Recent headlines have indicated that some major companies were affected by Remote Code Execution (RCE) vulnerabilities, just in the month of October. RCE flaws are largely exploited in the wild, and organizations are continually releasing patches to mitigate the problem. RCE is a type of an Arbitrary Code Execution (ACE) attack where the threat actor executes malicious commands on the target’s device.
As artificial intelligence (AI) advances, I am seeing a lot of discussion on LinkedIn and in the online media about the advantages it may bring for either the threat actors (“batten down the hatches, we are all doomed”) or the security defence teams (“it’s OK, relax, AI has you covered”).
The cybersecurity threats facing small and medium-sized businesses (SMBs) are real and growing. The FBI’s Internet Crime Complaint Center reports a majority of the 800,000+ complaints they received regarding cyberattacks in 2021 targeted small businesses. A cyberattack can cause significant damage to any organization. But for SMBs, a security incident that causes productivity loss, financial trouble or reputation harm can be devastating.
Adversaries continue to find new and innovative ways to penetrate an organization’s defenses. Defenders who focus on plugging these holes can find themselves exhausted and frustrated. Hunting for adversarial defense evasion for the purpose of data exfiltration and command-and-control (C2), however, remains a good strategy. Many adversaries leverage tooling to establish C2 or to enable successful data exfiltration, all while evading an organization’s defenses.
With over 7.3 million docker accounts created in 2021, Docker’s popularity has seen a meteoric rise since its launch in 2013. However, more businesses using it also means attackers are incentivized to target docker vulnerabilities. As per a 2020 report, 50% of poorly configured docker instances were subjected to cyber-attacks. And it’s not that easy to spot these poor configurations either because you must conduct checks at multiple levels.
The trend of “bring your own device(BYOD)” is increasing in popularity as more and more employees use their devices for work purposes. While BYOD can offer many benefits to businesses, such as increased productivity and flexibility, it poses some security risks. To protect your business from these risks, it is essential to have your device policy in place.
Healthcare statistics by HIPAA revealed that healthcare cybersecurity incidents fell by 8% in February 2022 but still faced 46 incidents affecting 2.5 million people.
Cybersecurity is a daunting subject for most small and new businesses. They don’t have the budget to hire the best in the field to take care of their security. These small businesses need practical solutions and advice to protect their business.
Companies accumulate massive amounts of data, whether it is intellectual property or customer and employee information. Data is a critical asset: it’s undeniable. If your business users have appropriate access to data, they can perform their jobs more efficiently and effectively, and they can analyze the data to derive key business intelligence that drives better business decisions. But if data isn’t protected from breaches, it can also be a liability.
