The SecurityScorecard team has just returned from an exciting week in San Francisco at RSA Conference 2023. This year’s theme, “Stronger Together,” was meant to encourage collaboration and remind attendees that when it comes to cybersecurity, no one goes it alone. Building on each other’s diverse knowledge and skills is what creates breakthroughs.

Communications company AT&T offers email services to many of its customers. Those emails have recently been compromised by way of an interesting exploit that is costing customers millions of dollars in stolen cryptocurrency. AT&T customers are having their email accounts attacked, and those exploited email accounts are being used to steal additional data and to access cryptocurrency exchange accounts, which is a very serious issue for the impacted users.

According to a 2022 Gartner survey, 84 percent of executive risk committee members say that “misses” in third-party risk resulted in disruption to their business operations. That statistic is alarming, considering that most enterprise organizations have extensive third-party relationships with vendors, suppliers, and partners for business innovation or operational efficiency.

Security professionals have become all too familiar with the threat posed by phishing. Whether it’s a convincing looking email asking an employee to click a link to update their login credentials or a surprise text from the CEO asking them to send over gift card codes for a customer, phishing attacks have only continued to grow over the years. For 2023 alone, 33 million data records are expected to be compromised due to phishing attacks.

The move to hybrid work environments came suddenly for some organizations, while for others, it had been building incrementally. Regardless of how it happened, few came to it with a strategic plan for how IT would handle it. The result has been myriad challenges that span the physical and digital. On the digital front, one of the biggest challenges is related to secure file sharing.

While there continues to be (limited) debate about on-premises file servers and cloud file storage, the fight is over, and the cloud has won. If you are still in doubt, take a few minutes to review the limitations and costs of on-premises file servers as well as the benefits of cloud file servers.

Last CIO Week, we showed you how our network stacks up against competitors across several countries. We demonstrated with our tests that Cloudflare Access is 38% faster than ZScaler (ZPA) worldwide. Today we wanted to focus on LATAM and show how our network performed against Zscaler and Netskope in Argentina, Brazil, Chile, Colombia, Costa Rica, Ecuador, Mexico, Peru, Uruguay and Venezuela.

Data security policies are most often targeted around insider threats and external attackers, but your distributors can equally put intellectual property (IP) protection and other sensitive data at risk. IP is arguably a business’s most valuable asset and can take the form of product designs, software code, media content, etc. Protecting your IP is important because it allows your business to maintain a competitive edge in the market and generate revenue from your innovation.

Threat modeling is a critical part of building high-performing, secure systems. It is responsible for “analyzing representations of a system to highlight concerns about security and privacy characteristics.”1 Creating an effective threat model involves two main steps: system modeling to map out all existing system components and the relationships between them, and threat elicitation to identify areas in the system that could be vulnerable to a security issue.

Cybercriminals are sneaky. They know that the weakest link in an organization’s cyber defenses is its supply chain. In fact, supply chain attacks are now the avenue of choice for hackers. Consider the facts.