Investing in cybersecurity is a lot like working hard to save for retirement. Your budget’s already tight, but you must secure the future. You’re faced with endless headlines and market updates that make you nervous about making the wrong choices – or not making moves quickly enough amid fast-changing conditions.

In this episode, we welcome back Shay Nahari, VP of CyberArk Red Team Services. His discussion with host David Puner revolves around attacker innovation, focusing on key areas like cascading supply chain attacks and session cookie hijacking. Lean in as Nahari explains how the Red Team simulates real-world attacks to help organizations identify vulnerabilities and improve their security posture.

The U.S. Securities and Exchange Commission (SEC) recently announced a ruling aimed at enhancing public companies’ cybersecurity risk management, strategy, governance and incident disclosure. To sum it up, companies must report cyberattacks within four days of determining an incident is “material” and divulge details about their cybersecurity programs annually.

For security teams managing their enterprises’ privileged access management (PAM) programs, times have changed and what’s considered a privileged or high-risk account has drastically shifted. In turn, the way organizations not only manage privilege, but comprehensively secure it, must also shift. Historically, organizations have managed their PAM programs by vaulting and rotating credentials on privileged accounts.

Today’s episode of Trust Issues focuses on spycatching! Eric O’Neill, a former FBI counterintelligence operative and current national security strategist, joins host David Puner to discuss his legendary undercover mission to capture Robert Hanssen, one of the most notorious and damaging spies in U.S. history.

As vulnerability researchers, our primary mission is to find as many vulnerabilities as possible with the highest severity as possible. Finding vulnerabilities is usually challenging. But could there be a way, in some cases, to reach the same results with less effort?

Generative artificial intelligence (AI) has officially arrived at the enterprise and is poised to disrupt everything from customer-facing applications and services to back-end data and infrastructure to workforce engagement and empowerment. Cyberattackers also stand to benefit: 93% of security decision makers expect AI-enabled threats to affect their organization in 2023, with AI-powered malware cited as the No. 1 concern.

Insider threats don’t often seem like threats at all. They look like colleagues working diligently at the office, logging on to the corporate network from Starbucks or providing a critical third-party service. But insider threats are a big problem that’s getting even bigger and costlier to tackle.

It is my distinct honor to announce that CyberArk has officially achieved ISO/IEC 27018:2019 certification – the first privacy-specific international standard for cloud service providers focused on safeguarding personally identifiable information (PII), one of the most mission-critical components of cloud security.

As enterprises increasingly migrate to the public cloud, identity and access management (IAM) inconsistencies across different cloud providers pose a significant hurdle. Effectively securing identities in this complex landscape has proven to be a challenge. Discussions with industry analysts and enterprise clients have highlighted a prevalent issue: the existing security tool suite often falls short in providing actionable measures to weave identity security into cloud operations.