Industry Insights
Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Cascading and Concentration Risk: How do They Impact Your Digital Supply Chain?
Originally published by Black Kite. Written in part by Jeffrey Wheatman, Cyber Risk Evangelist. Within the world of third party risk, cascading and concentration risk have been the buzz of conversation as large events are frequently tied back to this explanation of risk. It is becoming increasing...
What Business Leaders Can Learn from Russia's Cyber Offensive Against Ukraine
Originally published by Google Cloud. Written by Phil Venables, VP/CISO, Google Cloud. Threat actors are taking tactics from Russia's cyber operations against Ukraine. Businesses and organizations should evaluate their countermeasures accordingly. A new Google report finds the offensive against U...
Ransomware Recovery: RTO and Optimizing the Recovery Process
Originally published by Rubrik. Written by James Knott and Steve Stone. Recovery Time Objectives (RTOs) are on everyone’s mind. It bears repeating, one of the most fundamental ways to reduce recovery time from a ransomware or cybersecurity attack is being well prepared and ready to take actions q...
OWASSRF: New Exploit Method Identified for Exchange Bypassing ProxyNotShell Mitigations
Originally published by CrowdStrike. CrowdStrike recently discovered a new exploit method (called OWASSRF) consisting of CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access (OWA). The new exploit method bypasses URL rewrite mitigations for the Autod...
Why Making Ransomware Payments Illegal Could Backfire
Originally published by CXO REvolutionaries. Written by Ben Corll, CISO - Americas, Zscaler. A debate swirling since at least last summer – about the wisdom of banning compromised companies from making payments to ransomware actors – was sparked again recently when Australia broached the possibil...
The Changing Role of the CISO in 2023
Originally published by TrueFort. Written by Nik Hewitt, TrueFort. It’s the year of the water rabbit. It’s also the year of the nation-state ransomware attack. The role of the Chief Information Security Officer (CISO) has gone through a significant evolution in recent years. As technology and bus...
A Closer Look at BlackMagic Ransomware
Originally published by Cyble on December 7, 2022. New Ransomware disrupting Transportation and Logistics Industry in Israel During a routine threat-hunting exercise, Cyble Research and Intelligence Labs (CRIL) came across a new ransomware group named “BlackMagic” ransomware. This ransomware gro...
Five Easy Cybersecurity Predictions for 2023
Originally published by TrueFort. Written by Nik Hewitt, TrueFort. It’s that time of year again when cybersecurity professionals consult our tea leaves and are obliged to play augury for the year to come. This year, however, it feels like the writing is already on the wall, and several glaring ar...
What You Need to Know About the Daixin Team Ransomware Group
Originally published by Titaniam. Ransomware attacks are common and becoming more creative. However, as attackers evolve, so do their decisions of targets and methodology. As of October 2022, the FBI’s Internet Crime Complaint Center (IC3) holds victim reports across all 16 critical infrastructu...
Paying Ransom: Why Manufacturers Shell Out to Cybercriminals
Originally published by Dark Reading and CXO REvolutionaries. Written by Ben Corll, CISO - Americas, Zscaler. Everyone in information security knows ransomware actors target different industries for different reasons. Some are seen as flush with cash. Some have obvious reasons for needing to resu...
Exposed Remote Desktop Protocol Actively Targeted by Threat Actors to Deploy Ransomware
Originally published by Cyble on December 2, 2022. Cyble Global Sensors Intelligence and Darkweb findings show TAs actively targeting RDP Cyble Research and Intelligence Labs (CRIL) discovered multiple ransomware groups targeting open Remote Desktop Protocol (RDP) ports. RDP allows users to acces...
How to Avoid Cybersecurity Whack-a-Mole
Originally published by Nasuni on November 8, 2022. Written by Jason Patterson, Nasuni. Although Cybersecurity Awareness Month is behind us now, that is no reason to take the focus off the subject. This year’s theme – “See Yourself in Cyber” – highlighted the fact that strong security really come...
Designing for Recovery: Infrastructure in the Age of Ransomware
Originally published by Nasuni. Written by Joel Reich, Nasuni. The menace of ransomware is driving increased security spending as organizations try to harden their systems against potential attacks, but ransomware is a new kind of threat. You can’t simply deploy tools to defend against the malwar...
Protect Your Organization from BlackCat Ransomware Attacks
Originally published by Titaniam. Where there is value for organizations online, there will be a cybercriminal ready with a ransomware attack to exploit it. Since they first emerged in December of 2021, BlackCat Ransomware has become another example of a ring of cybercriminals who practice the mo...
The Service Account Security Problem
Originally published by TrueFort. Written by Matt Hathaway, TrueFort. For a modern-day cyber attacker, initial access to an application is more than half the battle. With it, they are free to pursue their objectives, which likely include moving about freely to find data to sell or hold for ransom...
Could Double Extortion Prompt a Public Health Crisis?
Originally published by CXO REvolutionaries on November 15, 2022. Written by Kyle Fiehler, Senior Transformation Analyst, Zscaler. Ransomware actors targeting Australia’s most prominent healthcare insurer have taken the gloves off. After Medibank refused to pay a ransom for the return of data bel...
5 Key Takeaways from the 2022 Compliance Benchmark Report
Originally published by A-LIGN. Written by Patrick Sullivan, A-LIGN. Our 2022 Compliance Benchmark Report detailed how organizations are navigating the current compliance landscape, as well as how they are preparing for the future. By surveying more than 200 cybersecurity, IT, quality assurance, ...
Punisher Ransomware Spreading Through Fake COVID Site
Originally published by Cyble on November 25, 2022. New Variant Of Ransomware Targeting Chile Most organizations experienced an increase in cyber-attacks during the COVID-19 pandemic. Threat Actors (TAs) leveraged the COVID-19 pandemic as a thematic lure to infect users with different malware fam...
Advancing Trust in a Digital World
Originally published by Thales. Written by Welland Chu, Business Development Director, Asia Pac, Thales. The pandemic has accelerated digital transformation beyond anyone’s imagination. Considering the increased cybersecurity risks introduced by digital technologies, what should society do to pre...
Top Threat #10 to Cloud Computing: Organized Crime, Hackers, and APT
Written by the CSA Top Threats Working Group.The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of workloa...
Browse by Topic
Write for the CSA blog
Submit your blog proposalSign up to receive CSA's latest blogs
This list receives 1-2 emails a month.