As companies compete with how fast new features and products can be released on the digital market, a byproduct of DevOps could be the neglect of sufficient and consistent information security throughout the pipeline – yes that means from start to the next improvement. Sure, automated security testing in production is a given, but what about during build and testing in the Continuous Integration and Continuous Delivery (CI/CD) Pipeline?
According to the Cisco 2018 Asia Pacific Security Capabilities Benchmark Study, 90 percent of Australian companies report that they receive up to 5,000 cyberthreats per day. For cybercriminals, Australia’s superannuation funds, banks, and insurers make for attractive targets. It is essential that these industries can protect and secure their data, including the data of their clients and customers, and respond quickly and robustly if a critical cyber-attack occurs.
The 2017 Deep Root Analytics incident that exposed the sensitive data of 198 million Americans, or almost all registered voters at the time, should remind us of the risks associated with storing information in the cloud. Perhaps the most alarming part is that this leak of 1.1 terabytes of personal data was avoidable. It was simple negligence.
Most descriptions of the Internet contain three layers, or levels: the surface web, the deep web, and the dark web. These categorizations can be both useful and misleading. The words “deep” and “dark” carry connotations with them that often obscure the technical and logical reasons for their designation.
With data breaches regularly marking the headlines, it is no surprise that digital threats constitute an increasingly significant concern for the C-Suite and cyber security experts. What is surprising, however, is that these two groups don’t seem to share the same view of information security. They have different opinions when it comes to the digital threat landscape in general as well as their organization’s level of preparedness in particular.
These days the word ‘intelligence’ pops up in any conversation on security. Why is the industry cannot get enough of it? What is the difference between intelligence and information? What is intelligence-led security? Let’s take a look.
We’re proud to announce a new USM Anywhere App for Box! We use the Box Events API to track and detect detailed activity on Box. This new addition to the set of USM Apps arrives to provide an extra security layer to cloud storage services that many enterprises are outsourcing to Box. Beyond monitoring and data collection, USM offers early detection of critical events and alerting, thanks to event correlation and business intelligence.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. An article that prompts many questions regarding use of PII in a passive way, misses one obvious question: Why was Wi-Fi enabled on 5.9 million devices while in transit? When you next get a moment, just check what, and why you need Wi-Fi and other communications features enabled all the time.
In the cybersecurity world, testing for the existence of exploitable vulnerabilities isn’t always an exact science. Checking for open ports (CIS Control 9 - Limitation and Control of Network Ports, Protocols and Services) sounds simple enough, but the reality is a long way off.
