As cloud computing grows in popularity across all use cases, cloud workloads have never been more attractive to malicious actors. A recent McAfee report points to a 630 percent increase in attacks aimed at cloud services since January 2020. There are s…Read More Can on-prem security experts make the move to the cloud?
According to Enterprise Management Associates (EMA) and BlueCat’s recently published research report, nearly 3 in 4 enterprises (73%) have suffered security or compliance issues in the past year as a direct result of collaboration challenges between th…Read More 73% of enterprises suffer security and compliance issues due to internal misalignment
Internet of Things (IoT) devices fall into various categories. Some, such as those located in a hospital setting, are very sophisticated, with advanced operating systems and encryption and certificate capabilities built in. Other examples of note are R…Read More Preventing security issues from destroying the promise of IoT
In the digital world, cryptographic solutions use encryption keys to secure data at rest, data in use, and data in transit. They are responsible for encrypting and decrypting the data, validating identities by authenticating users and devices, and secu…Read More Are your cryptographic keys truly safe? Root of Trust redefined for the cloud era
The need for secure data access management is top-of-mind in the C-suite and boardroom. The question I keep hearing from IT departments is how to do it right, that is, how to ensure security and governance without frustrating users or slowing innovatio…Read More How to secure data one firewall at a time
Over the past year, we witnessed a transition to the cloud as companies had to quickly adjust to the almost instantaneous move to a remote work environment. But in many cases, they prioritized practicality over security to avoid business disruption, le…Read More Understanding the cloud shared responsibility model
With $3.7 billion raised in cybersecurity funding so far this year, 2021 is on track to overcome last year’s record $7.8 billion total. Many of these companies have very high valuations – and to some experts that sounds like a bubble. As damage f…Read More To identify cybersecurity vendor sustainability, start with the fundamentals
Cross-site scripting (XSS) attacks take advantage of coding flaws in the way websites or web applications generate input from users. Despite their longstanding reputation as a significant infosec problem, XSS attacks have remained a constant of the OWA…Read More Why XSS is still an XXL issue in 2021
Installing a network sandbox to safeguard against external threats has been accepted by many as the gold standard for more than a decade. Sandbox-based cybersecurity solutions are a protected and isolated environment on a network that simulates a compa…Read More Are your cyber defenses stuck in the sandbox?
In the last decade we have seen cloud technology evolve from a useful competitive business tool to one of the key foundations of the business world. Migrating assets, application and infrastructure to the cloud is an underpinning objective for most dig…Read More Investing in the right future for the cloud
The big news in critical infrastructure security is the ransomware-triggered shutdown of the Colonial gasoline pipeline – the largest such pipeline in the USA. The attack has been attributed to the DarkSide ransomware group. The group subsequentl…Read More What the pipeline attack means for critical infrastructures
“Simple” can often be harder than “complex.” When thinking about the trickiest phishing campaigns and their components, URL redirection does not immediately come to mind as the part causing the trouble. However, URL forwarding is one method that is oft…Read More Exploiting common URL redirection methods to create effective phishing attacks
Salesforce isn’t rocket science, but the software has an incredible array of tools, which is why securing it demands a unique (and sometimes complex) approach. If you’re hoping to mitigate risks associated with your company’s use of Salesforce, y…Read More Acting on a security risk assessment of your organization’s use of Salesforce
Pentesting, also known as penetration testing, is a security assessment, an analysis, and progression of simulated attacks on an application (web, mobile, or API) or network to check its security posture. The objective is to penetrate the application o…Read More How modern workflows can benefit from pentesting
Several years ago, risk-based cybersecurity was a largely untested and hotly debated topic. But the tests have since been administered and the debate largely settled: risk-based cybersecurity produces proven results. The data shows that risk-based vuln…Read More Risk-based vulnerability management has produced demonstrable results
While there is not one exact industry wide definition, threat modeling can be summarized as a practice to proactively analyze the cyber security posture of a system or system of systems. Threat modeling can be conducted both in the design/development p…Read More What is threat modeling and why should you care?
Guy Snodgrass spoke at the CIO Association of Canada’s Peer Forum last week and closed the week with an inspiring and instructive presentation. I have taken a lot of that with me, as I have from other peer forum sessions.
The post Do you have Top Gun training in your organization? first appeared on IT World Canada.Read More Do you have Top Gun training in your organization?
The debate within business organizations of whether to use consumer devices or to invest in rugged devices for the operations side of their business is as old as personal computing itself. And with the pandemic having shown that endpoint management is …Read More Why enterprises need rugged devices with integrated endpoint management systems
On Feb 5th, 2021, a hacker gained remote access to a water treatment plant in Oldsmar, Florida, and was able to adjust the amount of sodium hydroxide in the water from 100 parts per million to 11,100. Thanks to the physical fail-safes and alarm systems…Read More U.S. municipalities are the perfect target for cybercriminals in 2021
After earning his master’s degree in computer science and working on the IT side of the business at a number of large financial services organizations, Bobby Balanchdran observed one interesting thing: the legal department in these organizations had be…Read More Chief Legal Officers face mounting compliance, privacy and cybersecurity obligations
Many organizations have maintained heavy investment in cybersecurity over the last year, even in an unpredictable time when other spending has faltered. Gartner estimates that IT security and risk management spending still grew 2.6 percent even as IT s…Read More Physical cyber threats: What do criminals leave when they break in?
A recent report predicts that home networks, remote working software and cloud systems will be at the center of a new wave of attacks in 2021. Cybercriminals in 2021 will particularly look to home networks as a critical launch pad to compromising corpo…Read More How do I select a network monitoring solution for my business?
The most significant barrier to achieving DevSecOps is the continued perception that “Sec” is not already a part of “Dev” and “Ops”, says James Arlen, CISO at cloud data platform provider Aiven. Also, the fact this needs to be explicitly called out is …Read More Tips for boosting the “Sec” part of DevSecOps