Elaine Feeney is a member of the Netskope Network Visionaries advisory group. For any business, speed matters a lot. Speed of service is key to happy customers because any delays that users experience directly impact the success of the organization. Security processing that causes delays for the customers or employees has negative business impacts. Now more than ever, security controls have become a board-level priority due to elevating risks.
CI/CD pipeline attacks are a growing threat to enterprise security. In this article, we’ll provide an overview of CI/CD for non-developers, discuss the cybersecurity issues involved, and offer some recommendations for developers, companies, and security teams.
In the OT space it is increasingly common to see devices that are used to bridge the gap between the world of PLCs and IP based networks. These types of devices are commonly referred to as ‘smart-devices’. While smart-devices offer the convenience of remote management, this functionality also may create potential weaknesses exploitable by threat actors as well, and practical exploitation of such flaws is being witnessed in the wild.
In part 1 of this series, we discussed data privacy, the related laws, and the data collection practices that help comply with those laws. In this blog, we’ll take a look at the challenges in securing customer data and five effective steps to overcome them. Many countries deem data privacy a fundamental human right and have implemented data protection laws.
There are unquestionable advantages to cloud native technologies, but significant challenges as well. Case in point: microservices authorization. Microservices have, for many companies, become the architecture of choice for cloud native apps — whether for migrating legacy apps or building new cloud native applications.
For the next installment in our series of interviews asking leading security and compliance specialists about their achievements in their field, we’ve welcomed Rhia Dancel, Lead Auditor and CMMC Registered Practitioner with the NSF. Rhia Dancel is an ISO/IEC 27001 and 9001 Lead Auditor for NSF-ISR as well as a CMMC Registered Practitioner and has previously held several auditing and technical positions in information security and pharma quality sectors.
The Center for Internet Security (CIS) controls are a relatively short list of high-priority, highly effective defensive actions that provide a “must-do, do-first” starting point for every enterprise seeking to improve its cyber defense. Initially developed by the SANS Institute and known as the SANS Critical Controls, these best practices are indispensable to organizations both large and small. By adopting these sets of controls, organizations can prevent the majority of cyberattacks.
Findings from our recent report, Fighting phishing: the IT leader's view, reveal that 98% of the companies surveyed conducted some form of cybersecurity training over the past 12 months. Yet, despite these efforts, employees keep falling for phishing attacks. Our research shows that 84% of the organizations we surveyed last year were phishing victims – a 15% increase from our 2021 report, The real and rising risk of phishing.
