Teleport will be live at re:Invent from Nov. 30-Dec. 2. If you are there, please stop by Booth 718 and talk to me and the Teleport team about how we can improve your security and compliance of apps running on AWS. If you can’t make it in person, here is my top 10 list of things you should know about AWS and Teleport. Check out our Teleport on AWS page for more info.

Tuesday, November 30th, is National Computer Security Day. Although this special day has been around since 1988, many people are not only unaware of it, but are still also unaware of some of the basic security required for protecting their computing devices. The rise of remote work has stretched the security perimeters of all corporations, and fortunately, there are products, such as Tripwire Enterprise that can help them to protect the organization, from the full computing systems, to data storage.

Threat actors are constantly evolving their tactics and techniques in the attack lifecycle and infiltrate company infrastructure. While most organizations are already performing vulnerability management based on CVEs by MITRE, few have considered the powerful correlations between threat intelligence, CVEs and the ATT&CK® framework. In this blog we highlight the benefits of bringing them together to drive focused remediation and improve cyber defense.

The US Cybersecurity and Infrastructure Agency (CISA) has issued a directive to federal agencies and other public bodies requiring them to take steps to reduce their risk of exploited vulnerabilities. CISA highlights the startling finding that hackers are exploiting up to 290 different vulnerabilities in these agencies.

At our recent Data Security Summit, Bipul Sinha sat down with author and award-winning The New York Times cybersecurity journalist Nicole Perlroth to discuss learnings from her research and thousands of interviews with security leaders, government officials, hackers, spies, and more.

The real risk of business disruption, brand damage, and potential liabilities caused by ransomware attacks has elevated cybersecurity from a technical or operational issue normally handled by security teams, to a major Board level priority and discussion. Even the most sophisticated and mature organizations that once believed their cybersecurity defenses were robust are now rethinking their preparedness and response capabilities required to address the imminent threat of ransomware attacks.

If your organization handles any type of payment processing, storage, or transmission of credit card data electronically, you’ll be very familiar with PCI DSS (formally known as the Payment Card Industry Data Security Standard). This standard exists to protect debit and credit cardholder data from unauthorized access via data breaches, ransomware, and other security breaches. However, with the rise in these breaches also comes the rise in changes and rules to the PCI DSS.

A famous 2011 article by security adviser Roger Grimes is intriguingly titled, “To beat hackers, you have to think like them.” In the article, Grimes explains that IT security professionals must view IT systems through the eyes of hackers — and search ways to break into these systems, identify weaknesses, and create robust security measures. That is exactly what penetration testing is all about.

From innocent but costly mistakes to fraudulent manipulations, all organizations are subject to significant risks that can jeopardize financial reporting or lead to the loss of corporate assets. That’s why it is imperative to establish a robust system of internal controls to reduce or prevent such threats to the organization.

Cyber Monday and the holiday shopping season are around the corner: don’t be the victim of an online shopping scam or cyber security breach. Cyber Monday is here, and the holiday shopping season is in full swing. With some of the world’s biggest brands vulnerable to a Magecart attack, you can’t be too careful with your credit card information.