Schools and colleges were the worst hit by cyberattacks during the global health crisis in 2020. According to a report by GCN, ransomware attacks alone affected over 1,680 schools, colleges, and universities in the US. Such attacks also targeted 44% of educational institutions across the world. Schools worldwide are back to normal sessions and for many learners, that means spending hours online studying, doing homework, and submitting assignments.

When we think of “authentication” for our applications, most of us think of user registration, a login form, and resetting passwords. Our concerns begin and end there. But as we dive deeper and our security and compliance requirements change over time, we have to consider new password hashing algorithms, blocking bots, multi-factor authentication, and external identity providers. What started as a clear, concise set of requirements became an ever-growing list.

Internal Reconnaissance, step one of the Cyber Kill Chain, is the process of collecting internal information about a target network to identify vulnerabilities that can potentially be exploited. Threat actors use the information gained from this activity to decide the most effective way to compromise the target network. Vulnerable services can be exploited by threat actors and potentially lead to a network breach. A network breach puts the company in the hands of cybercriminals.

Cyberthreats don't affect only large enterprises and governments – they can also affect small businesses. According to research, nearly half of small businesses have experienced a cyberattack, and 69% are concerned about future attacks. Small businesses should be aware of cyber security statistics and take tangible steps to protect their businesses against cyberattacks.

USM Anywhere is the ideal solution for small and mid-sized businesses that need multiple high-quality security tools in a single, unified package. There’s no reason large, global enterprises should have a monopoly on top cybersecurity technology. Solutions like USM Anywhere give smaller organizations access to security tools that are both effective and affordable.

Stop, look, listen; lock, stock, and barrel; "Friends, Romans, Countrymen..." The 3 Little Pigs; Art has 3 primary colors; photography has the rule of thirds; the bands Rush and The Police; the movie The 3 Amigos. On and on it goes - "Omne trium perfectum" – “Everything that comes in threes is perfect.” While this article doesn’t provide perfection, we’ll focus on the top three API vulnerabilities (according to OWASP).

AT&T Business’ most recently #BizTalks Twitter Chat—What’s New in Cybersecurity—Insights, Threat Trends, & RSA Learnings—explored many emerging concepts in the cybersecurity industry. Head to the @ATTBusiness Twitter page—go.att.com/twchat—to see the full chat and learn more. It was an interesting conversation with diverse opinions. Here are some of the highlights.

If you don’t think API security is that important, think again. Last year, 91% of organizations had an API security incident. The proliferation of SOAP and REST APIs makes it easy for organizations to tailor their application ecosystems. But, APIs also hold the keys to all of a company’s data. And as data-centric projects become more in demand, it increases the likelihood of a target API attack campaign.

It’s well known that there’s a pervasive cybersecurity skills shortage. The problem has multiple ramifications. Current cybersecurity teams often deal with consistently heavy workloads and don’t have time to deal with all issues appropriately. The skills shortage also means people who need cybersecurity talent may find it takes much longer than expected to find qualified candidates. Most people agree there’s no single way to address the issue and no fast fix.

In the previous article, we covered the release process and how to secure the parts and components of the process. The deploy and operate processes are where developers, IT, and security meet in a coordinated handoff for sending an application into production.

While there is an alphabet soup of compliance requirements and security standards frameworks, this post will focus on the two prevalent certifications frequently discussed for SaaS and B2B businesses. Security and compliance qualifications, like SOC 2 and ISO 27001, demonstrate that you apply good practices in your business. They are often classified as "security" and thought of as the technical security of your systems.

If your organization is having trouble creating policies, I hope that this blog post will help you set a clear path. We’ll discuss setting up your organization up for success by ensuring that you do not treat your policies as a “do once and forget” project. Many organizations I have worked with have done that, but later realized good policy lifecycle is required, and a pillar of good governance.

The partnership between these two market-leading vendors enables MSSPs around the world to fast-track cutting-edge MXDR services. AT&T, the leader in network and managed security services, and SentinelOne, the leader in next generation, autonomous endpoint protection, today announced a strategic alliance to help prevent cybercrime.

Since my previous blog CMMC Readiness was published in September 2021, the Department of Defense (DoD) has made modifications to the program structure and requirements of the Cybersecurity Maturity Model Certification (CMMC) interim rule first published in September 2020. CMMC 2.0 was officially introduced in November 2021 with the goal of streamlining and improving CMMC implementation.

“Ransomware has become the enemy of the day; the threat that was first feared on Pennsylvania Avenue and subsequently detested on Wall Street is now the topic of conversation on Main Street.” Frank Dickson, Program Vice President, Cybersecurity Products at IDC.