Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

September 2024

The Growing Threat Of Fake Job Applicants

It cannot be denied that the rise of remote work has opened up many opportunities for both employers and job seekers. Despite this, however, it has also presented a plethora of challenges when it comes to recruiting in the cybersecurity and tech spaces, one of the most notable of which is the proliferation of candidates who either don’t exist entirely or who aren’t who they claim to be.

Data Security Best Practices for Cloud CRM Systems as Adoption Surges

For the past few years, the CRM market has witnessed steady growth and it is projected to reach $89 billion by 2024. Estimates are that this growth will continue into the foreseeable future. Essentially, CRM systems have come to stay and have become the backbone of many organizations. However, the bleak state of cybersecurity cuts across many industries, and CRM systems are equally vulnerable.

CISA Warns of Hackers Targeting Industrial Systems with "Unsophisticated Methods" Amid Lebanon Water Hack Claims

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that malicious hackers continue to be capable of compromising industrial control systems (ICS) and other operational technology (OT) using "unsophisticated methods" - suggesting that much more still needs to be done to secure them properly.

Understanding Network Attacks: Types, Trends, and Mitigation Strategies

At a time when digital connectivity is the lifeblood of all business operations, the specter of network attacks is greater than ever. As entities depend on complex network infrastructures, malefactors exploit vulnerabilities with growing sophistication and frequency. Understanding the diverse nature of these threats—from DoS and DDoS attacks to reconnaissance exploits—is crucial for devising effective defense strategies.

Navigating the Privacy Paradox: How Organizations Can Secure Customer Data While Ensuring Convenience

Privacy and convenience have always been at odds, especially regarding digital onboarding or online sign-ups. For modern organizations, striking a balance between the two has become increasingly important. At the same time, a recent report said 53% of customers suggest that they would give up their interaction with a brand if it took longer than two minutes, while as many as 87% expect basic levels of privacy to be met.

The Relation Between Breaches and Stock Price Drops

When discussing the consequences of a data breach for organizations, we usually consider three types of damage: financial, legal, and, somewhat more tenuously, reputational. But what about stock prices? One would assume that stock price—an indicator of a business’s overall health and investor confidence—would plummet after a breach, but is this really the case?

Warnings After New Valencia Ransomware Group Strikes Businesses and Leaks Data

A new ransomware operation has started to leak information it claims has been stolen from organisations it has compromised around the world. In recent days Valencia Ransomware has posted on its dark web leak site's so-called "Wall of shame" links to gigabytes of downloadable information that has seemingly been exfiltrated from a Californian municipality, a pharmaceutical firm, and a paper manufacturer.

Aligning Your Cybersecurity Strategy with the NIST CSF 2.0

So, you're considering integrating the NIST CSF 2.0 (National Institute of Standards and Technology Cybersecurity Framework) into your cybersecurity practices. Congratulations! You've taken the first step toward improving your organization's cybersecurity posture. However, you may need clarification about the best approach to aligning your cybersecurity practices with the NIST CSF.

The Latest Email Scams: Key Trends to Look Out For

Amid the numerous instruments that have augmented our digital communication and commerce experiences over time, email remains a staple for everything, from confirming purchases to life-changing events like the authorization of financial aid. It comes as no surprise that email scams have been a mainstay of cyberattacks since the earliest days of online correspondence. Worse yet, their scope and sophistication have kept pace with and taken liberal advantage of general digital developments.

Solar Cybersecurity And The Nuances Of Renewable Energy Integration

The modern age of renewable energy has seen a surge in solar panels and wind turbines. While these systems enhance sustainability, their digital technologies carry risks. Cybersecurity professionals must know the relevant nuances when integrating renewable systems.

The Role of Zero Trust Architecture in Enhancing SSO Security

Securing virtual identities and entry points has become a critical priority as cyber threats grow more sophisticated. A Single Sign-On (SSO) system offers ease and allows multi-functionality with a single set of identity verification, but they are enticing targets for cyber attackers. Organizations need Zero Trust Architecture to alleviate this risk. Zero Trust Architecture (ZTA) is a protection framework that is designed on the principle of never trust and always verify.

NESA Standard Ensures Security of UAE's Cyberspace

To allay dependence on oil revenue and expand the private sector, the United Arab Emirates (UAE) has committed, in recent years, to establishing a knowledge-based economy. Consequently, they have become a formidable competitor in Information Communication Technology (ICT). As the ICT industry has grown, so have government agencies to regulate it, namely the Signals Intelligence Agency, formerly known as (and often still referred to as) the National Electronic Security Authority (NESA).

England and Wales Report a Spike in Computer Misuse

The Office for National Statistics (ONS) most recent Crime Survey for England and Wales (CSEW) has revealed that computer misuse cases rose 37% in the year ending March 2024, bucking a general trend of decline. The CSEW first started tracking computer misuse in the year ending (YE) March 2017, which saw roughly 1.8 million incidents. By March 2023, this number had fallen to 745,000. In March 2024, however, computer misuse incidents rose dramatically to 1 million.

What's Changed in CIS Critical Security Controls v8.1?

The CIS Critical Security Controls (CIS Controls) are a set of best practices designed to help organizations protect themselves from the most common cyber attacks. First developed in 2008, the controls define the minimum level of cybersecurity any organization that collects or maintains personal information should meet. CIS released version 8.1 of the CIS Critical Security Controls on June 25th, 2024.

Mitigating Alert Fatigue in SecOps Teams

Security Operations Teams (SOCs) today are under attack by the very mechanisms meant to help them. A recent industry study revealed a few startling facts: And unsurprisingly, the vast majority (80%) say that manual processes are slowing them down. These stats lay out both the problem with and solution to alert fatigue today: too many alerts, too many bad ones, and not enough streamlined processes helping SOCs get ahead of the problem.

Navigating the Cloud Chaos: 2024's Top Threats Revealed

Misconfigurations (when cloud computing assets are set up incorrectly, leaving them vulnerable to unauthorized access, data breaches, and operational disruptions) and inadequate change control top the list of cloud security threats in 2024, rising from third place the year before. It's clear that the transition to cloud computing has amplified the challenges of configuration management, making it critical for entities to adopt cloud-specific configurations.

WordPress Plugin and Theme Developers Told They Must Use 2FA

Developers of plugins and themes for WordPress.org have been told they are required to enable two-factor authentication (2FA) from October 1st. The move is intended to enhance security, helping prevent hackers from gaining access to accounts through which malicious code could be injected into code used by millions of websites running the self-hosted version of WordPress.

SOX Compliance in the Age of Cyber Threats

Achieving Sarbanes-Oxley (SOX) Act compliance is becoming more difficult. While the Act is primarily a financial reporting regulation, it requires all publicly traded companies operating in the United States to maintain the integrity, accuracy, and reliability of financial reporting, which those organizations can only achieve through robust cybersecurity measures. As such, an effective cybersecurity strategy is crucial for achieving SOX compliance.

Examining the Intersection of Cybersecurity and Automation in 5 Different Industries

Traditional cybersecurity solutions are constantly being supplemented and enhanced by new technology and practices. Industry leaders know that keeping up with digital security advancements is the best way to ensure the success of every company and that customers rely on them. Understanding how experts merge cybersecurity and automation in different industries is an excellent way to embrace this expanding movement.

Security Automation - As Easy As Making Tea?

I worry that a lot of my blog posts reveal that I’m getting older and older as the days go by, but I wanted to talk about teasmades and security automation. For those of you outside of the UK, and even those born in the UK within the past 30 years, there’s a distinct possibility you may read this and consider it to be a made-up word, but there is indeed such a thing as a teasmade – effectively a small machine for making tea that has a timer on it.

Employee Cybersecurity Awareness Training Strategies for AI-Enhanced Attacks

With the adoption of AI in almost every sphere of our lives and its unending advancement, cyberattacks are rapidly increasing. Threat actors with malicious intent use AI tools to create phishing emails and other AI-generated content to bypass traditional security measures. On the bright side, the security capabilities of AI are limitless. AI-enhanced attacks refer to cybersecurity events that use artificial intelligence to compromise individuals' and organizations' safety.

Let's Dance: Securing Access with PIM and PAM to Prevent Breaches

I know when to log out Know when to log in Get things done In the spirit of David Bowie, let's explore how to navigate the labyrinth of privileged access management without getting "Under Pressure." No one wants to mistype a common command, copy their proprietary data to a public location, or delete their operating system. Having multiple accounts—one for regular activities and specific privileged accounts to do sensitive tasks—ought to focus effort and prevent mistakes.

The Power of Tripwire Enterprise SCM Policies

There are many good business, security, and compliance reasons for leveraging the extensive rule and policy engines of Fortra’s Tripwire Enterprise (TE) to implement Security Configuration Management (SCM) capabilities, which have been documented very well in other blogs. In contrast, this article deals more with “how can we fully leverage this capability” technically instead of “why” we use them.

Navigating Change: Three Levels to Filter Out the Noise in Tech Environments

Change is relentless. Technology evolves at breakneck speed, and security practitioners face a constant barrage of updates, system tweaks, and new tools. This relentless stream of modifications can create a clutter of information, making it challenging to pinpoint what is truly important. Effectively filtering through this noise through effective change management is critical for maintaining operational efficiency and security.

Guardians of the Files: Tracing the Evolution of File Integrity Monitoring

File Integrity Monitoring (FIM) is a cybersecurity process that involves continuously monitoring files and systems to identify any unauthorized changes. FIM solutions maintain file integrity by comparing a file or system's current state to a known, trusted baseline and flagging any discrepancies. It is key for identifying security breaches, preventing data tampering, and maintaining compliance.