Do you have secrets sprawled across your tech stack? The recent Disney breach is as good a reminder as any to check, because it’s likely that you do. But first, let’s take a closer look at the Disney breach to understand what may have gone wrong, and how you can prevent a similar breach from happening to your business.

Do we need a new cybersecurity framework? According to Gartner, the answer is yes. Since 2022, they have championed CTEM, a five-stage approach designed to shrink attack surfaces and minimize cyber threat exposure through continuous risk assessment and mitigation. At its core, CTEM advocates for regularly testing your defenses to find vulnerabilities in your system and fortify your organization’s security with risk mitigation strategies.

In today’s cloud-based work environments, it’s all too easy for assets with sensitive data like PII, PCI, PHI, secrets, and intellectual property (IP) to be sprawled across the enterprise tech stack. With the skyrocketing costs of data breaches, one sprawled secret can cost organizations an average of $4.45 million. This is where Data Leak Prevention (DLP) solutions come in to limit secret sprawl, prevent data leaks, and ensure continuous compliance with leading standards.

The CDK Global ransomware attack was first reported in June 2024. Ransomware infected CDK Global, a software vendor that serves thousands of North American car dealerships. This ransomware attack affected over 10,000 U.S. car dealerships, their employees and their customers.

This blog is part of the ongoing “I&O Perspectives” series, which features insights from industry experts about the impact of current threats, networking, and other cybersecurity trends.

Data leaks are a growing concern for organizations due to the rising volume of sensitive information stored digitally. Leaks occur when sensitive data is inadvertently exposed, and they can easily lead to cyber attacks, reputational damage, and enormous financial costs. The best way to protect against them is to stop them from occurring in the first place. In this blog, we’ll delve into the common causes of leaks and best practices to bolster data security and prevent data leaks effectively. ‍

A career in cybersecurity can be rewarding, challenging, and, frankly, lucrative. But it's not the easiest industry to break into: the skills required for a cybersecurity role are both niche and specific, the bar for entry is relatively high, and there are very few entry-level jobs available. But don't be disheartened. The cybersecurity industry is crying out for fresh talent. With hard work, a little luck, and the right advice, you can set yourself up for a long and satisfying career in cybersecurity.

Watching the recent Snowflake customer attacks unfold felt a bit like rewatching a horror movie with predictable attack sequences and missed opportunities to run to safety. But this time, the ending was far more devasting. More than 100 organizations were exposed, and many are now grappling with the impacts of data theft and extortion in what some are calling one of the largest breaches in history.

On July 10, 2024, ServiceNow disclosed a series of critical vulnerabilities impacting their platform, identified as CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217. These vulnerabilities were responsibly disclosed to ServiceNow in May 2024 by Assetnote, a cybersecurity firm. ServiceNow responded by patching hosted instances in June 2024.