Collaborate Disseminate
I asked for a calm August 2024 Patch Tuesday in last month’s forecast article and that came to pass. The updates released were limited to the regular operating systems and all forms of Office applications. Six zero-day vulnerabilities were announced, w… Continue reading September 2024 Patch Tuesday forecast: Downgrade is the new exploit
Businesses run on SaaS solutions: nearly every business function relies on multiple cloud-based tech platforms and collaborative work tools like Slack, Google Workspace apps, Jira, Zendesk and others. We recently surveyed security leaders and CISOs on … Continue reading Human firewalls are essential to keeping SaaS environments safe
Organizations’ preparedness and resilience against threats isn’t keeping pace with cybercriminals’ advancements. Some CEOs still believe that cybersecurity requires episodic intervention rather than ongoing attention. That isn’t the reality for many co… Continue reading How to gamify cybersecurity preparedness
Continuous threat exposure management (CTEM) – a concept introduced by Gartner – monitors cybersecurity threats continuously rather than intermittently. This five-stage framework (scoping, discovery, prioritization, validation, and mobiliza… Continue reading Managing low-code/no-code security risks
Version 4.0.1 of the Payment Card Industry Data Security Standard (PCI DSS), which came into effect back in April, incorporates a few important changes to make it fit for the modern digital world, addressing how technologies, the threat landscape and p… Continue reading Complying with PCI DSS requirements by 2025
The NIS2 Directive is one of the most recent efforts of the EU legislator to boost cybersecurity across the bloc and to keep up with the challenges of an increasingly digitalized society and growing cyber threats. As the name implies, the NIS2 Directiv… Continue reading The NIS2 Directive: How far does it reach?
Evolving global data privacy regulations are keeping marketers on their toes. In April 2024, the American Privacy Rights Act (APRA) was introduced in the Senate. The proposed bill would create a federal consumer privacy framework akin to the GDPR, whic… Continue reading How to prioritize data privacy in core customer-facing systems
The CrowdStrike event in July clearly demonstrated the risks of allowing a software vendor deep access to network infrastructure. It also raised concerns about the concentration of digital services in the hands of a few companies. A prescient Reddit po… Continue reading Two strategies to protect your business from the next large-scale tech failure
To date, most technology solutions focused on vulnerability management have focused on the prioritization of risks. That usually took the shape of some risk-ranking structure displayed in a table with links out to the CVEs and other advisory or threat … Continue reading Vulnerability prioritization is only the beginning
Things change fast in the world of data privacy. Just earlier this year, the question I was being asked most frequently was, “How similar will the proposed federal privacy law (APRA) be to the EU’s GDPR?” Now that APRA is pretty much dead on arrival by… Continue reading A survival guide for data privacy in the age of federal inaction