Oracle and KPMG recently issued their 2020 Cloud Threat Report that identifies the key security risks and challenges organizations are faced with as they implement and manage cloud solutions. The joint cloud and threat security report revealed a shift in attitudes towards cloud security, with 75% of respondents viewing the public cloud as more secure than their own data centers.
DevOps and traditional security have historically operated with different schools of thought. In the past, security was seen as a hindrance to the DevOps process and the role of security was left to address at the end of an applications life cycle. But now, there’s a way to make security a part of your DevOps process without reducing speed or scalability – with the adoption of DevSecOps.
Over the past five years, data breaches caused by third-party vendors have continued to increase in severity and frequency. In fact, research found in the latest Ponemon Institute Data Risk in the Third-Party Ecosystem report claims that 59% of companies experienced a data breach caused by one of their third-party vendors. Minimizing your chances of a third-party data breach is a tall order since much of it is out of your direct control.
Starting on September 1, 2020, Department of Defense (DoD) contractors will be required to comply with the new Cybersecurity Maturity Model Certification (CMMC), a new cybersecurity framework designed to enhance security defenses. This new standard draws upon NIST 800-171 Rev 2, ISO 27001 and other security frameworks to create one unified standard for implementing cybersecurity across the entire defense industrial base (IDB).
The popular domain registry and web hosting company GoDaddy is in the headlines this week after the company reported that an unauthorized user accessed login information used by an undisclosed number of its 19 million customers. GoDaddy informed its customer base of the incident on May 4 in an email stating that on October 19, 2019, an unauthorized individual accessed the login credentials used to connect to SSH on the hosting site.
In the midst of all of the chaos caused by the coronavirus, cybercriminals are showing no signs of slowing down their attacks. Government agencies, research organizations, healthcare providers and retailers alike are all coming under attack. Learn about some of this month’s most notable data breaches and cyber attacks in our monthly Data Breach Round-Up article series, the April edition.
It’s been months since the start of the COVID-19 crisis and we’re still learning more each day about the scope of coronavirus-themed attacks through government agencies and technology companies working tirelessly to thwart off hackers. Here’s a roundup of this week’s COVID-19 related cyber-attacks and what organizations should be doing right now to help step up their cyber defenses.
Reducing your attack surface requires a robust vulnerability management solution to help combat today’s most persistent and devastating cyber threats. Whether you’re a CIO, IT manager or an engineer, you probably know that Vulnerability Management is a critical element of any information security strategy.
Cyber Essentials and Cyber Essentials Plus are UK government-backed schemes that are designed to help protect organizations against 80 percent of most common cyber-attacks. This scheme lays out five basic security controls that must be implemented in order to defend against today’s most common cyber threats. These controls are closely aligned to other notable security frameworks, including the Basic CIS Controls as well as the PCI DSS requirements.
When I’m not fighting the good fight against the dangerous world of cyber crime, you’ll often find me out on the field coaching youth soccer. In my experience as a coach, if you ask any group of kids new to the game of soccer “who wants to be a striker?” pretty much every hand will go up.
