On December 23, 2017 the Thomas Fire, which at the time was the largest wildfire in the history of the State of California, approached the Santa Barbara campus of Westmont College. Students, faculty, and staff could see the smoke in the near distance and the ashes falling on campus. It was as if the sky was literally falling. Clearly, this was no ordinary forest fire—if there is such a thing as an ordinary forest fire.

As cybersecurity measures are improving day by day, threat actors are also being sophisticated and creating high profile attacks to evade modern defense systems. These attacks result in generating major incidents, which are the highest-urgency and highest-impact incidents that can affect too many individuals or/and companies at the same time depriving critical data or hampering critical business operations.

October is Cyber Security Awareness month, and a good time for organizations and anyone who uses the Internet (yes that means everyone) to review security best practices, for a safer user experience. Based on the current state of the Internet, here are our best tips for a better online browsing experience, for website guardians and end users.

Operations security (OPSEC) is a process that identifies friendly actions that could be useful for a potential attacker if properly analyzed and grouped with other data to reveal critical information or sensitive data. OPSEC uses countermeasures to reduce or eliminate adversary exploitation.

Third-party vendors are an important source of strategic advantage, cost savings and expertise. Yet outsourcing is not without cybersecurity risk. As organizations' reliance on third-parties grow, so too does their exposure to third-party risk and fourth-party risk. In fact, a recent HSB survey found nearly half of data breaches in 2017 were caused by a third-party vendor or contractor.

“How do I enable GitOps for my network policies?” That is a common question we hear from security teams. Getting started with Kubernetes is relatively simple, but moving production workloads to Kubernetes requires alignment from all stakeholders – developers, platform engineering, network engineering, security. Most security teams already have a high-level security blueprint for their data centers.

Organizations build a SOC – a dedicated, centralized team of security experts – to effectively detect and respond to advanced threats. However, as SOCs deal with evolving threats and an expanding attack surface, advancements in the stack have not kept pace and analysts are feeling the pain.

Security, privacy, and risk does not have to be scary… but with GDPR, CCPA, and organizations moving to a risk-based approach to security rather than focusing on only compliance, it has become a daunting challenge. What is typically at the heart of organizations? Data and information. The common denominator that makes security, privacy and risk more effective and dare I say, easier?….data governance.

The purpose of a vendor management policy is to identify which vendors put your organization at risk and then define controls to minimize third-party and fourth-party risk. It starts with due diligence and assessing whether a third-party vendor should have access to sensitive data.

Internet Protocol (IP) attribution is the attempt to identify a device ID or individual responsible for a cyber attack (e.g. ransomware or other types of malware) based on the origin of a network packet. An IP address is given to a system for a period of time that enables them to exchange data to and from other devices on networks.