On November 21st, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), and Australian Signals Directorate’s Australian Cyber Security Center (ASD’s ACSC) released an advisory highlighting the ongoing exploit of the Citrix Bleed Vulnerability (CVE-2023-4966) by Lockbit 3.0 affiliates.

In an era where digital threats are evolving rapidly, the need for skilled security professionals is at an all-time high. Companies are grappling with a unique dilemma: the acute shortage of top-tier talent in the cybersecurity realm. But hiring an entire team poses its own set of risks. From the complexities of team dynamics to the cost of hiring, the constant upskilling and the ongoing retention efforts, these risks and costs stack up quickly.

In 2022, more than 25,000 new CVEs were discovered and added to the NIST National Vulnerability Database. In just the first ten months of 2023, another 23,500 CVEs were identified and added to the NIST NVD. That’s more than 48,000 new vulnerabilities documented in less than 2 years! With so many new CVEs being identified all the time, vulnerability management can seem like an insurmountable challenge. Despite the staggering numbers, there’s good news.

Code doesn’t write itself and software doesn’t secure itself, as much as the race is on to make that happen. At the beginning and end of everything in software is people and, importantly, people interacting with each other. Having great tools doesn’t matter if no one uses them, and having great policies doesn’t matter if no one enforces them.

As financial institutions navigate the ever-evolving challenges of cybersecurity, understanding and implementing the Federal Financial Institutions Examination Council (FFIEC) compliance becomes paramount. Here, we aim to be your guide, providing valuable information and practical hardening tips to help financial institutions not only meet but exceed FFIEC compliance standards. This blog will discuss.

An interview with David Morimanno (DJ), Sr. Advisory Manager at Integral Partners and Steve Tucker, Commercial Director at Xalient. A couple weeks ago Xalient sponsored Europe’s premier Identity and Access Management Conference, IDM. I attended with my colleague DJ from Integral Partners to network with C-level IAM leaders and to hear from peers and subject matter experts in the Identity space.