Cloud computing is the most cost-effective way to store and manage data and meet growing business demands today. However, the rapid rise of cloud usage means you need to stay alert to potential cloud security insider threats that can compromise your sensitive data and security posture. In this post, we discuss the insider threat landscape, explore several types of cloud insider threats, and examine the best practices to combat these threats.

The more technology your organization adopts, the more exposed it becomes to third-party risks. Consider these statistics: Organizations have responded to these risks by implementing robust third-party risk assessment procedures. However, a common mistake is to view vendor risk management as a one-time activity, typically conducted prior to onboarding a new vendor. Since third-party risks are constantly evolving, it's crucial to evaluate vendor security at every phase of the vendor lifecycle.

A now fixed zero-day elevation of privilege (EoP) vulnerability in Microsoft Outlook (CVE-2023-23397) allows attackers to send craft emails to exploit Outlook. The vulnerability does not require user interaction to be exploited and runs even before the email is visualized in the preview pane of Outlook, which makes this vulnerability even more dangerous.

The business impact of critical open source vulnerabilities such as Spring4Shell and Log4j illustrate the crucial importance of detecting remediating such vulnerabilities as fast as possible, This is particularly important for the financial technology, which handles vast volumes of sensitive financial data for investors. That was certainly the case for MSCI, who deployed Mend to speedily thwart any potential threats posed by Spring4Shell.

Trustwave’s MailMarshal received a major update this month with the addition of PageML to the Blended Threat Module. The BTM enables the email security solution to conduct in-depth, real-time scans when a URL in an email is clicked to determine if the URL is malicious. PageML boosts the BTM’s ability to detect malicious URLs by one-third by applying machine learning techniques to page content in real time. The new scanning feature is named PageML, short for Page Machine Learning.

Late last year, the EU Parliament formally adopted a new Directive, NIS2, updating and superseding the existing NIS Directive which helped the organisations responsible for Europe’s critical national infrastructure to better understand, manage, and reduce their cybersecurity risk.