ISO 27001: Auditing “Themes” in the 2022 Revision
Blog Published: 08/09/2024
The CSA Security Update podcast is hosted by John DiMaria, Director of Operations Excellence at CSA. The podcast explores the CSA STAR program, cloud security best practices, and associated technologies. In this blog series, we edit key podcast episodes into shorter Q&As.Today’s post features...
Cloud Migration Simplified: SaaS Secrets and PAM Strategy
Blog Published: 08/09/2024
Originally published by CyberArk.Written by John Walsh. In the era of rapid digital transformation, organizations are prioritizing cloud transformation projects to enhance their operational agility, scalability and cost efficiency. However, this shift takes time and brings significant challeng...
How to Scale Your GRC Program with Automation
Blog Published: 08/08/2024
Originally published by Vanta.According to Vanta’s 2023 State of Trust Report, respondents spend an average of nine working weeks per year on security compliance. Some security teams have accepted that governance, risk, and compliance (GRC) will inevitably take tons of time and effort. And many c...
Best Practices to Secure Data Access in Snowflake
Blog Published: 08/08/2024
Originally published by Oasis Security.In the last few days, there has been a lot of noise about an alleged Snowflake breach that impacted several companies' supply chains. While the details remain unconfirmed, it appears that the attack is once more identity-based. It is important to remain vigi...
Transforming Data Security: How AI and ML is Shaping the Next Generation of Data Security Tools
Blog Published: 08/08/2024
Originally published by Cyera.Written by Yana Fesh.Learn how AI-powered classification is transforming legacy Data Security Posture Management (DSPM) and providing accurate, autonomous insight into your data risk. Understand the limitations of traditional rules-based DSPM and why organizations ne...
CSA Community Spotlight: Contributing Something Meaningful with Head of Security Partha Chakraborty
Blog Published: 08/07/2024
For the last 15 years, CSA has been contributing to the cybersecurity community with our many research publications, trainings, blogs, in-person and virtual webinars and events, and many other initiatives based on top-of-mind security concerns. This thought leadership and event content is produce...
Navigating the Shadows: Safeguarding AI Infrastructure Amidst CVE-2023-48022
Blog Published: 08/07/2024
Originally published by Truyo.We all want to leverage AI, but models are only as good as the data used to train them. Often, training data is comprised of confidential information. How do you balance the need to make an AI run effectively without exposing PII? It’s not only the initial training t...
The Hydra Effect: Why Shutting Down RaaS is Like Playing Whack-a-Mole
Blog Published: 08/07/2024
Originally published by CXO REvolutionaries.Written by Ben Corll, CISO in Residence, Zscaler.As a CISO in Residence, one of my favorite activities is presenting on various topics at regional security summits. It lets me share ideas that I am truly passionate about with new and interesting people....
Cloud Security Alliance Addresses Using Artificial Intelligence (AI) for Offensive Security in New Report
Press Release Published: 08/07/2024
Paper explores the unique transformative potential, challenges, and limitations of Large Language Model (LLM)-powered AI in offensive securitySEATTLE and Black Hat Conference (Las Vegas) – Aug. 7, 2024 – Today, the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defin...
The Top 7 Questions We Get Asked about CTEM
Blog Published: 08/07/2024
Originally published by Dazz.Written by Jordan McMahon, Corporate Marketing, Dazz.I’m not ashamed to admit I’m a massive sucker for videos featuring hilarious moments captured by Ring doorbells.Like this one.And this one.And definitely all of these.Round-the-clock monitoring has become essential ...
Cloud Security Alliance Releases Top Threats to Cloud Computing 2024 Report
Press Release Published: 08/06/2024
Results highlight growing trust in the cloud as traditional cloud security concerns lessen in importanceSEATTLE and Black Hat Conference (Las Vegas) – Aug. 6, 2024 – Traditional cloud security issues often associated with cloud service providers (CSPs) are continuing to decrease in importance, ac...
Imagine GRC in 2030: a Q&A with RegScale’s Travis Howerton
Blog Published: 08/06/2024
Originally published by RegScale.Digital transformation, a raft of new state and federal regulations, and the exponential pace of change are quickly disrupting governance, risk, and compliance (GRC) processes for organizations and the CISOs who manage them. Big changes are ahead leading up to the...
Accedere's Perspective on the CrowdStrike Incident
Blog Published: 08/05/2024
Editorial Note: The lessons learned and changes that may result from this incident may take quite some time to fully understand. CSA is providing a platform for member experts to weigh in on this issue. The opinions of this article represent those of the member, not those of CSA.Written by Ashwin...
Surviving LockBit: Lessons from a Ransomware Attack
Blog Published: 08/05/2024
Originally published by Pentera.Written by Zachary Lewis, AVP IT & CISO, University of Health Sciences and Pharmacy in St. Louis.On April 13, 2023, we were hit hard. The University of Health Sciences and Pharmacy (UHSP) faced a serious adversary: The notorious LockBit ransomware group. It bro...
The Future of Cybersecurity Compliance: How AI is Leading the Way
Blog Published: 08/05/2024
Written by Gagan Koneru, Cyber Security Manager, GRC, FICO.Artificial Intelligence (AI) can transform cybersecurity compliance, enhance risk management, and prepare businesses to face new challenges as it makes its way into our personal and professional lives. Let us check out the latest innovati...
The CCZT Program: Built for the Industry, By the Industry
Blog Published: 08/02/2024
The CSA Security Update podcast is hosted by John DiMaria, Director of Operations Excellence at CSA. The podcast explores the CSA STAR program, cloud security best practices, and associated technologies. In this blog series, we edit key podcast episodes into shorter Q&As. Today’s post feature...
Zooming In: 6 Ways Cybercriminals Use the Black Market to Steal Zoom User Data
Blog Published: 08/01/2024
Originally published by Abnormal Security.In the wake of the COVID-19 pandemic, video conferencing platforms like Zoom experienced an unprecedented surge in popularity. However, this increased usage also attracted the attention of cybercriminals who sought to exploit the platform's growing user b...
Mitigating Risks During Mergers and Acquisitions in Healthcare with Security Testing
Blog Published: 08/01/2024
Originally published by Synack.In the fast-paced world of mergers and acquisitions (M&A), ensuring the security of digital assets is paramount—especially for organizations with highly sensitive data like healthcare.In 2023, Kaiser Permanente began the process of acquiring Geisinger in a $5 bi...
Breach Debrief: Snowflake MFA Meltdown Creates Data Leak Blizzard
Blog Published: 07/31/2024
Originally published by Adaptive Shield.Written by Maor Bin, CEO & Co-Founder, Adaptive Shield.On May 27, a threat actor group called ShinyHunters announced that it was selling 560 million records stolen in a data breach. The records include names, email addresses, physical addresses, and par...
How Time, Entitlements and Approvals (TEA) Can Secure the Keys to Your Cloud
Blog Published: 07/31/2024
Originally published by CyberArk.Written by Mike Bykat.A popular topic of conversation in my day-to-day work is how to secure privileged access to cloud management consoles and workloads. And that’s no surprise, considering more and more applications and workloads are migrating to the cloud.Up un...
