slow in 2018, so there’s no reason we would expect 2019 to be any different. So what will those “hot button” topics be this year?
This article covers the main techniques cybercriminals use at the initial stage of attacks against enterprise networks. There are several dangerous phases of cyberattacks targeting the corporate segment. The first one encountered by businesses boils down to getting initial access into their systems. The malefactor’s goal at this point is to deposit some malicious code onto the system and make sure it can be executed further on.
During the holiday season people logged on to make purchases through online retailers, like no other time of the year. While there was significant growth in many segments of society on a global scale in 2018, we also saw a significant increase in online retail breaches where personally identifiable information was compromised at an alarming rate.
We in the infosec community have made enormous progress towards getting multi-factor authentication the recognition it deserves. All the respected folks in the community have been promoting multi-factor as the best protection against account hijacks.
Over the last few years, technology has transformed our lives and made it easy for businesses to collect and process personal data. These technological advancements have also created the need for new regulations to provide better protection of personal data.
Many organizations have DevOps on their mind going into 2019. This is a global movement. In fact, Puppet and Splunk received responses for their 2018 State of DevOps Report from organizations on every continent except Antarctica. Those organizations varied in their industry, size and level of DevOps maturity, but they were all interested in learning how they could advance their DevOps evolution going forward.
Typically, people think of security threats as outside attacks on an organization. Data security plans tend to focus on securing the perimeter, endpoints, email and data. Though these are certainly critical measures, all organizations should realize the real threat that insiders, or internal employees, pose to operations.
