Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

February 2021

What is Social Engineering?

The phrase “social engineering” sounds innocuous — but, this approach to hacking threatens organizations of all sizes. Social engineering may be an unfamiliar term, but the attacks that fall under this category are well-known. For instance, phishing attacks and ransomware attacks have seen massive increases in the last year. By some estimates, ransomware is up 700% and phishing campaigns are up over 200%.

A Guide to VPN Security

Many people are familiar with VPNs in the context of trying to stream TV shows for free. A VPN can make it seem like you’re in a different country by displaying an IP address in Europe or the US, for instance. Appearing to be in New York while traveling in the Netherlands gives you access to sites like Netflix, Hulu, and HBO Max — but the advantages of VPN security go beyond streaming the latest TV shows.

5 Identity and Access Management Best Practices

Stolen credentials are among the biggest threats to data security across industries, accounting for around 90% of data breaches. The identity and access management market — consisting of expertise, identity access management tools, and software, and training — is predicted to grow from about $10 billion in 2019 to over $22 billion by 2024. Here’s what you need to know about this increasingly important aspect of data security.

Nightfall simplifies data security & HIPAA compliance for SimpleHealth

SimpleHealth takes their company name to heart. They are a reproductive tele-health company, focused on building thoughtful and impactful services that enable patients to own their reproductive health journey. Today, the core vertical is an online birth control prescription and free home delivery service.

The 2021 Security Playbook for Remote-first Organizations

The sudden shift to remote work in 2020 exposed companies to a variety of new security challenges. Start off 2021 right by reviewing the seven most crucial areas of security for emerging remote-first organizations. Continue reading below or feel free to download a copy of this playbook. We’ll also include our free Post-COVID Security Checklist as a reference you can keep in your back pocket.

ICYM: 4 SaaS Security Lessons to Keep Top of Mind in 2021

At the end of 2020, we hosted a webinar alongside Sisense’s Chief Security & Trust Officer, Ty Sbano titled Securing Best of Breed SaaS applications in 2021. The discussion focused on reviewing the most important security trends of last year and how that should inform security programs this year. As 2021 continues to progress, these are the 4 trends and lessons we think are worth keeping in mind.

CISO Insider S1E6 - CISO Insider Season 1 recap

At Nightfall, we believe in the power of learning from those who have done it before. That’s why we created CISO Insider — a podcast interview series that features CISOs and security executives with a broad set of backgrounds, from hyper-growth startups to established enterprises. Through these interviews, we’ll learn how industry experts overcame obstacles, navigated their infosec careers, and created an impact in their organizations.

Featured Post

5 Tips for Building a Culture of Security Among Remote Employees

In one of our previous posts, we highlighted the importance that making security a part of your organizational culture played in keeping your remote workforce secure during the COVID-19 pandemic. But what does that entail? In this post, we're going to flesh out key steps that security teams and their leadership should take in order to make a strong culture of security a reality within their organizations.

Business Continuity: How to Plan for the Worst

If the last year has taught us anything, “hope for the best and plan for the worst” should be the new mantra of business owners and IT professionals. No one could have predicted the global pandemic that wreaked havoc on industries and businesses around the world; yet, those companies with a business continuity plan were far better off than those without one.

CISO Insider S1E5 - "There's no one way to be a CISO" with Ross Young

At Nightfall, we believe in the power of learning from those who have done it before. That’s why we created CISO Insider — a podcast interview series that features CISOs and security executives with a broad set of backgrounds, from hyper-growth startups to established enterprises. Through these interviews, we’ll learn how industry experts overcame obstacles, navigated their infosec careers, and created an impact in their organizations.

Cloud DLP and Regulatory Compliance: 3 Things You Must Know

It’s well-established that a data breach is an extremely costly event. By some estimates, a data leak can cost a small to medium-sized business more than $7.68 million per incident. Compliance regimes may seem burdensome, but the goal of these policies is to prevent a devastating data breach that can bankrupt a business and cause myriad problems for consumers.

Looking ahead to infosec's biggest challenges in 2021

The Nightfall blog is a resource for information security professionals to learn more about the challenges we face in the industry. Every week, Nightfall publishes news and insights from the world of cloud security to help you stay current with the cybersecurity world and better prepare for threats before they become serious problems. In January, we hosted two additional infosec leaders on the CISO Insider podcast: Compass CISO J.J. Agha and LifeOmic Chief Legal Officer Lisa Hawke.

How to Create a Cloud Security Framework

Protecting your valuable information is a multifaceted process that requires a layering of tools, policies, and approaches to ensure proper data loss prevention. In addition to having a range of network, endpoint and cloud DLP tools in place, businesses need a strong foundation of policies, guiding principles, and rules underpinning the approach to data security. A cloud security framework is part of this holistic approach to protecting your information in the cloud.