The US Government recently announced that state-sponsored Chinese cyber group Volt Typhoon has compromised multiple critical infrastructure organisations’ IT networks in the US and is preparing “disruptive or destructive cyber attacks” against communications, energy, transport, water and waste water systems.

‍ Over the past few decades, cyber attackers have increasingly wreaked havoc on the market, taking advantage of newer, more sophisticated ways to exploit system vulnerabilities. However, in fear of losing competitive advantages, organizations had notoriously downplayed the impact of these attacks, misleading investors and resulting in stock prices that did not accurately represent the risk landscape. ‍

Over the past month, we’ve rolled out several new capabilities, including: ‍ ‍ ‍

Cyber threats against critical infrastructure – such as energy and transportation networks – remain pervasive as ever, with 2023 witnessing an astounding 420 million such attacks in total. That’s the bad news. The good news is that critical infrastructure is set to become more secure, at least in the European Union, thanks to the NIS 2 Directive (also known as E.U. Directive 2022/2055).

Incorporating remote work among companies has been one of the developments in recent years. In fact, a staggering 98% of employees express their desire to have this kind of dynamic in their jobs. The shift is here to stay as more and more organizations are adopting it as part of their work culture because of its many advantages. This integration is essential as employers move forward with their business continuity plans.

January 2020 is when the Department of Defense (DoD) released the Cyber Maturity Model Certification (CMMC) framework, aimed at evaluating and strengthening the cybersecurity readiness of the Defense Industrial Base (DIB). As per the DoD’s directive, all prime contractors and subcontractors within the supply chain must undergo auditing and certification under the CMMC framework.

Big businesses carving out their place in the digital age find themselves in a constant battle against cybersecurity threats. Despite their access to state-of-the-art technology and substantial financial resources, these commercial giants are not impervious to attacks. The complexity of their networks and the voluminous data they handle magnify their attractiveness as targets for cybercriminals.

Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team, or two great tastes that go great together. As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reese’s cup, a recent gap analysis that I was part of reminded me that too often, the peanut butter and chocolate sit alone on their own separate shelves.

Here at Ignyte, we talk a lot about the most common and popular security certifications and frameworks for cloud service providers and others, FedRAMP, CMMC, and their associated NIST publications. These are very important, but they’re far from everything that can be relevant to a CSP or to businesses looking to maintain their security credentials. Most CSPs have to deal with basic PII, CUI, and other forms of protected information that may be treated broadly the same.

The ever-evolving cybersecurity threat landscape make the competent authorities adapt to reality by establishing new security regulations and laws. According to Forbes Advisor in 2023, there were more than 2K cyberattacks with more than 340 million victims all around the world, which made a significant increase of 72 % in data breaches since 2021.