Can you name the top cybersecurity risks for banking and investment? Most would probably list cyber attacks like phishing, credential theft, DDoS, and maybe ransomware. But would it surprise you to learn that there is something on the list that many in the banking and investment industry forget–and that’s client-side cybersecurity threats. You know the kind…the ones related to jQuery, cross-site scripting (XSS), JavaScript injections, formjacking, etc.

Insider threat incidents have increased by 44% over the past two years, and the cost of an incident now tops $15.3 million, according to the 2022 Cost of Insider Threats report from Ponemon. To defend against this pressing security — and business — risk, organizations need a comprehensive insider threat detection strategy. This article provides extensive guidance to help you get started building an effective program.

‘Measure the Real Cost of Cybersecurity Protection’, by Gartner® analysts Stewart Buchanan, Paul Proctor and Bryan Hayes, is available for a complimentary download from the Netacea website until 31st August 2022. We think the report teaches how to use outcome-driven metrics to set protection-level agreements (PLAs), gaining business stakeholder support and the budget approval needed to deliver them.

On behalf of the entire Snyk community, I am excited to share that Forbes has named Snyk to the Forbes Cloud 100 list for the third consecutive year, coming in at #20 — which is 19 spots higher than last year! The full list was unveiled this morning.

One of the things I’ve grown accustomed to as a developer is fiddling around with new languages or frameworks I find interesting. So naturally, working with our partners to launch Snyk Apps is right in my wheelhouse. At work and on my own time, I enjoy trying to build something that others might find interesting or useful. As a Jira user myself, I decided to take a look at Atlassian’s Forge platform and see what I could do with it.

In July 2022, Microsoft disclosed a vulnerability in the Windows Server Service that allows an authenticated user to remotely access a local API call on a domain controller, which triggers an NTLM request. This results in a leak of credentials that allows an attacker to authenticate to Active Directory Certification Services (ADCS) and to generate a client certificate that enables remote code execution on a domain controller.

As more enterprises adopt containers, microservices, and Kubernetes for their cloud-native applications, they need to be aware of the vulnerabilities in container images during build and runtime that can be exploited. In this blog, I will demonstrate how you can implement vulnerability management in CI/CD pipelines, perform image assurance during build time, and enforce runtime threat defense to protect your workloads from security threats.

Exciting times are here at Arctic Wolf. This week, we celebrated a pair of awards recognizing our status as an industry innovator and employer of choice, with rankings on both the Forbes Cloud 100 and Fortune Best Medium Workplaces list.

Throughout 2022, Netskope Threat Labs found that attackers have been creating phishing pages in Google Sites and Microsoft Azure Web App to steal cryptocurrency wallets and accounts from Coinbase, MetaMask, Kraken, and Gemini. These phishing pages are linked from the comment sections of other websites, where the attacker adds multiple links to the phishing pages, likely to boost SEO and drive victims directly to these pages.

These are some of the opening words in the new survey published by ISMG and HelpSystems in the ‘Data Security Survey 2022’. The survey explores how COVID19 has permanently changed how CISOs approach Data Security. It is an important study because it recognises that in a world which is in a rush to return to ‘normal’ (whatever normal is now), change has come, and we need to respond to it.