The growth in frequency and severity of cyberattacks has caused organizations to rethink their security strategies. Major recent security threats, such as high-profile ransomware attacks and the Log4Shell vulnerabilities disclosed in 2021, have led to a greater focus on identity protection as adversaries rely on valid credentials to move laterally across target networks.
The federal government continues to make progress towards Zero Trust (ZT) adoption. On May 12, 2021, President Biden signed Executive Order 14028 to improve the nation’s cybersecurity and protect federal government networks and on January 26, 2022, the Office of Management and Budget (OMB) released a Federal strategy to move the U.S. Government toward a Zero Trust approach to cybersecurity.
Whether you own a small business or you are a member of a global enterprise you may be wondering whether or not cyber insurance is worth the investment. In this article I will cover the benefits of cyber insurance, how it differs from standard liability insurance, trends in the cyber insurance industry, and many other burning questions you’re likely to have when deciding if cyber insurance is right for your business.
Recently, we have been facing a recurring problem related to cloud security – breaches based on credentials leak or breakage. Users tend to log into their accounts using a single factor system, such as a user and password combination. This introduces a single point of failure in your account’s security. Weeks ago, we read a tweet about a person dealing with a huge AWS bill due to a stolen key that was taken by attackers to use AWS Lambda functions for crypto mining.
The dreaded data ditch. You might not even know your organization is stuck in it – the company might still be acting on gut feel as opposed to relying on data, the data you have might be ungoverned and inaccurate, or you’re waiting weeks, even months, for your teams to glean useful insights. You’re not alone. Data leaders like yourself keep falling into the data ditch.
Developers take a lot of pride in their work. We strive to consistently deliver the best code and avoid dangerous edge-cases. Which is why we aim to detect and remediate bugs before they ship through testing and code reviews. However, when it comes to security, sometimes we fall flat. When a team lacks the proper security tooling, it can stunt development, create extra work, and deliver dangerous security defects to clients and end-users.
The PCI certification process is quite comprehensive and relates to infrastructure, software and employee access to systems, in particular to datasets and the way that they are accessed. These checks are critical not only to the wider payments industry but also to create a level of trust with users knowing their data is protected. The PCI compliance process is a number of checks, usually by an accredited third party, to ensure that secure data handling processes are in place.
Spambrella continues to monitor the situation in Ukraine and Eastern Europe closely. At this point, it appears that Russian cyberaggression remains regionally focused on Ukrainian government interests, critical infrastructure, and emergency response in the region.
You’ve likely been practicing good personal hygiene since childhood, but have you heard of cyber hygiene? Similar to personal hygiene practices which maintain good health and well-being, cyber hygiene practices maintain the health and well-being of your sensitive data and connected devices. This blog will define cyber hygiene, discuss the importance of maintaining cyber hygiene and explore best practices for ensuring cybersecurity.
