Cybersecurity Risk Mitigation Recommendations for 2024-2025
Blog Published: 10/08/2024
Originally published by Entro.Written by Itzik Alvas, CEO & Co-founder, Entro.The Rise of Non-Human Identities Non-human identities (NHIs) such as automated systems, devices, APIs, and services, are playing an increasingly large role in IT ecosystems. These entities are essential for daily op...
Creating a Cyber Battle Plan
Blog Published: 10/07/2024
Originally published by CXO REvolutionaries.Written by Ben Corll, CISO in Residence, Zscaler.Nearly every day (certainly every week) the headlines scream of massive data breaches. It's enough to make you wonder: with companies supposedly pouring resources into cybersecurity, why are cyber inciden...
Why You Should Have a Whistleblower Policy for AI
Blog Published: 10/07/2024
Originally published by Truyo.Considering the evolving regulatory landscape surrounding artificial intelligence (AI), including the EU AI Act and potential future directives from bodies like the U.S. Department of Health and Human Services (HHS), establishing a whistleblower policy has emerged as...
Reflections on NIST Symposium in September 2024, Part 1
Blog Published: 10/04/2024
Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR.Yesterday (September 24, 2024), I had the privilege of attending the NIST symposium “Unleashing AI Innovation, Enabling Trust.” The first day of the event had two panels. The first panel, titled “Advancing Generative A...
How to Maximize Alignment Between Security and Compliance Teams
Blog Published: 10/04/2024
Written by David Balaban.Security and compliance are both serious issues that can keep you awake at night. In theory, they should be perfect partners, complementing each other to keep your organization resilient and its digital assets safe.Thankfully, this kind of alignment is finally being inter...
Embracing AI in Cybersecurity: 6 Key Insights from CSA’s 2024 State of AI and Security Survey Report
Blog Published: 10/04/2024
Originally published by Abnormal Security.The integration of artificial intelligence (AI) into cybersecurity practices is transforming the landscape, offering both promising advancements and new challenges. The State of AI and Security Survey Report, sponsored by the Cloud Security Alliance, prov...
Secure by Design: Implementing Zero Trust Principles in Cloud-Native Architectures
Blog Published: 10/03/2024
Written by Vaibhav Malik, Global Partner Solutions Architect, Cloudflare.Organizations are increasingly adopting AI-native application workloads in the rapidly evolving landscape of cloud computing and AI. These innovative solutions, powered by advanced technologies like large language models (LL...
AI Legal Risks Could Increase Due to Loper Decision
Blog Published: 10/03/2024
Written by Dan Stocker, with contributions from the CSA AI Governance and Compliance Working Group.AI and regulationIn just a short few years, artificial intelligence (AI) has gone through a massive hype cycle, and is entering a period where it will directly impact the broader population. There a...
What ‘Passwordless’ Really Means for Privileged Access Management
Blog Published: 10/03/2024
Originally published by CyberArk.Written by Sam Flaster.Privileged access management (PAM) programs aim to secure the highest-risk access in an organization, including using privileged credentials like passwords, SSH keys and application secrets. So, how can PAM and identity security teams prepar...
Aligning Security Testing with IT Infrastructure Changes
Blog Published: 10/03/2024
Originally published by Pentera.With 73% of organizations tweaking their IT setups every quarter, it’s concerning that only 40% are aligning their security checks accordingly. This frequency gap leaves organizations vulnerable to prolonged risk and highlights a critical area for improvement. Ensu...
CSA Community Spotlight: Bolstering the Mission of Cybersecurity with CEO Avani Desai
Blog Published: 10/02/2024
The Cloud Security Alliance (CSA) has established itself as the leading authority in cloud security by building deep collaborations with industry experts and pioneers in cybersecurity. Since its incorporation in 2009, CSA has worked closely with a vast network of professionals, researchers, and t...
Elevating Application Security Beyond “AppSec in a Box”
Blog Published: 10/02/2024
Originally published by Dazz.In the ever-evolving landscape of application security, traditional "AppSec in a box" solutions, which bundle static analysis (SAST), software composition analysis (SCA), secrets detection, API security, and other code analysis tools, have been a popular approach for ...
AI Regulations, Cloud Security, and Threat Mitigation: Navigating the Future of Digital Risk
Blog Published: 10/02/2024
Written by Thales.Artificial intelligence (AI) and cloud computing have become central to modern data environments. The convergence of these technologies promises a wealth of opportunities, enabling businesses to leverage powerful AI tools at scale and with greater efficiency. AI, once accessible...
Shielding Yourself from Phishing - Identifying and Dodging Typical Schemes
Blog Published: 10/01/2024
Written by Abel E. Molina, Softchoice. "Those who fail to learn from history are condemned to repeat it." - W. ChurchillThe above quote feels especially pertinent in cybersecurity, where gleaning lessons from prior breaches strengthens our future defenses. With Cybersecurity Month upon us, there'...
Empowering BFSI with Purpose-Built Cloud Solutions
Blog Published: 10/01/2024
Originally published by Tata Communications. Written by Rajesh Awasthi, VP & Global Head of Managed Hosting and Cloud Services, Tata Communications. India's financial sector is undergoing a profound transformation, driven by a confluence of technological advancements, regulatory changes, an...
When Walls Crumble: A CISO's Guide to Post-Breach Recovery
Blog Published: 09/30/2024
Originally published by CXO REvolutionaries.Written by Ben Corll, CISO in Residence, Zscaler.Let's face it, folks – breaches happen. As a CISO (as much as it pains me to say), this is unlikely to change in the near future. Even organizations with the "best" defenses are occasionally overwhelmed b...
How Multi-Turn Attacks Generate Harmful Content from Your AI Solution
Blog Published: 09/30/2024
A simple yet powerful way to break Generative AI chatbots Written by Satbir Singh, Enkrypt AI.Generative AI models have improved detecting and rejecting malicious prompts. And most models have basic safety alignment training to avoid responding to queries such as: “How can I commit financi...
Implementing the Shared Security Responsibility Model in the Cloud
Blog Published: 09/27/2024
CSA's Cloud Trust Summit 2024 featured an expert panel discussion about v2 of our CCM v4.0 Implementation Guidelines. Led by CSA's Lefteris Skoutaris, the panelists included:David Skrdla, Senior IT Auditor, Internal Audit, American Fidelity Corp/CamGen PartnersKerry Steele, Principal, Payments an...
Massive NHI Attack: 230 Million Cloud Environments Were Compromised
Blog Published: 09/27/2024
Originally published by Astrix.Massive NHI Attack: Insecure AWS Stored Credentials Lead to Compromise of 230 Million Cloud Environments. Researchers from Unit 42 have uncovered a sophisticated and large-scale cyberattack targeting over 230 million AWS, cloud and SaaS environments. The attack expl...
How to Prepare for Inevitable Risks to Your SaaS Data
Blog Published: 09/26/2024
Written by Mike Melone, Sr. Content Marketing Manager, Own Company.The phrase "it's not if, it's when" has been echoed in cybersecurity circles for years, but it’s never rang truer than it does now. In Q2 2024, Check Point Research saw a 30% YoY increase in cyber attacks globally, reaching 1,636 ...
