Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We’ve all seen it in the movies: The chief of security declares that no one could ever steal the “Famous Jewel” because it’s protected by thick glass, an impenetrable system of motion-detecting lasers, and, finally, a weight-sensitive sensor. Cut to the next scene, where a thief, dressed in sleek black, zip-lines from an open skylight, shorts the lasers, scores the glass, and with split-second timing, swaps the jewel for a replica of equal weight.

In today's interconnected world, modern organizations face an ever-increasing array of cybersecurity threats. One of the most effective ways to protect sensitive data and ensure zero trust data security is by fostering a strong culture of security awareness among employees.

Analysis on 3,000 websites and over 100,000 associated webpages (using the client-side security scanning feature of Feroot Inspector) revealed that pixels/trackers are collecting and/or transferring data prior to the explicit consent (e.g., cookie acceptance) of a website user. (While some do not require actual consent for one reason or another, the consent is not explicitly made.) Table 1 shows the degree to which some pixels/trackers were present on the analyzed websites.

In an analysis of over 3,000 websites and over 100,000 associated webpages (using the client-side security scanning feature of Feroot Inspector) across 6 sectors, it was discovered that TikTok pixels/trackers were present on 7.41% of the analyzed websites (shown in Table 1). Here, TikTok pixels/trackers were within the code of the web pages that load into a user’s browser from those websites.

Advancements in AI have led to the creation of generative AI systems like ChatGPT, which can generate human-like responses to text-based inputs. However, these inputs are at the discretion of the user and they aren’t automatically filtered for sensitive data. This means that these systems can also be used to generate content from sensitive data, such as medical records, financial information, or personal details.

Defense contractors and suppliers have anxiously been awaiting news on the roll-out date for CMMC 2.0. The DoD previously indicated it would publish a final or interim final rule in 2023 to formally implement the CMMC program and contractor compliance with its requirements. There is some indication that it will now be issued as a proposed rule in May of 2023.