In today’s digital landscape, the importance of robust cybersecurity measures cannot be overstated. Yet, despite the clear and present danger posed by cyber threats, many organizations still underinvest in cybersecurity, operating under a false sense of security. This complacency can be incredibly costly, as the financial ramifications of cybersecurity breaches are staggering.

As most in the industry are aware, a defective content update to CrowdStrike’s Falcon Sensor for Windows led to a global cascade of system outages affecting critical industry sectors such as transportation, banking, healthcare, and public safety. Many enterprises and government agencies around the world are still actively managing their response to this incident.

Cybersecurity regulations often include audits that assess and strengthen an organization’s defenses against increasing cyber threats. In the United States, various cybersecurity regulations, including HIPAA, SOX, PCI DSS, and more, require audits. Each audit ensures your organization meets the required standards outlined in the regulation while also strengthening its overall cybersecurity framework.

In the course of a major research rollout like my recent whitepaper on KEV vulnerabilities, I frequently end up doing some bit of analysis that doesn’t make it into the final doc. Usually, it is because I am dealing with limited space and attention spans, and I gotta stop sometime. The stuff that gets cut is usually not terribly compelling or surprising or is maybe more an artifact of the particular bias in our sample or is only interesting to a very small audience.

OpenSSH server is currently exposed to a dangerous vulnerability that, if exploited, could grant cybercriminals full system access without user interaction. This post provides an overview of CVE-2024-6387 and suggests remediation responses to mitigate its impact.

Cybersecurity expertise is notoriously absent from the boardroom. Only last year, a market analysis found that a mere 12% of US Fortune 500 companies have a board member with adequate knowledge of cyber risk management. However, increased cybersecurity regulations, coupled with heightened cyber event costs, have begun to highlight the need to rectify this void as soon as possible.

Continuous controls monitoring (CCM) is a crucial aspect of making GRC processes more automated, accurate, and actionable through technology. It helps organizations transition from inefficient point-in-time checks to automation-driven compliance controls that provide a real-time view into their security posture. That’s why many proactive risk management teams are already prioritizing control automation for their GRC program.

Are you aware of cyber risks in DevOps and how they can impact your business? Turn on the DevOps Backup Masterclass Podcast to join our host ⁠Gregory Zagraba⁠ and explore the biggest cyber threats to DevOps environments, including GitHub, GitLab, Bitbucket, and Jira with an ultimate review of the Top 2023 risks.

It seems like such a short time ago that the Security Standards Council released the newest version of the Payment Card Industry Data Security Standard (PCI DSS). It has been a full year, and version 4.0 is now in effect. Industries that adhere to the Standard were given the year to implement the new changes.