Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

2023 Cost of a Data Breach: Key Takeaways It’s that time of year - IBM has released its “Cost of a Data Breach Report.” This year’s report is jam-packed with some new research and findings that highlight how organizations are implementing security and risk mitigation techniques to help identify and contain data breaches.

In 2013, MITRE created the ATT&CK framework to give security practitioners a shared language for the tactics, techniques, and procedures (TTPs) employed by advanced persistent threat (APT) groups. The result is a knowledge source that provides valuable threat information, allowing teams to take a proactive approach in identifying and mitigating potential cybersecurity threats. Though the framework is widely used, most organizations struggle to effectively utilize it.

1Password Shell Plugins bring one-touch access to programmers' favorite command line interfaces (CLIs). I’ll never get tired of cutting steps from what was once a manual process, especially if we can secure that workflow in the process. And that’s exactly what shell plugins do.

We are excited to introduce Asset Discovery – a new feature that allows you to find and protect unknown applications, domains, sub-domains, and other public assets. This feature is now part of AppTrana WAAP and Indusface WAS (Web Application Scanning). Unknown is the biggest risk, especially when it is an orphaned app that was launched by one of your business divisions that is no longer in use.

Forever 21 is a large fashion company that spans across many different countries. Forever 21 has over 540 retail outlets worldwide and approximately 43,000 employees. The organization gathers and uses information from millions of customers, and some of them were exposed in a recent data breach.

Software supply chain attacks, or digital supply chain attacks, have become increasingly prevalent over the last couple of years. According to a study by KPMG, 73% of organizations have experienced at least one significant disruption from a third-party in the last three years. What’s the best way to protect against potential software supply chain attacks? To get the answer, let’s define what those attacks are, how they happen, and how you can defend against them.

Arguably, the most used device by an organization’s employees is their smartphone. Ensuring that anyone, from the CEO to a newcomer being onboarded, knows how to keep this device safe should be paramount. Why? Globally, more than 2 million attacks on mobile devices are reported each month, according to Statista. While the number of attacks has dropped precipitously from its peak of 6.5 million in October 2020, it is still dangerously high and a favorite threat actor attack vector.

‍This is the second of a two part series on highlighting the power of cyber risk quantification, based on a webinar hosted by Kovrr’s Director of Product Management, Amir Kessler. Part two delves into the transformative potential of converting cyber risks from financial insights to actionable plans. Watch the full webinar here.

It’s not a mystery that eBPF (Extended Berkeley Packet Filter) is a powerful technology, and given its nature, it can be used for good and bad purposes. In this article, we will explore some of the offensive capabilities that eBPF can provide to an attacker and how to defend against them.

It’s not news that cybersecurity is now a board-level imperative. But with all the talk about that, here’s something we don’t talk about enough: board directors and other senior executives might know they need to have these conversations, but in many cases are still struggling with how to have them in a productive way, especially if they aren’t technical or haven’t spent any real time in a technology role.