Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Operational Risk Management: Benefits and Common Challenges

Operational risk is defined as the risk of a loss that results from inadequate or failed business processes, people and systems, or from external events. More simply, operational risk pertains to any uncertainty or threat your organization faces (or might face in the future) during day-to-day business activities. The risk arises from operational disruptions and is likely to result in losses or reputational damage. Some operational risk is inevitable for every organization.

A Framework to Simplify Cybersecurity

When a business concept is born, building out a tech stack based on cybersecurity is not always the first item of concern. The need to simplify cybersecurity often comes later in the growth phase of a business. Start ups are well-known for everyone on staff pitching in in different areas. Technology, software purchases are often based on last minute needs, lowest costs, etc. It is often assumed that security is covered by the manufacturers of the chosen technology.

C-Suite Reporting with Log Management

When security analysts choose technology, they approach the process like a mechanic looking to purchase a car. They want to look under the hood and see how the product works. They need to evaluate the product as a technologist. On the other hand, the c-suite has different evaluation criteria. Senior leadership approaches the process like a consumer buying a car.

Top 3 Vendor Risk Assessment Frustrations - Can You Relate?

The vendor risk management process is now an essential requirement of all cybersecurity programs. Without it, you're a sitting duck for supply chain attacks and third-party data breaches. In recognition of this, regulatory bodies are increasing their third-party risk compliance requirements and enforcing obedience by threatening heavy financial penalties for non-compliance.

Next CISO headache: Vendor cyber insurance

Cyber insurance coverage? Through the roof these days. Also, coverage is not that easy to get. The many breaches and the dollar judgements handed down make cyber insurance another costly operating investment. A mid-sized client of mine, as an example, pays $1 million in annual cyber insurance costs just to do business with its commercial and government customers. The issue adds another twist to the topic of third-party risk.

PGP Decryption Bypass in Flutter Application

During the assessment of one of the financial applications built upon the flutter framework, we came across that the application was using PGP encryption for encrypting the API requests. It is pretty common for financial applications to be implementing traffic encryption, with AES seen to be the preferred algorithm for encrypting traffic. There is plenty of research already available on decrypting AES encrypted traffic.