Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2022

Transform Your Hybrid Work Model with SASE

The COVID-19 pandemic has indelibly changed the way we all work. As the world has opened back up and organizations have begun making the return to the office, many employees still want a hybrid work model. In an ideal hybrid working model, employees feel empowered and more productive given the freedom to do their work from any location or device, whenever it’s most convenient. Users need fast, secure access to their data, regardless of where their applications are located.

Cloud Threats Memo: Dropbox: Flexible Cloud Storage Increasingly Exploited by Attackers

Researchers from ESET have shed light on a new macOS backdoor, discovered in April 2022, dubbed CloudMensis. At first glance this is just the latest example of spyware targeting the Apple operating system with the intent of exfiltrating documents, keystrokes, and screen captures. However, as the name suggests, one of the interesting features of this malware is a sophisticated two-stage kill chain that exploits legitimate cloud services in different phases of the attack.

6 Key Considerations for Selecting a Zero Trust Network Access (ZTNA) Solution

Zero trust network access (ZTNA) has become a hot topic and a popular IT project. Here are some of the reasons why: First, organizations are beginning to pursue a zero trust strategy and ZTNA is the first logical step towards a zero trust security program. Second, remote or hybrid work is here to stay. And as a result, now is the time to replace your legacy remote access VPN with a modern anywhere secure access solution for the long term.

The EU's new AI Act-What We Can Learn From the GDPR

Artificial Intelligence (AI) is rapidly becoming ubiquitous in supporting key business decisions, and for many organisations it is critical for their digital transformation and new business models. With organisations quickly driving forward to identify new ways to extract competitive value from their data, the regulators are preparing to step in.

Should You Buy an SSE Product From a CASB, SWG, or ZTNA Vendor? The Answer May Surprise You.

After the introduction of security service edge (SSE) with the February 2022 release of the Gartner Magic Quadrant for SSE, organizations may be wondering how they should choose an SSE vendor from the many profiled in the Gartner report. Interestingly enough during this year’s Gartner Security and Risk Management Summit in June 2022,

Data Protection Is Not Just A Cyber Conversation

Before I became an advisor to Netskope, I was a long serving CIO and CEO for organisations including Bayer and Philips. I have spent many hours sitting in board meetings discussing data protection with colleagues and as a result I am confused by assertions I hear that data protection is only the IT team’s problem. In my experience, the majority of data protection conversations that reach the board are, in fact, driven by legal teams, who then partner with IT to devise and execute plans.

Netskope Threat Coverage: Microsoft Discloses New Adversary-in-the-Middle (AiTM) Phishing Attack

On July 12, 2022, Microsoft researchers disclosed a large-scale phishing campaign that has targeted more than 10,000 organizations since September 2021. The campaign used adversary-in-the-middle (AiTM) phishing sites to proxy the authentication process and hijack the victims’ Office 365 session cookies.

How Single Sign-On (SSO) Can Take Federal Agencies to the Next Level of User Authentication

It is no secret that agencies are facing multiple challenges when it comes to meeting mandates from the White House Executive Order on Improving the Nation’s Cybersecurity. The order calls for the adoption of numerous best practices, including the implementation of a zero trust architecture (ZTA).

Building Security into Your M&A Process Part 4: Longer-Term Integration

This is the fourth, and final, part of a four-part blog series covering each of the four phases of the merger & acquisition (M&A) process and how you can build security into each phase. In case you missed them, Part 1 covered why it’s important to integrate security into the due diligence process in the first phase of M&A, Part 2 covered integration planning and public announcement, and Part 3 covered what you can expect on “Day One,” after a merger or acquisition closes.

How to Use Your Last Breach to Justify Security Spend

I recently wrote a blog post outlining what to do in the first 24 hours after you have been breached, and in my conclusion I mentioned that capturing the incident in a case study could help unlock budget in future. Today, I want to look at this in more detail, and consider the approaches you can take to analyse the cost of a breach in order to make a request for appropriate preventative spend.

Microsoft's Macro Reversal Invites a Resurgence of Office Malware

In January 2022, Microsoft announced that Excel 4.0 macros would be restricted by default, to protect users from malicious macros. In February 2022, Microsoft announced that VBA macros would also be blocked for files downloaded from the internet. Cybersecurity professionals and enthusiasts rejoiced at the news! Malicious Office documents were running rampant. Attackers abused Microsoft Office macros to deliver BazarLoader and Trickbot, and remote access trojans like AveMaria and AgentTesla.

Building Security into Your M&A Process Part 3: Merger or Acquisition Close ("Day One")

This is the third part of a four-part blog series covering each of the four phases of the merger & acquisition (M&A) process and how you can build security into each phase. In case you missed it, Part 1 covered the why it’s important to integrate security into the due diligence process in the first phase of M&A and Part 2 covered integration planning and public announcement.

Why the Edge Really Matters Right Now

Elaine Feeney is a member of the Netskope Network Visionaries advisory group. For any business, speed matters a lot. Speed of service is key to happy customers because any delays that users experience directly impact the success of the organization. Security processing that causes delays for the customers or employees has negative business impacts. Now more than ever, security controls have become a board-level priority due to elevating risks.