Collaborate Disseminate
Most organizations focus on securing routers, servers, firewalls, and other endpoints, but threats can also arise from unfamiliar sources such as third-party networks, which can be used by hackers to attack an organization. Through a strong TPRM framew… Continue reading How to design a third-party risk management framework
With terms like “AI washing” making their way into mainstream business consciousness, the hype surrounding AI is making it harder to differentiate between the true applications and empty promises of the technology. The quest for tangible business benef… Continue reading How AI helps decode cybercriminal strategies
Technologies such as GenAI, ML and IoT are giving threat actors new tools that make it easier to target consumers and organizations. From Savvy Seahorse which lures victims into investment scams, to a self-replicating AI worm that uses the likes of Cha… Continue reading Diversifying cyber teams to tackle complex threats
Microsoft is suffering cybersecurity failures due to systemic problems with strategic leadership. The world is witnessing an alarming trend of cybersecurity issues with Microsoft products and services. Over the past several years, Microsoft has suffere… Continue reading Microsoft’s cybersecurity dilemma: An open letter to Satya Nadella
The US celebrated Independence Day last week, providing many with a long weekend leading into patch week. With summer vacations underway, many developers must be out of the office because June was fairly quiet regarding software updates. This included … Continue reading July 2024 Patch Tuesday forecast: The end of an AV giant in the US
As a security professional, it can be tempting to believe that with sufficient resources we can achieve of state of parity, or even relative dominance, over cyber attackers. After all, if we got to an ideal state – fully staffed teams of highly c… Continue reading The impossibility of “getting ahead” in cyber defense
Q-Day—the day when a cryptographically relevant quantum computer can break most forms of modern encryption—is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few years… Continue reading Preparing for Q-Day as NIST nears approval of PQC standards
Earlier this year Europcar discovered a hacker selling info on its 50 million customers on the dark web. The European car rental company immediately launched an investigation, only to discover that the data being sold was completely doctored, possibly … Continue reading Why are threat actors faking data breaches?
Cybersecurity isn’t just about firewalls and antivirus. It’s about understanding how your defenses, people, and processes work together. Just like Google Maps revolutionized navigation, process mapping can revolutionize how you understand a… Continue reading How to create your cybersecurity “Google Maps”: A step-by-step guide for security teams
Like a bad movie that seems to go on forever, SQL injection (SQLi) attacks have lingered since the late 1990s. Due to various factors, they remain the third most common source of web application vulnerabilities. Reasons include human error, new technol… Continue reading Low code, high stakes: Addressing SQL injection