New data covering cyber insurance claims through 2023 shows claims have increased while reaffirming what we already know: phishing and social engineering are the real problem. If you’ve read enough of my articles here, you already know my view is a bit skewed towards the need for organizations to be aware of the true dangers of email-based cyber attacks.

Organizations’ zero-trust policies and identity-centric programs ensure that user identities and login credentials are vigorously protected with IAM policies and security tools like MFA or IP restrictions. However, the situation is very different regarding non-human identities (NHI) like API keys, OAuth apps, service accounts, and secrets. Lack of visibility, monitoring, and governance of this permissive access is everywhere, and attackers have figured it out.

Artificial Intelligence is becoming an integral part of our work. It helps us be more productive by automating tasks, analyzing, and boosting the speed of our work. Due to the desire to accelerate work and make it more efficient, SaaS providers integrate AI into their software. For example, Atlassian in 2023 announced Atlassian Intelligence, a combination of state-of-art OpenAI models and the power and data within the Atlassian platform.

RSA Conference, held annually in San Francisco in the spring, defines itself as an information security event that connects industry leaders and highly relevant information. 50,000 people attended in 2024, and of course, the Sumo Logic team was there to offer insights and to learn from others at the conference. During a LinkedIn Live from the show, Sumo Logic VP of Product Marketing Michael Cucchi talked about the show floor being noisy and repetitive.

Critical infrastructure facilities operated by the private and public sectors face a complex and continuously growing web of security threats that are compounded by the increasing convergence of information and operational technology (OT) in this area.

NIST 800-171 revision 3 was released on May 14, 2024, prompting DoD to issue an indefinite class deviation for DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (DFARS 7012). US Defense Industrial Base (DIB) contractors must now comply with NIST SP 800-171 revision 2 rather than the version in effect at the time the solicitation is issued, as was previously required.

In the world of cybersecurity being proactive is a necessity. Cyber threats loom large, and only those who dare to innovate, lead, and push boundaries can truly make a difference. That’s why it’s no surprise that our very own Jess Parnell, has been named the CISO of the Year in the 2024 Cybersecurity Excellence Awards.

If you’ve been scammed, there are different actions you should take based on what you were scammed into doing. For example, if you accidentally paid a scammer, you should contact your bank immediately. If you gave a scammer your login credentials, you should update your passwords and enable MFA immediately. If a scammer hacked your device, you should run antivirus software and possibly factory reset your device.