Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

November 2024

upguard

Human Factors in Cybersecurity in 2024

Nov 28, 2024 By Edward Kost In UpGuard
Humans are often regarded as the weakest link in a cybersecurity program. Whether resulting from manipulative cybersecurity tactics or limited cybersecurity awareness, human errors remain the most prevalent attack vectors in every information security program, no matter how sophisticated your cybersecurity stack may be.
Read Post
cyberark

Securing Remote Access: Best Practices for Third-Party Risk Management

Nov 27, 2024 By Ryne Laster In CyberArk
The physical location of users has become less and less important in conducting business, with the drawback that it creates new, persistent threats to organizations. You know that. You may not know that remote access to IT and business-critical systems is not a new concept. It’s been around since the late 1980s.
Read Post
bitsight

NIS2 Compliance Advice from Luxembourg's Regulatory Authority

Nov 26, 2024 By Francisco Fonseca In BitSight
NIS2 is a transformative directive reshaping how organizations across Europe and the globe approach cybersecurity, supply chain management, and operational resilience. A lot has been written about compliance strategies, but what does NIS2 mean in practice? We’ve asked the Institut Luxembourgeois de Régulation (ILR), Luxembourg’s national regulatory authority responsible for overseeing the implementation and enforcement of NIS2 in the country.
Read Post

Mike Machado Lightning Interview

Nov 26, 2024 By Riscosity In Riscosity
Welcome to the second installment of Riscosity’s Lightning Interview Series In this episode, we sit down with Michael Machado, a security industry veteran and former CISO at public and pre-IPO companies including RingCentral, Shippo, and BeyondTrust. Ever wonder the best strategy for gaining meaningful budget increases as a CISO? Tune in to find out.
View Video
securitysenses

How to Enhance Secure Access to Screen Displays for Remote Workers

Nov 26, 2024 By SecuritySenses In SecuritySenses
Remote work is the new normal, and while it is flexible, it can easily introduce security risks. Protecting sensitive information on screen displays is crucial. With employees working from different locations, it's easier than ever to be exposed to threats. Hackers, unauthorized access, and accidental data sharing are just a few concerns. That's why secure access to screen displays is more important than ever. Let's explore how you can strengthen security for remote workers.
Read Post
SecurityScorecard

2025 Security Predictions: The Forces Reshaping Cybersecurity

Nov 25, 2024 By SecurityScorecard In SecurityScorecard
As 2025 approaches, cybersecurity leaders are bracing for a year of intensifying challenges. Regulations are tightening, nation-state attackers are refining their strategies, and CISOs are under growing pressure. Aleksandr Yampolskiy, Co-Founder and CEO, Jeff Le, VP of Global Government Affairs and Public Policy, and Steve Cobb, CISO, all from SecurityScorecard, bring sharp focus to what lies ahead. What worked in 2024 may not protect you in 2025.
Read Post
riscosity

GDPR and CPRA: A Unified Call for Data Transparency and Accountability

Nov 22, 2024 By Anirban Banerjee In Riscosity
The General Data Protection Regulation (GDPR) of the European Union and the California Privacy Rights Act (CPRA) represent landmark regulations designed to protect consumer data privacy. While GDPR became enforceable in May 2018, CPRA came into effect in January 2023, building on its predecessor, the California Consumer Privacy Act (CCPA). Both laws aim to empower individuals with greater control over their personal data while imposing rigorous obligations on businesses.
Read Post
nucleus

Nucleus Ranked No. 85 Among Deloitte's 500 Fastest Growing Companies in North America

Nov 21, 2024 By Steve Carter In Nucleus
We’ve had a lot to celebrate at Nucleus this year, with today’s news being the being one of our most significant achievements of the year. Speaking for the whole company, we are proud to have been named to the Deloitte Technology Fast 500, a ranking of the 500 fastest growing technology companies in North America for 2024, and for the recognition of our 1,562% growth over the past three years.
Read Post
riscosity

Privacy Engineering is Dead

Nov 21, 2024 By Anirban Banerjee In Riscosity
In an era where data breaches, privacy violations, and regulatory fines dominate headlines, the need for robust privacy engineering has never been more critical. Yet, despite its growing prominence, privacy engineering is failing to meet the demands of businesses and consumers alike. To understand why, let’s explore what privacy engineering is, the challenges it faces, why its current state is insufficient, and the transformative shift needed to make it truly effective.
Read Post
bitsight

Using Bitsight Cybersecurity Data Feeds to Protect Critical Infrastructure

Nov 20, 2024 By Tim Jackson In BitSight
While most security teams now have systematic processes in place for identifying vulnerabilities and responding to targeted threats, large-scale security incidents that affect many organizations globally are now an increasingly common occurrence. The Crowdstrike outage in July, while not specifically a security incident, demonstrated how targeted breaches or failures in our security infrastructure can have a ripple effect across entire industries and disrupt critical aspects of everyday life.
Read Post
sysdig

How Sysdig strengthens cloud security posture management with custom risk insights and controls and proactive risk management

Nov 20, 2024 By Maya Levine In Sysdig
Attack surfaces in the cloud are expanding at a breakneck pace. Cloud security has reached an unprecedented level of complexity — ranging from misconfigurations and vulnerabilities to advanced threats and compliance challenges, all while malicious actors are increasingly using generative AI to target your cloud infrastructure.
Read Post
fidelis security

How XDR Security Transforms Cyber Risk Management

Nov 20, 2024 By Fidelis Security In Fidelis Security
In 2024, cyber threats are evolving fast. Attackers are using advanced tools like AI-powered malware, ransomware-as-a-service models, and targeted supply chain attacks that can get past traditional security measures. To fight these threats, security teams need tools that can move faster than attackers, giving them a clear view and coordinated responses across their IT ecosystem.
Read Post
bitsight

7 Tips from a Security CTO for Balancing AI Innovation with Governance

Nov 19, 2024 By Dave Casion In BitSight
As a modern CTO, it should probably come as no big surprise that I’m an optimist on the innovative prospects of artificial intelligence (AI). But I’ve been in this career for a long time, and that optimism is tempered with experience. I’ve seen enough emerging technology patterns to know that it always takes a lot more time and resources than people think to evolve innovative technologies beyond their final barriers.
Read Post
knowbe4

A New Era In Human Risk Management:Introducing KnowBe4 HRM+

Nov 19, 2024 By Stu Sjouwerman In KnowBe4
Cybersecurity threats grow more sophisticated by the day. Amid this constant change, one truth remains: people are simultaneously our greatest security vulnerability and our strongest line of defense. It’s time to empower organizations with a new approach that minimizes human risk and maximizes protection.
Read Post
riscosity

Securing Identities in Business Data Flows

Nov 19, 2024 By Anirban Banerjee In Riscosity
In today’s business ecosystem, data exchanges are critical for operations. From APIs to FTP connections, Electronic Data Interchange (EDI), and Virtual Desktop Infrastructure (VDI), data transfers happen continually, each using specific protocols and requiring authentication to ensure security and confidentiality. These interactions rely on a vast array of identities, keys, and credentials that need consistent management and periodic rotation to maintain security.
Read Post

A New Era In Human Risk Management:Introducing KnowBe4 HRM+

Nov 19, 2024 By KnowBe4 In KnowBe4
Introducing HRM+, KnowBe4’s groundbreaking human risk management platform. Built as a comprehensive AI-driven ‘best-of-suite’ platform for Human Risk Management, HRM+ creates an adaptive defense layer against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. HRM+ tackles the complex human-element cybersecurity challenges of the modern world.
View Video
obrela

Understanding Polymorphic Viruses and Polymorphic Malware

Nov 19, 2024 By Obrela In Obrela
Polymorphic viruses and polymorphic malware represent some of the most sophisticated challenges in modern business. These types of malware are designed to evade traditional cyber security measures by constantly changing their appearance making them particularly difficult to detect and eliminate.
Read Post
riscosity

Okta and Long Usernames

Nov 18, 2024 By Anirban Banerjee In Riscosity
The Okta 52-character username vulnerability has brought to light a significant security issue within the popular identity and access management (IAM) platform used by many enterprises worldwide. This vulnerability allows attackers to exploit a username constraint to bypass certain authentication checks, which could have severe implications for businesses relying on Okta’s services for secure user verification and access control.
Read Post
SecurityScorecard

A Day in the Life of a CISO - Presenting to the Board Chairman

Nov 18, 2024 By SecurityScorecard In SecurityScorecard
It’s 7:30 AM when I check my inbox, and right at the top is an urgent email from Alex, our Chairman of the Board: “I need an update on how we’re stacking up against our competitors on security.” Not just a quick overview—he’s asking for specifics on how our cybersecurity posture compares to our peers, the improvements we’ve made, and a detailed look at our progress since our last board meeting.
Read Post
SecurityScorecard

A Day in the Life of a CISO - Addressing an Urgent Security Threat

Nov 18, 2024 By SecurityScorecard In SecurityScorecard
Late last night, I received a notification from SecurityScorecard alerting me to a newly discovered vulnerability, Solarwinds, with potentially severe business implications for my organization. It’s now 6AM, and I’ve been up through the night, digging into the latest security research to fully assess the risk and scope of exposure. Thanks to SecurityScorecard’s real-time automated alert, I’m ahead of the situation and have already proactively briefed our CIO and executive team.
Read Post

Nauzer Gotla Lightning Interview

Nov 18, 2024 By Riscosity In Riscosity
Welcome to the first installment of Riscosity’s Lightning Interview Series. We'll be sitting down with industry leaders for informative and to-the-point conversations. In this episode, we chat about the present and future of internal audit and data security with Nauzer Gotla, Vice President of Internal Audit at Nextracker (NASDAQ:NXT), a dominant player in solar tracking solutions with revenues north of $2.5B.
View Video
securitysenses

Why Cybersecurity Consulting is Crucial for Small Business Success

Nov 18, 2024 By SecuritySenses In SecuritySenses
Small businesses face unprecedented digital threats in today's interconnected marketplace. Cyberattacks targeting smaller enterprises have increased dramatically, with devastating financial and operational impacts. The challenge of maintaining robust security measures while managing limited resources demands strategic solutions for sustainable business operations.
Read Post
ionix

Third-Party Security Risks: The Complete Guide

Nov 17, 2024 By Amit Sheps In IONIX
Third-party vendors are essential for many business operations, from cloud providers to SaaS applications. However, they add to the ever-growing scope of an organization’s risk management. Third-party risk management (TPRM) is the process of identifying, assessing, and mitigating the security risks posed by vendors, contractors, and service providers that have access to your organization’s data or systems.
Read Post
upguard

Cast a Wider Net: UpGuard Now Scans 5x More Sources

Nov 15, 2024 By UpGuard Team In UpGuard
At UpGuard, we know that in cybersecurity, timing is everything. That’s why we’ve enhanced our news and incident scanning with 500% more coverage, bringing you faster insights from high-impact sources. Now, SOC analysts and security teams can catch incidents affecting their organization or supply chain sooner, allowing for quicker, proactive responses to mitigate threats before they escalate.
Read Post
obrela

The Middle East's Rise in Economic Growth: A Prime Target for Cybersecurity Threats

Nov 15, 2024 By Nick Loumakis In Obrela
Obrela’s Nick Loumakis, Regional Managing Director MENA, describes the complex cyber attack landscape across the Middle East As the Middle East undergoes rapid economic growth and digital transformation across key sectors like finance, energy, and government, the region faces a surge in cybersecurity threats. The integration of cloud services, IoT devices, and digital financial systems has increased vulnerabilities, making it a focal point for sophisticated cyberattacks.
Read Post
riscosity

API, Identities and solving for the biggest challenges

Nov 14, 2024 By Anirban Banerjee In Riscosity
API calls are the backbone of modern software, enabling applications to communicate and share data seamlessly. However, with this integration comes the challenge of understanding and managing the identities used in API calls. These identities, often tied to authentication and authorization mechanisms, are crucial for determining what data is accessed and exchanged.
Read Post
nucleus

Understand How Internet Exposure Impacts Vulnerability Management and Cyber Risk

Nov 14, 2024 By Aaron Unterberger In Nucleus
As organizations continue to embrace digital transformation, their infrastructure increasingly spans cloud environments, third-party integrations, and remote work setups. This shift enhances efficiency and productivity—but also broadens the digital attack surface, creating new points of exposure to the public internet.
Read Post
veracode

Introducing Veracode Risk Manager: A New Chapter in ASPM Built for Scale

Nov 13, 2024 By Derek Maki In Veracode
In a digital world that’s evolving faster than ever, industry landscapes are shifting, and customer needs are becoming more complex. At Veracode, we recognize these fundamental changes in the application security space. That’s why Veracode strategically acquired Longbow Security, now rebranded as Veracode Risk Manager.
Read Post
riscosity

FedRAMP Certification and Data Security

Nov 13, 2024 By Anirban Banerjee In Riscosity
Federal Risk and Authorization Management Program (FedRAMP) and State Risk and Authorization Management Program (StateRAMP) are pivotal frameworks for securing cloud services used by federal and state governments, respectively. These programs mandate stringent security protocols, emphasizing the need for organizations to manage and disclose third-party involvement in delivering software services to the government.
Read Post
upguard

Is the ASX 200 Resilient to Cyber Threats? Our Report Says No.

Nov 13, 2024 By Greg Pollock In UpGuard
In today’s rapidly evolving digital landscape, managing cyber risk has become essential for sustaining corporate growth and resilience. Cyber risk management requires balancing corporate growth against the evolving tactics of threat actors and governmental regulations – a daunting task that requires continuous measurement and strategic reflection.
Read Post
bitsight

ICS Security Is a Team Sport

Nov 12, 2024 By Brandon Smith In BitSight
As we discussed in the first article in this series, there are many Internet-exposed control systems, but they are very different from traditional IT systems and require a different security approach. With these systems being so critical and controlling processes that can potentially lead to loss of life if they fail, what is being done to tackle this issue? In this article I’ll dive into this and more, looking at.
Read Post
SecurityScorecard

The Botnet is Back: SSC STRIKE Team Uncovers a Renewed Cyber Threat

Nov 12, 2024 By SecurityScorecard In SecurityScorecard
A silent danger is sweeping through the world’s critical infrastructure. The SecurityScorecard STRIKE Team has uncovered a resurgence of Volt Typhoon—a state-sponsored cyber-espionage group from the Asia-Pacific region, known for its precision and persistence. This is no ordinary attack. Volt Typhoon exploits unprotected, outdated edge devices within targeted critical infrastructure.
Read Post
kovrr

9 Cyber Risk Management Trends in 2025 Every Business Should Know

Nov 11, 2024 By Kovrr In Kovrr
‍The evolution of the cyber risk management landscape is constant, and with each passing year, market players find themselves in the position of having to readjust their strategies, whether in brand positioning, cybersecurity, or beyond, to account for these consequent changes. While some of the shifts are welcome, others are less so. Nevertheless, all require careful foresight.
Read Post
securitysenses

How to Conduct a Comprehensive Base Security Assessment

Nov 11, 2024 By SecuritySenses In SecuritySenses
Conducting a comprehensive base security assessment is crucial. It ensures the safety of personnel, assets, and information. With the rise of various threats, it's more important than ever to evaluate and enhance security measures systematically. A thorough assessment not only identifies weaknesses. It also assists in implementing effective security controls to mitigate risks. In this detailed guide, we will explore essential steps and best practices to perform a base security assessment. We will enable you to deploy effective security solutions tailored to your environment.
Read Post
obrela

Tips for NIS2 Compliance: What Companies Need to Do - and Will It Work?

Nov 8, 2024 By Notis Iliopoulos In Obrela
The Network and Information Systems Directive (NIS2) marks a significant step forward in Europe’s efforts to bolster cybersecurity resilience. Alongside the Critical Entities Resilience Directive, it represents a commitment to ensuring that organisations offering essential services—such as financial services, healthcare, transport, and energy—are equipped to withstand cyber threats.
Read Post
riscosity

Investigating iOS 18's AI Capabilities

Nov 7, 2024 By Anirban Banerjee In Riscosity
With the release of iOS 18, Apple has continued to expand its integration of AI technologies, positioning the iPhone as a powerful personal assistant capable of smart recommendations, advanced text and image analysis, and even predictive suggestions. Leveraging on-device machine learning, iOS 18’s AI features tap into user data to provide a personalized experience.
Read Post
obrela

What is GRC in Cyber Security? Why is it Important?

Nov 7, 2024 By Obrela In Obrela
Governance, Risk Management, and Compliance (GRC) in cybersecurity is a framework that is designed to help organizations align their security efforts with business objectives while also managing risks and adhering to legal and regulatory requirements. To implement GRC in Cyber security effectively, it is important to understand the purpose of each element and the part each has to play in improving an organization’s security posture.
Read Post
SecurityScorecard

Securing Port 139: Strategies to Prevent Unauthorized Access and Cyber Threats

Nov 7, 2024 By SecurityScorecard In SecurityScorecard
In the realm of network security, safeguarding communication ports is a fundamental aspect of protecting a network’s integrity and confidentiality. Port 139, primarily used by the Server Message Block (SMB) protocol for file sharing in Windows networks, stands out as a critical point of vulnerability when not properly secured. This port facilitates network communications, allowing computers to share files, printers, and serial ports over a network.
Read Post
SecurityScorecard

Navigating the Risks of TCP 445: Strategies for Secure Network Communication

Nov 7, 2024 By SecurityScorecard In SecurityScorecard
In the intricate matrix of network communications, TCP port 445 stands as a crucial node, facilitating the swift and efficient exchange of resources like files and printer services between computers on the same network. Yet, its significance as a channel for Server Message Block (SMB) communication within Windows operating systems also marks it as a vulnerable target for cyber threats.
Read Post
obrela

What is a social engineering attack? Types of social engineering attacks

Nov 6, 2024 By Obrela In Obrela
A social engineering attack is a form of cybersecurity attack where attackers approach individuals and psychologically manipulate them into divulging sensitive information or performing actions that compromise security. Unlike traditional hacking methods that exploit system vulnerabilities, social engineering preys on human psychology, using the likes of deceit, urgency or trust to bypass defenses.
Read Post
veracode

Revolutionizing Risk Management in Application Security

Nov 5, 2024 By Donna Namorato In Veracode
In our hyper-connected reality, software applications are the unsung heroes of business operations. But, let's face it, with great tech comes great vulnerability to cyber shakedowns and data leaks. This begs the question: “Is scanning enough to manage risk?” Organizations are playing a high-stakes game of keeping their apps secure to safeguard their secrets.
Read Post
cyberint

Dark Web monitoring: The linchpin of External Risk Management

Nov 4, 2024 By Naftali Goodman In Cyberint
The typical Security Operations Center (SOC) faces a wide variety of responsibilities. In addition to monitoring internal systems for signs of threats and breaches, modern SOCs are tasked with managing external risks through practices such as: Each of these practices addresses different types of risks, and it would be wrong to say that any one practice is fundamentally more important than the others.
Read Post
cultureai

Understanding SaaS Security: Risks and Best Practices

Nov 4, 2024 By The CultureAI Team In CultureAI
Software as a Service (SaaS) applications have become widespread and indispensable for businesses of all sizes, and for good reason. The convenience, flexibility, and scalability mean teams can access the essential tools and data from anywhere around the globe. This convenience and accessibility, however, does pose its own set of challenges when it comes to security risks.
Read Post
knowbe4

Every Cybersecurity List Should Be a Risk-Ranked List

Nov 1, 2024 By Roger Grimes In KnowBe4
Cybersecurity is all about risk management and reduction. You cannot get rid of all risk. Well, I guess you could, but you (and everyone else) would probably not want to work in a true zero-risk environment. It would be too locked down, super slow, and incredibly inflexible. Cybersecurity is all about identifying the most likely and impactful risks and reducing them. To repeat, cybersecurity is about risk management. Identify the biggest risks and mitigate those the best you can. That is your job.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.