Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Last month, we hosted our inaugural Security Automation Roadshow in San Francisco, bringing our brilliant community of builders together for knowledge sharing, interactive learning, and, of course, workflow building. Speaking at the event, our co-founder and CEO Eoin Hinchy shared the inspiration for the series. Earlier in his career, he saw how important community and peer-to-peer networking can be for both organizations and individual professional development.

Anyone who has visited a casino knows these organizations go to a great deal of expense and physical effort to ensure their patrons do not cheat. Still, there is a large group of actors who are uninterested in card counting or using loaded dice at the craps table. In fact, these adversaries don't bother going into the building or even visiting the country where the casino is located. Cyber threat groups.

Secrets are non-human privileged credentials used by systems and applications to access services and IT resources containing highly sensitive information. One of the most common types of secrets organizations use is called an SSH key. Although SSH keys are secure from certain cyber attacks, they can be compromised due to secret sprawl and mismanagement.

While the digital landscape evolves, cyber adversaries are also honing their tactics, techniques, and procedures. In recent years, ransomware groups have made major disruptions to the digital supply chain and, by extension, the world economy. What’s more, organizations in all industries and geographies continue to grapple with third-party threats, zero-day vulnerabilities, and more.

The SEC cybersecurity disclosure rules have put a spotlight on the issue of cybersecurity within organizations. The core of the rules and related guidance can be found in the article “Assess Your Readiness Now for the SEC Cybersecurity Disclosure Rules.“ The SEC cybersecurity disclosure rules should help build momentum around the importance of governance and risk management, relevant expertise, and timely incident disclosure that are fundamental to cybersecurity programs.

With the growing number of security frameworks, acronyms, scoring systems, benchmarks and more, it’s often hard to understand how each frameworks differs, how and where they come into play with regards to modern cloud native systems. More than anything, how do we actually operationalize these frameworks to derive engineering benefits?

In 2023, based on wire fraud statistics nearly a quarter of consumers received suspicious communications, which may have occurred over text, email, phone, or social media. Of those who interacted with the sender, one in twenty consumers fell victim to wire fraud, which begins over electronic channels. That same year, consumers lost a reported $10 billion to fraudulent activities, a significant portion of which began as wire fraud.

As we KEEP do more and more work around the world for corporations, government departments and CNI providers we’re seeing a recurring and worrying trend; Blind Faith. Whilst some of this may be cultural, it can no longer be used as justifiable reasoning for the failure to secure core assets, understand the possible threats or at least implement basic protections. Why?