Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Today’s edition of GRC Newsflash features our Compliance Specialist Frank Kyazze, and covers Risk Updates from the SEC announced on July 26, 2023.

An attack surface refers to all the possible points, also called attack vectors, where cybercriminals can access a system and steal data. When an attack surface is small, it’s easier to manage and protect, making it essential to reduce your attack surface as much as possible. Continue reading to learn more about attack surfaces and how you can reduce your organization’s attack surface by following a few of our tips.

In mid-August, U.S. national security advisor Jake Sullivan sent a memo to cabinet secretaries of agencies outside the Pentagon dinging them for not complying with deadlines and steps in the 2021 Executive Order 14208 on Improving the Nation’s Cybersecurity. In doing so, he set a new timeclock ticking for submitting a detailed implementation plan by the end of September… just a few weeks away from this writing.

Web communications can be routed over the Hypertext Transfer Protocol (HTTP) and the Hypertext Transfer Protocol Secure (HTTPS). The latter ensures encrypted data transfer between a website and a user. Some sites will offer both HTTP and HTTPS connections, but any HTTP connection may be vulnerable to cyber attacks. To require that all connections route over HTTPS, you can set up an HTTPS Strict Transport Policy (HSTS) to enforce secure connections.

The Indiana Medicaid program helps state residents who fall into a lower income bracket. These individuals use the program to obtain medical care. To qualify for the program, individuals must present their financial statements and other personal data to the government organization. Some or all of this data could be at risk if the organization is compromised. After learning the Medicaid program was compromised, we were concerned about all the individuals that could be impacted.

Enterprises are embracing cloud platforms to drive innovation, enhance operational efficiency, and gain a competitive edge. Cloud services provided by industry giants like Google Cloud Platform (GCP), Azure, AWS, IBM, and Oracle offer scalability, flexibility, and cost-effectiveness that make them an attractive choice for businesses. One of the significant trends in cloud-native application development is the adoption of containerized applications, serverless architectures, and microservices.

If you’re reading this article, you’re likely already considering an AWS migration for your company. You already have a handle on some of the perks migrating to AWS can have on your business but are reluctant considering how much disruption nearly every industry experienced within the last year or more. Rather than opting for more change, you might consider holding on to what you know until this period of disruption comes to an end.

For organizations of all sizes, cyber consistently earns a place on the agenda, becoming a focal point for business-critical initiatives and investments. Today, cyber means business, and it isn't challenging to overstate the importance of cyber as a foundational and integral business imperative.