Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

US state and local government agencies continue to contend with a dizzyingly complex IT environment, which includes data silos, tool sprawl, rising cyber threats, and limited availability of cybersecurity experts. In response, many state CISOs are exploring a “whole-of-state” cybersecurity strategy, which aims to bolster their state’s security through centralization and collaboration.

Progress has recently raised concerns about multiple vulnerabilities in their MOVEit Transfer secure managed file transfer solution. These vulnerabilities have been publicly disclosed within the past several weeks, and the most recent one was reported on June 15, 2023. Notably, the latest vulnerability is claimed to be a zero-day SQL injection vulnerability. If exploited by an attacker, these vulnerabilities can lead to unauthorized access to the MOVEit Transfer database.

Granting users with authorization to access sensitive business information means that you rely on them to adopt cybersecurity best practices. This trust is violated when a disgruntled employee acts maliciously and leaks sensitive information. What’s more concerning — the same violation is also possible when users unwittingly fall prey to social engineering attacks, zero-day exploits or vulnerabilities that remain unpatched in your IT networks.

When pursuing success in business or other endeavors, two key concepts play a crucial role: process and practice. While some argue that process and practice are interchangeable, in reality, they're vastly different. But how do we use process and practice to become more efficient and successful? Is one of them more crucial than the other? Can you do one without the other? To answer these questions, we’ll dive deeper into process and practice and how to apply both.

There is no downside for an organization to have a security awareness program in place. It may not be 100% effective in stopping workers from making an error and causing a cyber incident, but like any preventative endeavor such a program can reduce the possibility of a disastrous cyber incident from occurring. An organization’s staff is on the front line when it comes to defending their place of work. Kind of a human firewall, if you will.

In my previous blog on Kubernetes security foundations, we discussed the growing adoption of cloud-native applications and the security challenges they present. We highlighted the limitations of traditional network firewalls in securing these applications and emphasized the importance of implementing cloud-native security policies to protect network traffic effectively.

In the ever-evolving landscape of digital threats and cybersecurity challenges, organizations face a significant burden known as security debt. Just like financial debt, security debt accrues when organizations compromise security measures in favor of convenience, speed, or cost-cutting measures. Over time, this accumulated debt can pose serious risks to the organization's data, reputation, and overall stability.