The CISO role has evolved in recent years. CISO’s don’t come just from technical and security backgrounds anymore. Each organization has their own distinct vision for how to solve their security needs whether they are customer, regulatory, or industry driven. I started out my career as an external auditor, with the goal of becoming a CFO.
Web applications are vulnerable to several kinds of attacks, but they’re particularly susceptible to code injection attacks. One such attack, the XPath Injection, takes advantage of websites that require user-supplied information to access data stored in XML format. All sites that use a database in XML format might be vulnerable to this attack. XPath is a query syntax that websites can use to search their XML data stores.
Data security is crucial to creating mobile apps, and businesses that create or handle sensitive data must adhere to the Federal Information Processing Standards (FIPS). Data is encrypted before it leaves the mobile device and is decoded in a safe environment thanks to the FIPS 140-2 encryption standard. In this article, we will take a look at the standards and best practices for FIPS 140-2 encryption compliance, covering the fundamentals of ensuring a safe mobile app.
RSAC 2023 was a huge success. We launched our 2023 AT&T Cybersecurity Insights Report, which was met with enthusiasm by the industry and the media. In fact, Will Townsend, writing for Forbes, noted that our report joined other great research by industry peers who are striving to do more than just provide security solutions.
A newly identified criminal organization has been observed running a large number of business email compromise (BEC) scams. Since February 2021, Abnormal Security reports the gang has been responsible for some 350 BEC campaigns against a range of companies. No particular sector is favored, but the scammers favor larger organizations, with more than 100 of the targets being multinational corporations with offices in several countries.
New data shows a resurgence in successful ransomware attacks with organizations in specific industries, countries and revenue bands being the target. While every organization should always operate under the premise that they may be a ransomware target on any given day, it’s always good to see industry trends to paint a picture of where cybercriminals are currently focusing their efforts.
For many companies, a business credit card is part of the organization’s lifeblood. As such access to it must be vigilantly maintained. One potential area of risk is employees sharing credit card details in collaborative SaaS applications like Slack, where these details are at significant risk of being exposed to unauthorized parties.
Security professionals were once confident that the valuable data they protected was safely tucked away inside heavily fortified data centers. But as businesses of all sizes undergo digital transformation, moving their data to the cloud and across numerous distributed locations, the demands placed on legacy data protection systems have changed drastically.
Privileged Access Management (PAM) in cybersecurity is how organizations manage and secure access to highly sensitive accounts, systems and data. Without PAM, organizations are at greater risk of a cyberattack impacting privileged accounts. Continue reading to learn more about PAM and its crucial role in cybersecurity.
