Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Privacy and confidentiality: what is the difference? | TrustTalks - Ep 3 | Security and GRC Podcast

Are you confused about the difference between privacy and confidentiality? Don’t worry, you’re not alone. While these terms are often used interchangeably, they actually have distinct meanings. In this podcast, we will explore the nuances of privacy and confidentiality, helping you understand their significance and how they relate to each other. Privacy refers to the right to maintain control over your personal information. It involves the ability to keep certain details about your life, preferences, and activities private and secure.

Navigating AI Governance: Insights into ISO 42001 & NIST AI RMF | TrustTalks - Ep 2

As businesses increasingly turn to artificial intelligence (AI) to enhance innovation and operational efficiency, the need for ethical and safe implementation becomes more crucial than ever. While AI offers immense potential, it also introduces risks related to privacy, bias, and security, prompting organizations to seek robust frameworks to manage these concerns. In response to this surge in AI adoption, national and international bodies have been developing guidelines to help companies navigate these challenges.

From Assessment to Implementation: Attack Surface Reduction Guide

An attack surface is the sum total of all the various ways that a cyber threat actor could attack an organization. This includes everything from software vulnerabilities, like SQL injection, to lost and stolen devices to social engineering attacks against the organization’s employees or third-party partners. An organization’s overall attack surface can further be divided into its external and internal attack surfaces.

From Discounts to Data Breaches

‘Black Friday’ is an event every savvy shopper eagerly awaits as the holiday season approaches. However, it’s no longer just a single day of deals. Black Friday has evolved into a weeks-long sales event, and in some cases, it spans the entire month of November. While this extended shopping period offers consumers more time and flexibility to grab bargains, it also significantly increases opportunities for cybercriminals to exploit unsuspecting shoppers.

Securing Remote Access: Best Practices for Third-Party Risk Management

The physical location of users has become less and less important in conducting business, with the drawback that it creates new, persistent threats to organizations. You know that. You may not know that remote access to IT and business-critical systems is not a new concept. It’s been around since the late 1980s.

Beyond Traditional Security: Addressing the API Security Gap

Let’s be honest: APIs are the unsung heroes of the modern business world. They work silently behind the scenes, connecting applications, driving innovations, and ensuring your digital transformation stays on track. However, there’s a crucial downside: APIs can pose a significant security risk. They can be likened to unlocked doors leading to your sensitive data and essential business functions—an ideal target for hackers.

What Is Penetration Testing?

Penetration testing, also referred to as pen testing, is a simulation of a cyber attack that organizations conduct to identify security vulnerabilities within their systems. By finding weaknesses through a simulated cyber attack, organizations can pinpoint areas that need improvement before a cybercriminal can exploit them. Penetration testing helps organizations address issues in their systems to prevent unauthorized access, meet compliance requirements and minimize the risk of phishing attacks.

What are the consequences of losing Active Directory (AD)?

Did you know that 54% of breaches result from stolen or hacked credentials, according to DHS and CISA? Active Directory (AD) is a prime target for attackers, and compromising it can lead to catastrophic consequences for any organization. In this video, we dive into: Why AD is a prime target: Once compromised, attackers gain "the keys to the kingdom" and access to your entire enterprise. The hidden threat: Attackers can remain undetected in your network for up to 10 days, extracting sensitive information. On average, a data breach costs an organization around $4.4 million.