DORA Act: Cybersecurity Is An Investment | Paul Dwyer

Paul Dwyer talks about cybersecurity as an investment. The Digital Operational Resilience Act, or DORA, is set to redefine the landscape of digital security and operational resilience. In this video, we explore the key provisions and implications of DORA, which aims to strengthen the cybersecurity framework across the European Union. GUEST BIOS.

2023 OWASP Top-10 Series: API8:2023 Security Misconfiguration

Welcome to the 9th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API8:2023 Security Misconfiguration. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

Why we need to democratize governance, risk, and compliance

Today’s uncertain economy has presented an array of problems to organizations of every size and across all industries. In the world of tech titans alone, 70,000 jobs have been lost over the past year. It’s safe to say that businesses have laid off and lost talented and experienced professionals from their rosters. We feel losing talent more acutely in cybersecurity and privacy as risk of cyberattacks and breaches may cost the global economy $10.5 trillion annually by 2025.

Featured Post

You Can't Win: Learning to Live with Security Pessimism

Cybersecurity can, at times, feel like a thankless and invisible task. The punishment for a mistake is immediate and ruthless, the reward for success next to non-existent, because how do you recognise the absence of a breach? But this isn't a new scenario; the IT industry has dealt with this outlook for decades. The job of an IT department is to be invisible, but when something does go wrong all eyes are inevitably on them to fix it.

New Scam Impersonates QuickBooks to Steal Credentials, Extract Money

Establishing urgency through a false need to “upgrade” or lose services, this new attack takes advantage of the widespread use of the popular accounting app to attract victims. Impersonation in phishing attacks only works if the target has an established rapport or relationship with the sender.

Deepfakes More Common So Bolster Your Defenses

The United States FBI, NSA, and CISA have released a joint report outlining the various social engineering threats posed by deepfakes. “Threats from synthetic media, such as deepfakes, present a growing challenge for all users of modern technology and communications, including National Security Systems (NSS), the Department of Defense (DoD), the Defense Industrial Base (DIB), and national critical infrastructure owners and operators,” the report says.

Ekran System Announces Integration with Venn to Enhance Remote Work Security

Ekran System announces its partnership with Venn, a provider of innovative solutions that secure remote work on any unmanaged or BYOD computer. Like Ekran System, Venn is recognized by many cybersecurity experts. It has also been named a Sample Vendor by Gartner. We hope this strategic partnership will mark a significant advancement in fortifying remote work environments against emerging cybersecurity threats.

New Phishing Attack Uses Social Engineering to Impersonate the National Danish Police

A malwareless and linkless phishing attack uses sextortion and the threat of legal action to get the attention of potential victims and get them to respond. Usually, the intent of a phishing attack is evident. For example, if the attack is pretending to be Microsoft and sends you to a spoofed login page, the whole point of the attack is to harvest the victim’s Microsoft 365 credentials.

Three Recent Examples of Why You Need to Know How Vulnerable Your Secrets Are

In today's digital landscape, the issue of compromised credentials has become a major concern. Discover how renowned companies like Microsoft, VMware, and Sourcegraph were recently confronted with the threats of secrets sprawling.