The Positive and the Negative Impacts of Quantum Computers on the Finance Sector
Blog Published: 01/29/2024
Originally published by DigiCert. Written by Timothy Hollebeek. Quantum computers will change the way many industries operate, and the impacts of quantum computing will affect all aspects of society. It’s not a question of if but when as governments and private companies race towards their d...
The Five Key Benefits of CNAPP: How It Helps to Protect Cloud Workloads
Blog Published: 01/30/2024
Originally published by Tenable. Written by Tom Croll, Advisor at Lionfish Tech Advisors. Analysts use acronyms to define requirements for new technologies and develop guidance for protecting digital businesses’ critical systems. However, acronyms often confuse end users, which can resu...
Security Chaos Engineering: Fewer Blind Spots and Improved Stress Testing Move CISOs Closer to Cyber Resilience
Blog Published: 02/01/2024
Originally published by Synack. Written by Luke Luckett. Headlines in the press over the past few quarters have shown that resilience in the financial sector can be stress tested – sometimes with little warning. According to the Federal Reserve, the form of stress testing they conduct assesses...
ISO 42001: A New AI Management System for the Trustworthy Use of AI
Blog Published: 01/30/2024
Originally published by BARR Advisory on December 6, 2023. Written by Kyle Cohlmia. In a survey by Heidrick & Struggles, respondents most often identified Artificial Intelligence (AI) as a significant threat to organizations in the next five years. With this statistic in mind and the relea...
What to Know About the New EU AI Act
Blog Published: 01/24/2024
Originally published by Schellman. After 22 grueling hours of negotiations, policymakers within the European Union (EU) have reached a provisional agreement on new rules to govern the most powerful artificial intelligence (AI) models. They’re calling it the EU AI Act, and though yes—the provis...
Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services
Blog Published: 01/24/2024
Originally published by SentinelOne.Written by Alex Delamotte. Executive SummaryFBot is a Python-based hacking tool distinct from other cloud malware families, targeting web servers, cloud services, and SaaS platforms like AWS, Office365, PayPal, Sendgrid, and Twilio.FBot does not utilize the ...
Uncovering Hybrid Cloud Attacks Through Intelligence-Driven Incident Response: Part 2 – The Attack
Blog Published: 01/25/2024
Originally published by Gem Security.Written by Yotam Meitar. Effective response to cloud and hybrid attacks can be uniquely challenging. In this three-part series, we discuss how implementing intelligence-driven contextualized incident response allows defenders to turn attackers’ advantages i...
Top 3 Identity Risks In Enterprise Clouds
Blog Published: 01/26/2024
Originally published by Sonrai Security.Written by Tally Shea. After months of reporting on what identity and privilege risks are leaving organizations vulnerable to data breach and business disruption, where exactly those risks are, and how to fix them, one thing has been made clear: There’s ...
GRC and Continuous Controls Monitoring, You Complete Me
Blog Published: 01/25/2024
Originally published by RegScale. Many large enterprises have invested heavily in Governance, Risk, and Compliance (GRC) tools over the last 20 years. These investments were driven by the need to improve the organization’s compliance posture, enhance its risk management practices, and generate...
Navigating the Cybersecurity Seas: The Essential Traits of a Successful CISO
Blog Published: 01/29/2024
Originally published by RegScale.In the ever-evolving cybersecurity landscape, a successful Chief Information Security Officer (CISO) is the linchpin between an organization’s safety and the relentless waves of cyber threats. The role of a CISO demands more than technical prowess; it requires ...
Eight Cybersecurity Predictions for 2024 and Beyond
Blog Published: 01/30/2024
Originally published by Skyhigh Security.Written by Rodman Ramezanian, Global Cloud Threat Lead, Skyhigh Security. The ever-changing digital environment is driving the evolution of cybersecurity threats. As technology advances and cybercriminals develop new tactics to exploit vulnerabilities a...
DORA Directive: The Climax of Resilience in the European Economic System
Blog Published: 01/31/2024
Originally published by Devoteam.One in two cyber attacks was successful in the Eurozone (European Central Bank statistics for the year 2022). Despite efforts in recent years by various stakeholders, this figure struggles to decrease, indicating that only structural decision-making will be abl...
The Emergence of Shadow AI and Why Evolution, Not Revolution, Might Just Kill it Dead
Blog Published: 01/31/2024
Originally published by CXO REvolutionaries.Written by Martyn Ditchburn, CTO in Residence, Zscaler. Cyber professionals are being bludgeoned daily by the topic of AI from both within their organizations and without. As a colleague acknowledged in a recent roundtable – the largest abuse of data...
The Evolution of Check Payments
Blog Published: 01/31/2024
Originally published by IBM Financial Services Cloud Forum. Written by Prakash Pattni. Check payments market in fluxAcross the globe, enterprises are rapidly modernizing to meet the demands of today’s digital-first consumers and frictionless experiences. These same enterprises must also priori...
Modernizing FedRAMP through Automation for Efficiency: Reflections on OMB’s Recent Draft Memorandum
Blog Published: 02/05/2024
Originally published by RegScale. In the dynamic world of technology and cybersecurity, government agencies must stay ahead of the curve. The Office of Management and Budget (OMB) has taken a significant step in this direction with their latest memorandum titled: “Modernizing the Federal Risk ...
What to Do After an Account Takeover
Blog Published: 02/05/2024
Originally published by Abnormal Security. Written by Emily Burns. Account takeovers are a shockingly common and consistently damaging attack that occurs when a malicious actor gains access to an organization’s sensitive data through a compromised account. These attacks are often financially d...
4 Key Factors to Consider When Protecting Your Cloud Workloads
Blog Published: 02/06/2024
Originally published by CrowdStrike. Today’s security practitioners face a daunting challenge: Staying ahead of sophisticated adversaries who have turned their attention to the expansive terrain of cloud environments. CrowdStrike observed a 95% year-over-year increase in cloud exploitation in ...
What Are AWS Service Control Policies (SCP)? A Complete Guide
Blog Published: 02/09/2024
Originally published by Sonrai Security. Written by Tally Shea. The cloud is all about innovation at a speed never before possible. This can often lead to rapid development sprints and a proliferation of identities and infrastructure – and with that, excessive privilege. In large scale enter...
Detecting and Mitigating CVE-2023-4911: Local Privilege Escalation Vulnerability
Blog Published: 02/01/2024
Originally published by Sysdig.Written by Daniele Linguaglossa. Recently, Qualys discovered and reported a critical vulnerability affecting the popular GLIBC ecosystem, which is installed by default on most Linux-based operating systems. Specifically, a buffer overflow was found in the code r...
SOC 2 Reports and Penetration Tests
Blog Published: 02/02/2024
Originally published by MJD.Written by Mike DeKock, CPA. We get asked a lot about whether penetration testing is required to complete a SOC 2 report. The short version of the answer is “no” - there are no explicit requirements for penetration testing (or any controls) within a SOC 2 report. Th...