In this blog post, we outline what continuous penetration testing is, how it works and how it can help improve your cyber security.

In the case of small businesses, it is well known that employees are even more important as the first line of defense in cybersecurity, as small businesses often do not have the specialized personnel or the resources of large organizations to invest in training them. The available data confirms this: in the United Kingdom alone, 38% of SMEs suffered a cyberattack in 2021, according to a report by the UK Government.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Last week I mentioned fake job interviews right? Well, here is an example albeit from the reverse angle. Was a very effective attack though. The usual lesson applies – watch what files you open.

It is no secret that agencies are facing multiple challenges when it comes to meeting mandates from the White House Executive Order on Improving the Nation’s Cybersecurity. The order calls for the adoption of numerous best practices, including the implementation of a zero trust architecture (ZTA).

The global pandemic and more recent geo-political events have brought an even greater focus on the threat of cyber attacks on individuals and businesses. Even as global lockdowns and restrictions on movement have eased, many organizations have not adapted to remote or hybrid styles of work. The reality that most of the workforce now operates outside a perimeter that can be controlled creates greater opportunity for scammers, hackers and the potential for cyber attacks than ever before.

The German IT Security Act 2.0 (IT-SiG 2.0) has been in force since May 2021. Due to this new law, significantly more German companies have been classified as operators of critical infrastructures (KRITIS) than ever. This is a major cause of headaches for many managers. In addition, IT departments are starting to ask themselves: "Are we now regarded as KRITIS"? And if so, "What do we have to take into consideration?"

Egnyte recently gave a sneak peek of exciting new features and capabilities that will be incorporated into the platform in the coming months. These upgrades underscore Egnyte's commitment to helping companies control data risk, reduce IT cost and complexity, and delight end users. The latest look at the roadmap was delivered in a series of webinars as part of the summer edition of State of Egnyte.

Have you been worried about whether your deployment is secure? Are you tired of keeping track of all security vulnerabilities and vendor-provided patches to ensure that your exposure to such vulnerabilities is minimized? What about making sure that the certificates for your hundreds of forwarders, indexers, search heads and other Splunk connectors are not expired? You’re not alone!

Enterprise risk management (ERM) is a disciplined, holistic way to identify, manage, and mitigate risk throughout your entire enterprise. IT risk management (ITRM) is one subset of that effort, focused on identifying and managing risks specific to IT functions. An industry-accepted ITRM framework can help you implement an ITRM program quickly and with minimal disruption.

The Federal Risk and Authorization Management Program (FedRAMP) is meant to assure the security of cloud services used by the U.S. government. It standardizes the security assessments, authorizations, and continuous monitoring of cloud service offerings (CSOs) used by federal government agencies.