As we approach the new year, many organisations will be working out how to prioritize cybersecurity budgets in 2022. However, with the threat landscape evolving so quickly, what may have offered sufficient protection last year, might no longer be viable. This means security leaders will need to complete an evaluation of their organisation’s security posture.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Social engineering attacks are really common, perhaps due to customer service staff being constantly told to present a helpful persona, especially in these tough times where customer retention is important. Vigilance and process are your best friends here.

Configuration management (CM) is a systems engineering process for establishing and maintaining consistency of a product's performance, functional, and physical attributes with its requirements, design, and operational information throughout its life. Configuration management is a form of IT service management (ITSM) as defined by ITIL that ensures the configuration of system resources, computer systems, servers and other assets are known, good and trusted. It's sometimes referred to as IT automation.

Effective cyber security management requires a careful combination of technology, intelligence and expertise. A Security Operations Centre (SOC) is an effective way to strike this balance, providing the full capabilities needed to detect and respond to threats, 24/7/365.

Over the past few years enterprises and industry leaders have been steadily adopting microservices to drive their business forward. At this point, companies like Amazon, and Google, to name a few, must agree that the microservices style of architecture is much more than a passing trend. Along with the many benefits of updating monolith systems to microservices architecture, there are also new security challenges that organizations need to address.

A sudden surge in acceptance of digital onboarding was observed during 2020.This new reality makes the onboarding of new customers a riskier affair. Over 90% of customers think that companies “could do better” when it comes to onboarding new customers. Either enterprises must collect a lot of information to ensure that onboarding customer is authentic which leads to high dropouts or by collecting less information to maintain user experience they jeopardize their security.

Ransomware is a serious security threat affecting companies of all sizes and industries. While the symptoms (an attack) can be extremely damaging and disruptive, the solution can be simple - proactive prevention through a heavy dose of security hygiene. Here we cover the basics of Ransomware and top tips for securing your organization against it.

We asked our Head of Pen Testing, Jed Kafetz, to outline some of the key benefits of and trends in pen testing and share some tips on how to get into it as a career.

Before the eCommerce growth, traditional stores were targeted with Point of Sale and general cyber security risks. This equation is different and more complex today. It is difficult to talk about the best security practices without discussing cyber security risks challenging eCommerce sector growth. It is also a recommended read if the reader is considering sourcing eCommerce solutions to improve their eCommerce business security.

Have the WAF security companies got you thinking that a firewall is enough? In a modern landscape, development and security move faster, and so do web application vulnerabilities. Unfortunately, WAF doesn’t prevent many of these events, and hackers of all hats have known ways of bypassing WAF to exploit common and creative web vulnerabilities.