Why cyber maturity assessment should become standard practice

Understanding risk is one thing, but how do you know if your organization has what it takes to withstand those risks being realized? Establishing cyber maturity can help determine resilience, where the strengths and weaknesses lie, and what needs to ha… Continue reading Why cyber maturity assessment should become standard practice

Using AI to reduce false positives in secrets scanners

As development environments grow more complex, applications increasingly communicate with many external services. When a software development project communicates with an external service, it utilizes a token or “secret” for authentication…. Continue reading Using AI to reduce false positives in secrets scanners

It’s time for security operations to ditch Excel

Security teams are hiding an embarrassing secret from the outside world: despite their position at the vanguard of technology, security risks and threats, their actual war plans are managed on spreadsheets. This is a far cry from the dark rooms, multi-… Continue reading It’s time for security operations to ditch Excel

A step-by-step plan for safe use of GenAI models for software development

If you are a large-scale company, the recent AI boom hasn’t escaped your notice. Today AI is assisting in a large array of development-related and digital-related tasks, from content generation to automation and analysis. The development of AI is rapid… Continue reading A step-by-step plan for safe use of GenAI models for software development

How to make sense of the new SEC cyber risk disclosure rules

SEC’s new cybersecurity risk management, strategy, governance, and incident disclosure rules, which require increased transparency around cybersecurity incidents, have been in effect since December 18, 2023. For businesses that already harbor concerns … Continue reading How to make sense of the new SEC cyber risk disclosure rules

Balancing “super app” ambitions with privacy

When Elon Musk’s ambitions to transform X into an “everything app” were divulged last year, he joined several companies known to be exploring or actively working on developing super apps, suggesting there’s clearly a niche to be filled. In fact, since … Continue reading Balancing “super app” ambitions with privacy

Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge

The essence of cybersecurity is not just about defense but enabling business through trust and reliability. As Gmail and Yahoo take steps to enforce stricter email authentication, organizations that are proactive in their DMARC compliance will not only… Continue reading Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge

AI outsourcing: A strategic guide to managing third-party risks

In an era of artificial intelligence (AI) revolutionizing business practices, many companies are turning to third-party AI services for a competitive edge. However, this approach comes with its own set of risks. From data security concerns to operation… Continue reading AI outsourcing: A strategic guide to managing third-party risks

We can’t risk losing staff to alert fatigue

The oft-quoted Chinese military strategist Sun Tzu famously claimed: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Exchange “battles” for “cyberattacks”, and the maxim will hold. But too much information … Continue reading We can’t risk losing staff to alert fatigue

February 2024 Patch Tuesday forecast: Zero days are back and a new server too

January 2024 Patch Tuesday is behind us. A relatively light release from Microsoft with 39 CVEs addressed in Windows 10, 35 in Windows 11, and surprisingly no zero-day vulnerabilities from Microsoft to start the new year. January’s release was a bit un… Continue reading February 2024 Patch Tuesday forecast: Zero days are back and a new server too