Herding Cats: How to Lead a Digital Transformation in a Federated Organization
Blog Published: 01/26/2023
Originally published by CXO REvolutionaries. Written by Yves Le Gelard, Former Group CIO and Chief Digital Officer, ENGIE. A tale of two types of organization Organizations embarking on digital transformations typically fall somewhere on a spectrum between rigidly hierarchical – in which leaders’...
What Are the DoD Cloud Computing Security Assessment Requirements?
Blog Published: 01/26/2023
Originally published by Schellman. Written by Jon Coffelt, Schellman. When you compare the two tallest mountains in the world—K2 and Everest—some of the facts might surprise you. For instance, did you know that K2’s climbing route is more technical than that of the tallest mountain in the world? ...
On the Criticality of SDLC Context for Vulnerability Remediation
Blog Published: 01/25/2023
Originally published by Dazz. Written by Eyal Golombek, Director of Product Management, Dazz. Risk can go undetected when full context of the SDLC is missing Risk to cloud environments originates from multiple possible sources. Managing cloud risk requires a deep understanding of how that risk en...
If You Could Only Ask One Question About Your Data, It Should be This
Blog Published: 01/25/2023
Originally published by Sentra. Written by Guy Spilberg, VP R&D, Sentra. When security and compliance teams talk about data classification, they speak in the language of regulations and standards. Personal Identifiable Information needs to be protected one way. Health data another way. Employ...
Egress URL Filtering: The Most Important Cloud Security Control You’re Probably Missing
Blog Published: 01/25/2023
Originally published by Valtix. Written by Vijay Chander, Valtix. As we work with enterprise cloud security architects daily, it’s abundantly clear that one of the top priorities in 2023 is how to standardize security policy enforcement through improved network architecture across project teams a...
Oops, I Leaked It Again — PII in Exposed Amazon RDS Snapshots
Blog Published: 01/24/2023
Originally published by Mitiga on November 16, 2022. Written by Ariel Szarf, Doron Karmi, and Lionel Saposnik. TL; DR: The Mitiga Research Team recently discovered hundreds of databases being exposed monthly, with extensive Personally Identifiable Information (PII) leakage. Leaking PII in this ...
Cloud Economics: A Federal Perspective
Blog Published: 01/24/2023
Written by Sandeep Shilawat, Cloud and IT Modernization Strategist, ManTech. Originally published by Forbes. Migration to the cloud ecosystem has had a profound impact on all aspects of business, as the cloud provides many benefits and gives an enterprise a strategic advantage. The application of...
What is an Access Control Server in 3DS?
Blog Published: 01/24/2023
Originally published by TokenEx. Written by Anni Burchfiel, TokenEx. Quick Hits 3DS is a form of multifactor authentication used to reduce card-not-present fraud by verifying cardholder identities. The 3DS Access Control Server is a tool used by issuing banks to confirm the identity of the cardh...
Designing for Recovery: Infrastructure in the Age of Ransomware
Blog Published: 01/23/2023
Originally published by Nasuni. Written by Joel Reich, Nasuni. The menace of ransomware is driving increased security spending as organizations try to harden their systems against potential attacks, but ransomware is a new kind of threat. You can’t simply deploy tools to defend against the malwar...
Who Has Control: The SaaS App Admin Paradox
Blog Published: 01/23/2023
Originally published by Adaptive Shield. Written by Eliana Vuijsje, Adaptive Shield. Imagine this: a company-wide lockout to the company CRM, like Salesforce, because the organization's external admin attempts to disable MFA for themselves. They don't think to consult with the security team and d...
To Secure the Atomized Network, Don’t Bring a Knife to a Gunfight
Blog Published: 01/23/2023
Originally published by Netography. Written by Martin Roesch, CEO, Netography. You don’t bring a knife to a gunfight. Yet, that’s exactly what we’re doing when we try to secure today’s atomized networks with piecemeal approaches and network security architectures designed decades ago. To fully ap...
5 Steps to Managing Third-Party Risk in the Healthcare Industry
Blog Published: 01/21/2023
Written by the Health Information Management Working Group. Healthcare organizations are struggling to identify, protect, detect, respond, and recover from third-party or vendor-related data breaches, vulnerabilities, and threat events. The number of third-party vendors that handle sensitive data...
Why Your Cloud Services Need the CSA STAR Registry Listing
Blog Published: 01/20/2023
Originally published by CAS Assurance. What is the CSA STAR Registry? The Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry maintained by CSA and it documents the security, privacy and compliance postures of the cloud services off...
Double Trouble for Cyberinsurers
Blog Published: 01/20/2023
Originally published by Ericom Software. Written by Stewart Edelman, Ericom Software. Read Part 1 of this blog, "How Well Will Cyberinsurance Protect You When You Really Need It?," here. Times are tough for insurers, who face two distinct types of cybersecurity challenges: profiting from the cy...
Enabling Secure Cloud Migration to Enterprise Cloud Environments
Blog Published: 01/20/2023
Written by Andy Packham, Chief Architect and Senior Vice President, Microsoft Business Unit, and Syam Thommandru, Global Alliances and Product Management, Cybersecurity & GRC Services, HCLTech. Global enterprises are at an exciting new threshold of possibilities in the new normal. As remote w...
Social Engineering Tactics are Changing. Awareness Training Must Too.
Blog Published: 01/19/2023
Originally published by CXO REvolutionaries. Written by Ben Corll, CISO - Americas, Zscaler. After hardening my corporate environment and improving our device management as CISO with previous organizations, I noticed that the would-be fraudsters quickly evolved their attack methods in response. I...
Proxying Your Way to SaaS Security? There’s a Better Approach!
Blog Published: 01/19/2023
Originally published by DoControl. Written by John Newsome, DoControl. Over the course of my 20 plus years in cybersecurity, I’ve had the opportunity to work for some outstanding companies and thought leaders in the industry. One of the most controversial and debated topics throughout this time h...
DuckLogs – New Malware Strain Spotted In The Wild
Blog Published: 01/19/2023
Originally published by Cyble.Malware-As-A-Service Provides Sophisticated Features To Threat Actors Cyble Research and Intelligence Labs (CRIL) has been continuously monitoring malware families that are new and active in the wild. Recently, CRIL observed a new malware strain named DuckLogs, which...
Protect Your Organization from BlackCat Ransomware Attacks
Blog Published: 01/18/2023
Originally published by Titaniam. Where there is value for organizations online, there will be a cybercriminal ready with a ransomware attack to exploit it. Since they first emerged in December of 2021, BlackCat Ransomware has become another example of a ring of cybercriminals who practice the mo...
The Discovery of a Massive Cryptomining Operation Leveraging GitHub Actions
Blog Published: 01/18/2023
Originally published by Sysdig on October 25, 2022. Written by Crystal Morin, Sysdig. The Sysdig Threat Research Team (Sysdig TRT) recently uncovered an extensive and sophisticated active cryptomining operation in which a threat actor is using some of the largest cloud and continuous integration ...