The significance of CIS Control mapping in the 2023 Verizon DBIR

Verizon’s recently released 2023 Data Breach Investigation Report (DBIR) provides organizations with a comprehensive analysis of the evolving threat landscape and valuable insights into incident types and vulnerabilities. This year, the report in… Continue reading The significance of CIS Control mapping in the 2023 Verizon DBIR

Goodbyes are difficult, IT offboarding processes make them harder

When employees, contractors and service providers leave an organization, they take with them knowledge, capabilities, and professional achievements. They should leave behind any proprietary or confidential data belonging to the organization, but Osterm… Continue reading Goodbyes are difficult, IT offboarding processes make them harder

Red teaming can be the ground truth for CISOs and execs

This year, against the backdrop of attacks on everyone from healthcare institutions and schools to financial services organizations, as well as the introduction of legislation across the UK and EU to move security up the agenda, cybersecurity has undou… Continue reading Red teaming can be the ground truth for CISOs and execs

How secure is your vehicle with digital key technology?

Digital key technology allows mobile devices to streamline approval for everyday access points, making it a fitting solution for the automotive industry. While there are a few different approaches to implementing digital keys for automotive use, a secu… Continue reading How secure is your vehicle with digital key technology?

Beyond MFA: 3 steps to improve security and reduce customer authentication friction

For many people, life’s fundamental activities are now conducted online. We do our banking and shopping online, turn to the digital realm for entertainment and to access medical records, and pursue our romantic interests via dating sites. That means ap… Continue reading Beyond MFA: 3 steps to improve security and reduce customer authentication friction

How to achieve cyber resilience?

Cyber resilience is a leading strategic priority today, and most enterprises are now pursuing programs to bolster their ability to mitigate attacks. Yet despite the importance placed on cyber resilience, many organizations struggle to measure their cap… Continue reading How to achieve cyber resilience?

June 2023 Patch Tuesday forecast: Don’t forget about Apple

The odd month-to-month pattern of CVEs addressed by Microsoft continued with the May Patch Tuesday. After seeing high numbers for April, we saw 20 and 23 CVEs fixed for Windows 11 and 10, respectively, in May. And after 62 CVEs were fixed for Server 20… Continue reading June 2023 Patch Tuesday forecast: Don’t forget about Apple

AI: Interpreting regulation and implementing good practice

Businesses have been using artificial intelligence for years, and while machine learning (ML) models have often been taken from open-source repositories and built into business-specific systems, model provenance and assurance have not always necessaril… Continue reading AI: Interpreting regulation and implementing good practice

How to make developers love security

In my last post I discussed how developers can be your security secret weapon… but how to help them love doing security work? That’s a whole other challenge! Stories of the tension between developers and security teams are a longstanding feature of the… Continue reading How to make developers love security

Leveraging large language models (LLMs) for corporate security and privacy

“Once a new technology rolls over you, if you’re not part of the steamroller, you’re part of the road.” – Stewart Brand The digital world is vast and ever-evolving, and central to this evolution are large language models (… Continue reading Leveraging large language models (LLMs) for corporate security and privacy