5 ways to align your cybersecurity with World Economic Forum (WEF) guidance
2025 could be the most challenging year yet for the digital environment. As emerging factors such as the duality of AI, the rise in cybercrime, or the shortage of cybersecurity talent impact business, we ask the question, what should companies expect going forward?
The Growing Importance of Penetration Testing in OT and ICS Security
A critical aspect of manufacturing, energy, and transportation is Industrial Control Systems (ICS) and Operational Technologies (OT). The rapid pace of digital growth makes these systems susceptible to cyberattacks. OT and ICS system security is important, making penetration testing an essential activity. This tactic makes it possible to mitigate weaknesses so they are no longer vulnerabilities. It is an effective measure of asset protection.
MDM vs Device Trust: Balancing security with productivity
Security tools inherently introduce some friction into workflows. However, too much friction can impede employee productivity to such a degree that the broader organization suffers. Historically, this has created a dilemma for CISOs, who struggle with finding the right balance between security and productivity.
Random but Memorable - Episode 14.4: Security Audit App Ideas with Jacob DePriest
What’s it like to work as a CISO at a security company? This week, 1Password’s VP of Security and CISO, Jacob DePriest, reveals all. Jacob also shares his advice for building strong security teams with diverse perspectives, backgrounds, and skillsets. In Watchtower Weekly, we unpack a novel technique to break into businesses - pretending to offer audits of the company's cybersecurity. Plus, Matt & Roo share their best app ideas in Alternative Security Questions.
How to Master Incident Response like a Pro
In the world of information security, we love to believe that our countermeasures, defence in depth strategies and preventative controls will shield us from disaster. We invest in technology, develop policies, train our people and implement procedures – all in the hope that we’ll never face a serious security breach. But as any seasoned security professional will tell you, incidents are inevitable.
The True Cost of Cloud-Native Backups: Are You Paying More Than You Think?
For IT decision-makers, the public cloud has become a game-changer. Scalability, agility, and elasticity are just a few of the many benefits that have driven more organizations to adopt public clouds such as AWS, Microsoft Azure, and Google Cloud. But with cyber threats on the rise, ensuring business-critical cloud data is protected and rapidly recoverable while optimizing cloud costs can feel like a difficult balancing act.
Understanding the IAM Blast Radius
In this episode of Into the Breach, James Purvis and Mike Schmidt delve into the concept of the IAM (Identity and Access Management) blast radius and its impact on modern security practices. They explore how DSPM (Data Security Posture Management) helps reduce noise, focus on sensitive data, and implement proactive least-privilege models to mitigate risks in cloud and SaaS environments. Learn how understanding the interplay between identities and data can enhance security outcomes and minimize the blast radius of breaches.
Bringing Shadow and Zombie APIs to Light
Application Programming Interfaces (APIs) have revolutionized connectivity and data sharing, but their pervasiveness has also created a new set of cybersecurity challenges. As businesses continually expand and update their applications, they often overlook APIs left behind by developers — shadow and zombie APIs — that continue to operate undetected. These abandoned APIs become silent risks, operating in the background, unknown to most security teams, and they can pose serious security threats.
HIPAA compliance for software development: A 7-step checklist
Any app collecting, processing, or storing protected health information (PHI) must be HIPAA-compliant to ensure ongoing operation without regulatory setbacks. This means that if your organization operates in the health tech industry, it must adhere to the requirements mandated by the regulation. Due to HIPAA’s broad scope and interpretative nature, the requirements may seem challenging without a clear compliance roadmap, leading to inefficient workflows and incomplete adherence to the rules.