Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If the first month-plus of 2024 is any indication, this year is likely to be anything but ordinary in the cybersecurity realm. In January alone, a triad of events unfolded, each more riveting than the last, setting the stage for a year that promises to be as unpredictable as it is exciting. The following recent events have me reflecting on processes and controls that can help you better protect your organization’s most sensitive assets.

Introduction In the realm of cybersecurity, constant vigilance is paramount as threats evolve and attackers become increasingly sophisticated. understanding the sign of compromise, tactics, techniques, and procedures (TTP) employed by threat actors is crucial in effectively combating emerging threats. A recent discovery has unveiled a significant risk stemming from the exploitation of a zero-day vulnerability within Ivanti enterprise VPNs.

Cybersecurity has become a critical part of corporate governance, with board members increasingly held accountable for the digital safety of their organizations. Amid rising breach costs, new cybersecurity regulations like those from the U.S. Securities and Exchange Commission (SEC), and new studies finding widespread cybersecurity failures, the impact of board-level cyber governance decisions is significant.

New data summarizing the compromises of data in 2023 provides key details on who’s being targeted, what types of data is being compromised, and what attack vectors are being used. I’ve covered reports from the Identity Theft Resource Center (ITRC) – their coverage of attacks over the years has grown to include much more than identity theft.

A phishing campaign is attempting to trick users into downloading remote monitoring and management (RMM) software like AnyDesk, Atera, and Splashtop, according to researchers at Malwarebytes. While these tools are legitimate, they can be exploited by threat actors to carry out many of the same functions as malware. These tools may also be less likely to be flagged as malicious by antivirus software.

‍Market success has often demanded that business leaders take risks. Some of the most profitable executives are those who have pursued bold initiatives, recognizing, despite the dangers, the potential rewards. However, as organizations grow and become more complex, the costs of these risks rise, demanding a more data-driven approach to its management.

High-velocity software development today is close to impossible (and most certainly not sustainable) without DevOps. The migration to the public cloud, along with increasing regulatory demands, and other factors made application and code security as vital as DevOps. Thus were born the practices and frameworks of DevSecOps. The value of DevSecOps is evident and clearly understood by technologists.

After thirteen years in the cybersecurity industry, I’ve come to one sobering conclusion: given enough time, everyone will suffer a data breach. It’s just a question of severity.

When encountering a scammer online, the best method is to block, report, and move on. Let the law take charge of handing out consequences to scammers, and you can focus on stopping scammers in their tracks. Sometimes, this can be more challenging as online scammers become more adept at tricking people into believing their lies, using technology, social engineering, and emotional manipulation to achieve their aims.

'Cyber insecurity' is among the most pressing issues facing organizations globally in 2024, according to new research from the World Economic Forum (WEF). In its Global Cybersecurity Outlook 2024 report, the WEF found that more than eight in ten organizations surveyed feel more or as exposed to cyber crime than last year.