We all know about the attacker who leverages their technical expertise to infiltrate protected computer systems and compromise sensitive data. This type of malicious actor ends up in the news all the time. But they’re not the only ones making headlines. So too are “social engineers,” individuals who use phone calls and other media to exploit human psychology and trick people into handing over access to the organization’s sensitive information.
There’s always a balancing act when it comes to building and deploying cloud-native applications in environments like Amazon Web Services (AWS). The whole point of moving production to the cloud is that developers can move faster than ever before, innovating and shipping new features on a daily basis. But that same speed can be an organization’s downfall if development outpaces security processes and accidentally exposes secrets or other credentials to potential attackers.
We often hear about the importance of DevSecOps — integrating security into DevOps processes. But as many security professionals know, it’s not nearly as easy as it sounds. Cultivating secure software development practices requires working alongside developers with varying opinions, priorities, and idiosyncrasies. And any process involving humans is complicated. So, how do today’s security teams overcome these challenges and make secure software development practices a reality?
Today’s episode is part two of our conversation with former White House CIO, bestselling author and founder and CEO of Fortalice Solutions, Theresa Payton. If you missed part one, you can start here and go back to that episode. Or, you can start there and come back to this one – but you’re already here, so maybe just stick around?
Automated incident response can help security teams identify and respond to cyber threats faster. When a breach happens, delays equal costs. Today, a cyber attack happens every 39 seconds, and the global average total cost of a data breach is the highest it’s been in 17 years. In this environment, a low response time is crucial to reducing cyber risk.
Our previous research on CVE exploitability in the top DockerHub images discovered that 78% of the reported CVEs were actually not exploitable. This time, the JFrog Security Research team used JFrog Xray’s Contextual Analysis feature, automatically analyzing the applicability of reported CVEs, to scan OWASP WebGoat – a deliberately insecure application. The results identified that out of 60 CVEs reported with a Critical CVSS score, only 10 are actually applicable.
In all relationships, issues can arise. The key to solving those issues is to have a clear understanding of the issue itself. For instance, when a customer reports an issue it is critical to listen to the customer with patience and empathy so that they feel understood, and to assure them that they will receive assistance promptly. Furthermore, product issues can present themselves in various forms of complexities.
Every business that collects personal data via a website, app, or even via the phone/post will find that they need the skills and expertise of a Data Protection Officer at some point to ensure safe and confidential data processing. But what is a DPO exactly? Do you really need one? And what if you don’t want to hire someone full time? Read on to find out more about the roles and responsibilities of the DPO and when to hire one to secure your data.
In this episode of the Future of Security Operations podcast, Thomas interviews Andreas Schneider - the Field CISO EMEA at Lacework. Leveraging its data-driven platform and cloud-native application protection solution, Lacework helps organizations make sense of immense amounts of security data with minimal effort.
