The concept of automation has been around for decades in the software field, but recent advancements in machine learning and natural language processing have led to huge breakthroughs. We’ve gone from machines that complete rules-based, predetermined tasks to a new generation of software that “learns” from huge sets of data so that it can make predictions — collectively known as artificial intelligence (AI).

Your company’s first external audit can be a bit overwhelming. The audit firm will seek a considerable amount of audit evidence from your business – and if you want to prepare for that compliance audit in advance, there’s an equally vast amount of information available about how audits should work. Every company’s audit experience will differ, depending on the scope and the standard against which you will be audited.

In the arsenal of cyber security tools available to organizations, the penetration test is a key component. Business applications, and organization infrastructure (operating systems, databases, networks, etc.) all have potential vulnerabilities, many of which are just waiting for threat actors to exploit.

The financial sector is constantly adapting to emerging threats and regulatory changes. The New York Department of Financial Services (NYDFS) is at the forefront of cybersecurity regulation, ensuring that covered entities within the state maintain robust cybersecurity programs. In this blog post, we’ll dive into the recent changes to NYDFS regulations, specifically focusing on vulnerability management and an updated definition of risk assessment.

Board members often lack technical expertise and may not fully understand the risks associated with cybersecurity. On the other hand, CISOs are more familiar with IT staff and the technical aspects of cybersecurity. This is understandable, as the board is responsible for making high-level decisions and does not typically get involved in the details of implementation and technical audits.

Proxy services offer users the ability to rent a set of IP addresses for internet use, granting a level of online anonymity. Essentially, they make your internet traffic appear as if it's coming from a regular IP address while keeping the real origin hidden. Recently, our Threat Research team discovered a new malware sample, distributed by the PrivateLoader and Amadey loaders.

Imagine a world where you confidently navigate the complexities of General Data Protection Regulation (GDPR) compliance, streamline data processes, and safeguard sensitive information. Sounds enticing, right? The key lies in unlocking the secrets of GDPR data mapping. Let’s explore the ins and outs of this powerful process and learn how to harness its full potential for your organization.

When I bring up the topic of security ratings to my CISO colleagues, I typically get one of two reactions. The first half complains about misattribution of issues along with reporting fix times (although accuracy has improved). But the other half understand how to leverage this technology to their benefit to make their jobs easier and their organizations safer. Read below to get under the hood of how to leverage the evolving application of this technology to secure your supply chain.

Business Email Compromise (BEC) is one of the fastest-growing and financially-damaging cybercrimes. It has consistently led the way in cybercrime losses in recent years. According to the 2022 FBI Internet Crime Report, the FBI received 21,832 Business Email Compromise (BEC) complaints, with estimated losses totalling more than $2.7B. Data shows a 38% increase in cybercrime as a service targeting business email between 2019 and 2022.

An application risk assessment is the process of evaluating and understanding the security risks associated with an application. This information is used to help organizations make better decisions about how to protect their applications from potential attacks. By examining factors such as the number of vulnerabilities and the time needed to patch them, they are able to estimate the possibility of an attack on their application.