Industry Insights
Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Cascading and Concentration Risk: How do They Impact Your Digital Supply Chain?
Originally published by Black Kite. Written in part by Jeffrey Wheatman, Cyber Risk Evangelist. Within the world of third party risk, cascading and concentration risk have been the buzz of conversation as large events are frequently tied back to this explanation of risk. It is becoming increasing...
Understanding Data Protection Needs in a Cloud-Enabled Hybrid Work World
Originally published by Netskope. Written by Carmine Clementelli. Netskope partnered with the Cloud Security Alliance to release the Data Loss Prevention (DLP) and Data Security Survey Report, a survey focused on data protection needs in cloud and hybrid work environments. Unsurprisingly, the...
The Future of Cloud
Originally published by ManTech. Written by Sandeep Shilawat, Vice President, Cloud and Edge Computing, ManTech. Stock analysts and meteorologists are in the business of making predictions. IT professionals… not so much. But when we think about the cloud and the vast changes it has facilitated ac...
Insights from the Uber Breach: Ways to Prevent Similar Attacks
Originally published by InsiderSecurity on December 9, 2022. Uber Technologies disclosed it was investigating a cybersecurity incident after reports that hackers had breached the company’s network. An in-depth analysis of the attack reveals how the attack occurred and ways organizations can preve...
Becoming Cyber Resilient—Cybersecurity Trends to Watch in 2023
Originally published by BARR Advisory. Written by Kyle Cohlmia. According to the 2022 IBM Cost of Data Breach report, 83% of organizations surveyed experienced more than one data breach with an average total cost of $4.35 million. This cost was an all-time high for 2022 and a 2.6% increase from t...
What is FIPS 140 and What Does it Mean to Be “FIPS Compliant”?
Originally published by Titaniam. FIPS was developed by the Computer Security Division of the National Institute of Standards and Technology (NIST). It established a data security and computer system standard that businesses must follow in accordance with the Federal Information Security Manageme...
Malware Analysis: GuLoader Dissection Reveals New Anti-Analysis Techniques and Code Injection Redundancy
Originally published by CrowdStrike. GuLoader is an advanced malware downloader that uses a polymorphic shellcode loader to dodge traditional security solutionsCrowdStrike researchers expose complete GuLoader behavior by mapping all embedded DJB2 hash values for every API used by the malwareNew s...
Too Much Trust in the Cuckoo’s Nest
Originally published by CXO REvolutionaries. Written by Kyle Fiehler, Senior Transformation Analyst, Zscaler. Editor’s note: The world’s first cyber thriller anticipated zero trust more than three decades before it was born. And yes, this article could be a spoiler for some readers.I didn’t read ...
What Business Leaders Can Learn from Russia's Cyber Offensive Against Ukraine
Originally published by Google Cloud. Written by Phil Venables, VP/CISO, Google Cloud. Threat actors are taking tactics from Russia's cyber operations against Ukraine. Businesses and organizations should evaluate their countermeasures accordingly. A new Google report finds the offensive against U...
LummaC2 Stealer: A Potent Threat To Crypto Users
Originally published by Cyble. New Stealer Targeting Crypto Wallets and 2FA Extensions of Various BrowsersDuring a threat-hunting exercise, Cyble Research and Intelligence Labs (CRIL) discovered a post on the cybercrime forum about an information stealer targeting both Chromium and Mozilla-based ...
How to Pen Test the C-Suite for Cybersecurity Readiness
Originally published by F5. Written by Gail Coury. F5’s executive leadership got an urgent message: a malicious actor within the company was sending confidential information to a third party that could put customers at serious risk. We immediately formed a combined response team of technical cybe...
An Introduction to Data Detection and Response (DDR)
Originally published by Dig Security. Written by Sharon Farber, Director of Product Marketing, Dig Security. How long would it take you to respond to a cloud data breach? For most organizations, the answer is ‘far too long’. According to a 2022 report by IBM, businesses took an average of 207 day...
Analysis on Docker Hub Malicious Images: Attacks Through Public Container Images
Originally published by Sysdig. Written by Stefano Chierici. Supply Chain attacks are not new, but this past year they received much more attention due to high profile vulnerabilities in popular dependencies. Generally, the focus has been on the dependency attack vector. This is when source code ...
SANS 2022 Cloud Security Survey, Chapter 4: Using IAM to Secure the Cloud
Originally published by Gigamon.Editor’s note: This post explores Chapter 4 of the SANS 2022 Cloud Security Survey. Read Chapter 1, Chapter 2, and Chapter 3.In its 2022 Cloud Security Survey, the SANS Institute offers valuable insights into how a representative set of organizations are meeting th...
Doubled-up and Disorganized DLP Strategies Leave Organizations Desiring Simpler Management
With the reduction and elimination of many traditional perimeters, the popularization of zero trust security strategies, and an increased attention on data breaches, an even greater focus has been placed on data security in recent years. For many organizations, data loss prevention (DLP) solution...
The DevOps Guide to Applying the Principle of Least Privilege in AWS
Originally published by Britive. Applying the principle of least privilege in AWS is vital to securing your DevOps workflows on the platform. Least privilege is a best practice that restricts access rights for users and entities to the minimum necessary to perform their tasks. When you implement ...
Shadow Access in Your Cloud
By Venkat Raghavan, Stack IdentityShadow Access is unauthorised, invisible, unsafe and generally over permissioned access that has grown along with cloud identities, apps and data. Today, identities, human and nonhuman are automatically created, along with access pathways to cloud data. Current...
SCATTERED SPIDER Exploits Windows Security Deficiencies with Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security
Originally published by CrowdStrike. In December 2022, CrowdStrike reported on a campaign by SCATTERED SPIDER, targeting organizations within the telecom and business process outsourcing (BPO) sectors with an end objective of gaining access to mobile carrier networks.In the weeks since that post,...
How CAASM Can Help with the New NYDFS Requirements
Originally published by Axonius. Written by Katie Teitler. In 2017, The New York Department of Financial Services (NYDFS) enacted its Cybersecurity Regulation designed to help the financial services entities under its purview improve their cyber defenses. The initial regulation outlined tacti...
How to Prepare for ISO/IEC 27001:2022
Originally published by Schellman.When it comes to ISO/IEC 27002:2022 recently, it felt a bit like a game of Red Light, Green Light—you know, the childhood game where everyone runs to the finish line upon Green Light being called, but you had to stop on a dime when you heard “Red Light!” and awai...
Browse by Topic
Write for the CSA blog
Submit your blog proposalSign up to receive CSA's latest blogs
This list receives 1-2 emails a month.