Businesses face myriad cybersecurity risks, from phishing to unauthorized access of proprietary information. While restricting access rights and maintaining strict security measures can help, potential insider threats are always a risk. Organizations must effectively monitor for signs of insider threats to prevent financial loss or the compromise of critical assets.

What tools does the average security operations centre (SOC) use in 2024? What gets in the way when they deploy a new tool? And how stressed are security pros really? These were just some of the questions we wanted to find out the answer to when we partnered with OnePoll at the end of 2023/the start of 2024. Together, we surveyed 250 British and Irish Heads of IT at companies with 500+ employees. Here’s what they said.

The Common Vulnerability Scoring System (CVSS) is used to evaluate and communicate the technical severity of software, hardware and firmware vulnerabilities. While CVSS has been around for nearly 2 decades and now stands as an industry standard tool for scoring the severity of a vulnerability, the framework still has its limitations. To mitigate some of these challenges and improve the efficacy of the system, an updated version of CVSS was released in November 2023.

My perspective on how GitGuardian approaches the cybersecurity market with a focus on the long game.

New TTP attack data covering 2023 sheds much needed light on the threat actor and user actions that are putting organizations at the most risk. In cybersecurity vendor ReliaQuest’s Annual Cyber-Threat Report: 2024, there is a ton of great detail mapped to the MITRE ATT&CK Framework outlining which threat actions are used and how organizations are most effectively fighting back and stopping attacks.

Researchers discover a new version of the Tycoon 2FA AiTM kit, a phishing attack disguises keylogger as bank payment notice, and TheMoon malware targets ASUS routers.

Major shifts in application development are creating new and significant security risks. Continuous integration/continuous delivery (CI/CD) pipelines and technology advances like automation and AI mean the development process is now so complicated and fast-moving that corporations, DevOps directors, and security groups struggle to understand and manage it, let alone defend it from assaults.

Trustwave was named a Major Player in the IDC MarketScape: Worldwide Cybersecurity Consulting Services 2024 Vendor Assessment (doc # US50463223, March 2024). The report noted “The acquisition by MC2 Security Fund — the private equity fund of internationally recognized security advisory firm The Chertoff Group — successfully closed in January 2024.