A CISO's perspective: Why I've read the Elastic Global Threat Report

It’s that time of year again. Fall leaves are turning colors, families are gearing up for the holidays, and many vendors are releasing different reports during cybersecurity month. Our researchers at Elastic Security Labs released the 2023 Global Threat Report last week after months of analysis on more than 1 billion data points. As the CISO of Elastic, my team and I leveraged last year’s report findings and predictions to strategize for the changing threat landscape.

How the MITRE ATT&CK Framework Helps CISOs Communicate Risk to Stakeholders

Picture this: Your CEO comes into your office and asks, “What’s our security posture, and where’s our greatest area of risk? I’m particularly worried about this new emerging threat group. What defenses or detections do we have around that?” You: “…” Enter the MITRE ATT&CK® framework and Devo’s MITRE ATT&CK Adviser app—built to help you tell the business where your risks are and what it would take to address them.

Navigating the Complex AI Regulatory Landscape - Transparency, Data, and Ethics

Ahead of the upcoming AI Safety Summit to be held at the UK’s famous Bletchley Park in November, I wanted to outline three areas that I would like to see the summit address, to help simplify the complex AI regulatory landscape. When we start any conversation about the risks and potential use cases for an artificial intelligence (AI) or machine learning (ML) technology, we must be able to answer three key questions.

Leadership Less Involved in Cyber-Preparedness Despite a Majority of Orgs Thinking Data Loss from a Cyber Attack Likely in the Next 12 Months

You probably expect executive leadership to not just support cybersecurity efforts, but to be involved. New data shows organizations have a way to go until this is a reality. Even if an organization is completely supportive of the cybersecurity strategy, it can’t exist in a technical bubble only. It requires a lot of input – from planning to implementation – to ensure that required business objectives are met as security controls become part of operations and resiliency plans.

Getting started with query parameterization

When web applications rely on user-supplied data, there is a potential risk of SQL injection attacks. SQL injection is a technique used to alter a SQL statement by manipulating user input. Specifically, attackers send malicious SQL code to the database to bypass security measures and gain unauthorized access to data. The consequences can be severe, ranging from sensitive information leaks to complete system loss.

Does Your SIEM Empower Your SOC?

The right SIEM can make or break your SOC. While there are a lot of security solutions and platforms for you to choose from, ask yourself–how will they make life in your SOC better than before? If you make the right choice, you’ll empower your SOC to work more efficiently, more effectively, and more proactively. As you do your research and consider which SIEM is right for you, make sure it checks these boxes. Your analysts will thank you.

Most Organizations Believe Malicious Use of AI is Close to Evading Detection

As organizations continue to believe the malicious use of artificial intelligence (AI) will outpace its defensive use, new data focused on the future of AI in cyber attacks and defenses should leave you very worried. It all started with the proposed misuse of ChatGPT to write better emails and has (currently) evolved into purpose-built generative AI tools to build malicious emails. Or worse, to create anything an attacker would need using a simple prompt.

How StoryChief's CTO uses Aikido Security to sleep better at night

Losing sleep imagining bad actors infiltrating your awesome new startup’s code? Not anymore! Aikido Security has designed startup security to be affordable, efficient, and fill the needs of CTOs. Let’s have a look at how Aikido transformed StoryChief’s security posture.

How to secure JavaScript applications right from the CLI

According to Snyk's 2022 State of Open Source Security report, the average JavaScript project has 49 vulnerabilities, including common ones like unsafe dependencies, cross-site scripting (XSS), weak input validation, and cross-site request forgery (CSRF). And given JavaScript's widespread use, robust security measures are increasingly important to safeguard your applications from cyberattacks.