In May 2024, Vodafone Idea (Vi) became the first Indian telecommunications company to achieve the SOC2 (Service Organization Control 2) Type II Attestation. This accomplishment not only underscores the company’s commitment to stringent security standards but also sets a benchmark for the entire industry.

According to the Identity Theft Resource Center’s (ITRC) 2023 Business Impact Report, 73% of small business owners in the US reported a cyber-attack within the previous year, underlining the growing popularity of small businesses as a target among malicious actors. Given this recent wave of cyberattacks, all small businesses must do their part to secure their Point of Sale (POS) systems from unauthorized parties.

Cybercriminals are notoriously tricky to pin down. They are experts in obfuscation and misdirection, masters of avoiding consequences. Not since the early days of the Wild West have criminals managed to evade capture and maintain anonymity as effectively as modern cybercriminals do. Part of the reason for these staggeringly low conviction rates is that we usually have little idea of what country an attacker is in.

Just when you think bad actors cannot sink any lower, they find a way to. In a recent chilling evolution of ransomware tactics, attackers are now also targeting the families of corporate executives to force compliance and payment. Mandiant's Chief Technology Officer, Charles Carmakal, highlighted this disturbing trend at RSA last week: criminals engaging in SIM swapping attacks against executives' children.

You can’t secure what you can’t see goes the saying in cybersecurity. That’s why holistic visibility is so crucial for organizations tasked with staying safe in the evolving threat landscape, as it gives you full visibility into your environment. But there’s another adage that matters even more, because without access to log sources and the proper ingestion of their data, you can’t see the forest for the trees. But what are log sources? What does proper ingestion look like?

Network hardening involves implementing measures such as configuring firewalls, securing remote access points, blocking unused network ports, removing unnecessary protocols, implementing access lists, and encrypting network traffic to mitigate unauthorized access and bolster the security of a network’s infrastructure. This process involves identifying and addressing vulnerabilities in device management and configurations to prevent exploitation by malicious actors aiming to infiltrate the network.

In today's fast-paced world dominated by AI, BoxyHQ stands at the forefront of innovation. Originally focused on developing security building blocks for developers, our journey has led us to confront the challenges of responsible AI interaction and data protection in the face of AI proliferation. Imagine a world where AI isn't just a tool but an integral part of daily life. Every decision and every interaction is shaped by algorithms and machine learning models.

Imagine receiving a work email from your finance department asking about an overdue invoice. You notice it has a few extra typos and uses strange language, so disregarding it as junk. What you don’t know is that your very busy coworker receives the same email at the same time. Because they’re more distracted than normal, they respond, unknowingly aiding with a business email compromise (BEC) attack.