Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The US Government recently announced that state-sponsored Chinese cyber group Volt Typhoon has compromised multiple critical infrastructure organisations’ IT networks in the US and is preparing “disruptive or destructive cyber attacks” against communications, energy, transport, water and waste water systems.

‍ Over the past few decades, cyber attackers have increasingly wreaked havoc on the market, taking advantage of newer, more sophisticated ways to exploit system vulnerabilities. However, in fear of losing competitive advantages, organizations had notoriously downplayed the impact of these attacks, misleading investors and resulting in stock prices that did not accurately represent the risk landscape. ‍

Over the past month, we’ve rolled out several new capabilities, including: ‍ ‍ ‍

With the rise of cyber threats and the increasing volume of sensitive data being transmitted over networks, organizations must prioritize the use of cryptographic algorithms that meet stringent standards for security and reliability. One such standard is FIPS (Federal Information Processing Standards) compliance, which ensures that cryptographic algorithms adhere to the rigorous criteria set forth by the U.S. government.

Cyber threats against critical infrastructure – such as energy and transportation networks – remain pervasive as ever, with 2023 witnessing an astounding 420 million such attacks in total. That’s the bad news. The good news is that critical infrastructure is set to become more secure, at least in the European Union, thanks to the NIS 2 Directive (also known as E.U. Directive 2022/2055).

Incorporating remote work among companies has been one of the developments in recent years. In fact, a staggering 98% of employees express their desire to have this kind of dynamic in their jobs. The shift is here to stay as more and more organizations are adopting it as part of their work culture because of its many advantages. This integration is essential as employers move forward with their business continuity plans.

January 2020 is when the Department of Defense (DoD) released the Cyber Maturity Model Certification (CMMC) framework, aimed at evaluating and strengthening the cybersecurity readiness of the Defense Industrial Base (DIB). As per the DoD’s directive, all prime contractors and subcontractors within the supply chain must undergo auditing and certification under the CMMC framework.

Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team, or two great tastes that go great together. As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reese’s cup, a recent gap analysis that I was part of reminded me that too often, the peanut butter and chocolate sit alone on their own separate shelves.

Here at Ignyte, we talk a lot about the most common and popular security certifications and frameworks for cloud service providers and others, FedRAMP, CMMC, and their associated NIST publications. These are very important, but they’re far from everything that can be relevant to a CSP or to businesses looking to maintain their security credentials. Most CSPs have to deal with basic PII, CUI, and other forms of protected information that may be treated broadly the same.