Is Breach Fatigue the New Norm?
Blog Published: 02/21/2023
Originally published by CXO REvolutionaries. Written by Erik Hart, Global CISO, Cushman & Wakefield. How numb is the public to security failures? One of the trickiest security topics involves the shifting relationship between security and privacy. Twenty years ago, people saw these areas as f...
10 SaaS Governance Best Practices to Protect Your Data
Blog Published: 02/17/2023
Written by the SaaS Governance Working Group. In the context of cloud security, the focus is almost always on securing Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) environments. This is despite the reality that while organizations tend to consume 2-3 IaaS providers, they ar...
How to Combat Corporate Fraud and Corruption: A Hands-On Approach
Blog Published: 02/17/2023
Written by Alex Vakulov. Businesses are facing significant challenges from fraud and corruption. These issues result in financial losses and harm the company's reputation. Furthermore, it creates a hostile environment within the organization. Let's see how to prevent fraud and corruption in your ...
CSA ZTAC: Addressing the Challenges of Implementing Zero Trust
Blog Published: 02/16/2023
Catching up with industry friends and other professional contacts about the developments of our Zero Trust Advancement Center (ZTAC) and the various activities underpinning it during industry events has proven pretty enlightening. Establishment or even implementation of zero trust (ZT) strategies...
Five Easy Cybersecurity Predictions for 2023
Blog Published: 02/16/2023
Originally published by TrueFort. Written by Nik Hewitt, TrueFort. It’s that time of year again when cybersecurity professionals consult our tea leaves and are obliged to play augury for the year to come. This year, however, it feels like the writing is already on the wall, and several glaring ar...
How Global Conflicts Influenced Cyber Attack Behaviors
Blog Published: 02/16/2023
Originally published by Sysdig. Written by Michael Clark, Sysdig. The conflict between Russia and Ukraine includes a cyberwarfare component with government-supported threat actors and civilian hacktivists taking sides.The goals of disrupting IT infrastructure and utilities have led to a 4-fold in...
5 Reasons Your NDR Project Missed The Mark
Blog Published: 02/16/2023
Originally published by Netography. Written by Mal Fitzgerald, Sales Engineer, Netography. I’ve seen it time and again. You read about the SOC Visibility Triad, with its corner for Network Detection and Response (NDR) and thought, “That makes complete sense” and, truth be told, I completely agree...
What You Need to Know About the Daixin Team Ransomware Group
Blog Published: 02/15/2023
Originally published by Titaniam. Ransomware attacks are common and becoming more creative. However, as attackers evolve, so do their decisions of targets and methodology. As of October 2022, the FBI’s Internet Crime Complaint Center (IC3) holds victim reports across all 16 critical infrastructu...
Four Questions to Ask About Your Cloud Security Posture
Blog Published: 02/15/2023
Originally published by Lookout. Written by David Richardson, Vice President, Product, Lookout. For most organizations, the decision to adopt cloud technologies is a simple one. Cloud apps streamline operations and costs while enabling users to access resources from anywhere and on any device...
What is the Timeline for the FedRAMP Process?
Blog Published: 02/15/2023
Originally published by Schellman. Written by Andy Rogers, Schellman. Ever watched Jeopardy? Even if you haven’t, you’re likely familiar with the iconic theme music that plays every time contestants deliberate over their answers—it’s such an iconic tune that it’s become synonymous with waiting fo...
Empowering Individuals and Organizations to ‘Respect Privacy’
Blog Published: 02/14/2023
Originally published by BARR Advisory on January 23, 2023. Written by Kyle Cohlmia, BARR Advisory. This week is Data Privacy Week, an annual campaign hosted by the National Cybersecurity Alliance. The theme of this year’s Data Privacy Week is “respect privacy,” with the goal to help individuals a...
Why You Need Active Cloud-Native Application Security
Blog Published: 02/14/2023
Originally published by Tigera. Written by Ratan Tipirneni, Tigera. First-generation security solutions for cloud-native applications have been failing because they apply a legacy mindset where the focus is on vulnerability scanning instead of a holistic approach to threat detection, threat preve...
Paying Ransom: Why Manufacturers Shell Out to Cybercriminals
Blog Published: 02/13/2023
Originally published by Dark Reading and CXO REvolutionaries. Written by Ben Corll, CISO - Americas, Zscaler. Everyone in information security knows ransomware actors target different industries for different reasons. Some are seen as flush with cash. Some have obvious reasons for needing to resu...
Cloud First to Cloud Smart: A Strategic Shift
Blog Published: 02/13/2023
Originally published by Tata Communications. Written by Rajesh Awasthi, Vice President & Global Head of Managed Hosting and Cloud Services, Tata Communications. The term ‘digital transformation’ has evolved for businesses, particularly in the last decade. What once meant a simple shift to vir...
Access Control Review: Addressing Challenges and Ensuring Compliance in Cloud Service Consumers
Blog Published: 02/10/2023
Written by members of the CSA IAM Working Group and the Zero Trust Working Group's Identity Subgroup. An access control review is a process of evaluating and analyzing an organization's access control system to ensure that it is functioning properly and effectively. Access control systems are des...
What’s the Difference Between ISO 27001:2013 and ISO 27001:2022?
Blog Published: 02/10/2023
Originally published by A-LIGN. Written by Adam Lubbert, A-LIGN. At the end of October 2022, the International Organization for Standardization (ISO) published a new version of ISO/IEC 27001:2022. ISO 27001 is the world’s leading information security standard, providing control requirements to cr...
Using Automated Just-in-Time (JIT) to Reach Least Privilege – A Guide
Blog Published: 02/09/2023
Originally published by Ermetic. Privileged access and elevated permissions expose organizations to vulnerabilities that could be exploited. On-premises, security teams often use PAM tools for managing these types of risks. But for cloud operations, PAM tools are insufficient as they are built ar...
Building a Better DSPM by Combining Data Classification Techniques
Blog Published: 02/08/2023
Originally published by Sentra. The increasing prevalence of data breaches is driving many organizations to add another tool to their ever growing security arsenal - data security posture management, or DSPM. This new approach recognizes that not all data is equal - breaches to some data can h...
Maximizing the Benefits of Your SOC 2 Audit
Blog Published: 02/08/2023
Originally published by CAS Assurance. What is the purpose of SOC 2 audit? System and Organization Controls (SOC 2) audit focuses on the controls at a Service Organization relevant to the Security, Availability, Processing Integrity, Confidentiality, and Privacy of both the system and information...
Ensuring SaaS Security in ISO Compliance
Blog Published: 02/07/2023
Originally published by Adaptive Shield. The International Organization for Standardization (ISO) sets standards across various industries. As an internationally recognized standards organization, its two information technology security standards - ISO 27000:2018 and ISO 27001:2013 - can be used ...