Author Archives: Doug Bonderud

Unpacking the NIST cybersecurity framework 2.0

Posted on by

The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity. NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for […]

The post Unpacking the NIST cybersecurity framework 2.0 appeared first on Security Intelligence.

Continue reading Unpacking the NIST cybersecurity framework 2.0

Spend to save: The CFO’s guide to cybersecurity investment

Posted on by

Attack volumes are up, and attackers are finding new ways to compromise corporate security. According to the HackerOne 6th Annual Hacker-Powered Security Report, ethical hackers found 65,000 vulnerabilities in 2022. What’s more, 92% of hackers said they could pinpoint weaknesses that scanning tools missed, making reliance on detection technology alone a dangerous prospect. At the […]

The post Spend to save: The CFO’s guide to cybersecurity investment appeared first on Security Intelligence.

Continue reading Spend to save: The CFO’s guide to cybersecurity investment

CSC report: Space systems should be critical infrastructure

Posted on by

In 2013, Presidential Policy Directive (PPD) 21 established 16 critical infrastructure sectors responsible for providing essential services that underpin American society. These services are not only vital to the country’s safety and prosperity but are inherently tied to public confidence. As a result, the PPD makes it clear that “proactive and coordinated efforts are necessary […]

The post CSC report: Space systems should be critical infrastructure appeared first on Security Intelligence.

Continue reading CSC report: Space systems should be critical infrastructure

SIEM and SOAR in 2023: Key trends and new changes

Posted on by

Security information and event management (SIEM) systems remain a key component of security operations centers (SOCs). Security orchestration, automation, and response (SOAR) frameworks, meanwhile, have emerged to fill the gap in these capabilities left by many SIEM systems. But as many companies have begun reaching the limits of SIEM and SOAR systems over the last […]

The post SIEM and SOAR in 2023: Key trends and new changes appeared first on Security Intelligence.

Continue reading SIEM and SOAR in 2023: Key trends and new changes

As Data Gravity Goes Up, are Clouds Becoming Black Holes?

Posted on by

The more data in one place, the more data it attracts. This “data gravity” is a familiar function for enterprises, even if the term isn’t. As the number of applications hosted on local servers increases, so too does the amount of data necessary for them to operate. Add more data and more applications are required […]

The post As Data Gravity Goes Up, are Clouds Becoming Black Holes? appeared first on Security Intelligence.

Continue reading As Data Gravity Goes Up, are Clouds Becoming Black Holes?

Going Up! How to Handle Rising Cybersecurity Costs

Posted on by

The average cost of cybersecurity systems, solutions and staff is increasing. As noted by research firm Gartner, companies will spend 11% more in 2023 than they did in 2022 to effectively handle security and risk management. This puts companies in a challenging position: If spending stays the same, IT environments are at risk. If they […]

The post Going Up! How to Handle Rising Cybersecurity Costs appeared first on Security Intelligence.

Continue reading Going Up! How to Handle Rising Cybersecurity Costs

And Stay Out! Blocking Backdoor Break-Ins

Posted on by

Backdoor access was the most common threat vector in 2022. According to the 2023 IBM Security X-Force Threat Intelligence Index, 21% of incidents saw the use of backdoors, outpacing perennial compromise favorite ransomware, which came in at just 17%. The good news? In 67% of backdoor attacks, defenders were able to disrupt attacker efforts and […]

The post And Stay Out! Blocking Backdoor Break-Ins appeared first on Security Intelligence.

Continue reading And Stay Out! Blocking Backdoor Break-Ins

New Attack Targets Online Customer Service Channels

Posted on by

An unknown attacker group is targeting customer service agents at gambling and gaming companies with a new malware effort. Known as IceBreaker, the code is capable of stealing passwords and cookies, exfiltrating files, taking screenshots and running custom VBS scripts. While these are fairly standard functions, what sets IceBreaker apart is its infection vector. Malicious […]

The post New Attack Targets Online Customer Service Channels appeared first on Security Intelligence.

Continue reading New Attack Targets Online Customer Service Channels

OneNote, Many Problems? The New Phishing Framework

Posted on by

There are plenty of phish in the digital sea, and attackers are constantly looking for new bait that helps them bypass security perimeters and land in user inboxes. Their newest hook? OneNote documents. First noticed in December 2022, this phishing framework has seen success in fooling multiple antivirus (AV) tools by using .one file extensions, […]

The post OneNote, Many Problems? The New Phishing Framework appeared first on Security Intelligence.

Continue reading OneNote, Many Problems? The New Phishing Framework

What is a Red Teamer? All You Need to Know

Posted on by

A red teamer is a cybersecurity professional that works to help companies improve IT security frameworks by attacking and undermining those same frameworks, often without notice. The term “red teaming” is often used interchangeably with penetration testing. While the terms are similar, however, there are key distinctions. First and foremost is the lack of notice […]

The post What is a Red Teamer? All You Need to Know appeared first on Security Intelligence.

Continue reading What is a Red Teamer? All You Need to Know