Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Everywhere we look, organizations are harnessing the power of large language models (LLMs) to develop cutting-edge AI applications like chatbots, virtual assistants, and more. Yet even amidst the fast pace of innovation, it’s crucial for security teams and developers to take a moment to ensure that proper safeguards are in place to protect company and customer data.

It’s that time of year again: The 2024 Verizon Data Breach Investigations Report is back with the top trends in security breaches over the past year. Read on for an at-a-glance look of some of the report’s most interesting—and actionable—findings.

Cloud storage services and SaaS apps like Google Drive and Microsoft OneDrive provide convenient, scalable solutions for managing documents, photos, and more—making them indispensable for modern work and personal life. However, misconfigured settings and permissions can lead to serious security breaches, noncompliance, and even the loss of customer trust. Let’s explore the 5 most common misconfiguration issues with real-world examples.

From Uber in 2016 to Okta in 2023 to Sisense in 2024, it’s evident that there’s a pattern behind the tech industry’s most devastating breaches: Data sprawl. Let’s dive into how data sprawl played a part in last week’s Sisense breach, as well as how security teams can be proactive in defending against similar attacks.

We’re thrilled to announce that Nightfall was selected as the “Data Security Solution of the Year” in the 2024 Data Breakthrough Awards. With enterprises scrambling to stay on the cutting edge of innovation, it’s all too easy to lose sight of data stewardship. In addition to SaaS apps, email, and endpoints, now enterprises must also safeguard their generative AI (GenAI) applications, including both custom and third-party GenAI tools.

In the rapidly evolving AI landscape, the principle of least privilege is a crucial security and compliance consideration. Least privilege dictates that any entity—user or system—should have only the minimum level of access permissions necessary to perform its intended functions. This principle is especially vital when it comes to AI models, as it applies to both the training and inference phases.

As the adoption of AI models, particularly large language models (LLMs), continues to accelerate, enterprises are growing increasingly concerned about implementing proper security measures to protect these systems. Integrating LLMs into internet-connected applications exposes new attack surfaces that malicious actors could potentially exploit.

Nightfall has been named a Leader in Data Loss Prevention (DLP), Sensitive Data Discovery, and Data Security in G2’s Spring ‘24 reports. We’d like to extend a huge thank you to all of Nightfall’s customers and supporters for making this possible. We’re also happy to acknowledge the Nightfall team’s tireless innovation, all in pursuit of helping customers to secure their sensitive data across SaaS apps, GenAI tools, email, and endpoints.

ICYMI, Nightfall recently launched a suite of enterprise DLP offerings including Data Exfiltration Prevention, Data Encryption, Sensitive Data Protection for SaaS and Email, and SaaS Security Posture Management (SSPM). To celebrate our new offerings, as well as our sixth birthday, we took a moment to gather insights from investors including Ryan Nece, Enrique Salem, Maynard Webb, Frederic Kerrest, and Kelvin Beachum Jr.

Back in 2018, Rohan and I founded Nightfall on the belief that AI could make data leak prevention (DLP) better, faster, and more accessible to every enterprise. At the time, Rohan was a founding engineer at Uber Eats, and I was an investor at Venrock specializing in SaaS and security. From these respective vantage points, we could see that legacy solutions weren’t working, and could never keep up with the evolving threat landscape.