Data trends show a clear upward momentum of posts from initial access brokers on the dark web, putting the spotlight on what may become cybersecurity’s greatest challenge. Any organization that has made cybersecurity a priority is laser focused on putting preventative measures, multiple means of detection, and a response plan in place.

Did you know that 41% of breaches involve email? For threat actors, cloud email systems like Gmail and Microsoft Exchange are treasure troves for valuable internal information like PII, PCI, PHI, secrets, and credentials. In order to limit the blast radius of privilege escalation attacks, and to remain in compliance with standards like HIPAA, it’s essential for enterprises to protect thousands of emails per day.

This blog is part of a series about how to use Vanta and AWS to simplify your organization’s cloud security. To learn more about how to use Vanta and AWS, watch our Coffee and Compliance on-demand webinar. ‍ Amazon Web Services, or AWS, is one of the most popular cloud providers for organizations today — providing one of the most flexible and secure cloud environments available.

The attacks are ongoing as of this writing. Here are a few screenshots of data and some insight. I’ll make sure to keep it brief since you have seen this news in various outlets.

In the dynamic landscape of cloud-native cybersecurity, image scanning has become essential to ensuring the safety and integrity of cloud workloads and digital assets. Historically, image scanners focus on finding vulnerabilities (CVEs) that may be the cause of exploits in Kubernetes workloads. However, there’s a significant gap that often goes unnoticed. This gap is the lack of comprehensive scanning for malware, viruses, crypto miners, and other malicious threats.

After a year of cyber attacks making headlines worldwide, many organizations, such as MGM Resorts, Clorox, and T-Mobile, have taken a reputational hit similar to SolarWinds. Sysdig’s 2024 Cloud-Native Security and Usage Report provided some informative key takeaways that CISOs can hone in on to improve their security posture. As a CISO, you do not want to catch your organization on that list; mitigating reputational risk is a part of your job.

We have been fantasising about artificial intelligence for a long time. This obsession materialises in some cultural masterpieces, with movies or books such as 2001: A Space Odyssey, Metropolis, Blade Runner, The Matrix, I, Robot, Westworld, and more. Most raise deep philosophical questions about human nature, but also explore the potential behaviours and ethics of artificial intelligence, usually through a rather pessimistic lens.

Hackers move fast. The cybersecurity industry works hard to move as fast (or faster) than hackers. And regulators work to keep pace. In 2017, the New York Department of Financial Services enacted the sector’s most ambitious set of cybersecurity regulations: 23 NYCRR Part 500. These “Part 500” rules have been updated to reflect the evolving threat landscape, the most recent change (“Amendment 2”) implemented in December 2023 to address emerging cybersecurity needs.

Navigating the line between workplace privacy restrictions and employee rights is getting more complicated as employees shift to hybrid and remote settings. According to Code42’s 2023 Data Exposure Report, data loss caused by business insiders costs companies an average of $16 million per incident. Moreover, 81% of companies believe that hybrid work is one of the main reasons data security training is necessary.

The Digital Operations Resilience Act (DORA) is an EU regulation that comes into force in January 2025, but it also impacts UK companies. DORA’s remit will likely cover any UK financial firm that works with EU customers or does business with EU financial firms.