Among the due diligence a company should perform when signing with a managed detection and response (MDR) provider, one item that may not be top of mind is who owns custom content developed during the service. You may be surprised to find out it’s often the provider, not you. MDR content ownership becomes an issue when you change providers or bring in-house the monitoring capability.

SaaS adoption has skyrocketed, offering organizations undeniable advantages. But beneath the surface lurk overlooked configuration errors. Misconfigured SaaS settings create security gaps. Broad permissions, weak defaults, and forgotten accounts jeopardize your security. These issues act as open doors for breaches and unauthorized access. The sheer scale of the problem is staggering – 70% of company software now resides in the cloud.

Imagine someone having access to all your documents, photos, and even your browsing history. It may sound like something out of 1984, but using Google’s products can be a nightmare for your privacy. Despite this, Google Drive has over 200 million active users choosing to store their files with Google. Although Google offers many features with Drive, Chrome, and YouTube, and more,this convenience comes at a cost—your privacy.

In the landscape of modern application development and deployment, Kubernetes has transcended its adoption phase to become a cornerstone technology for organizations worldwide. According to the Cloud Native Computing Foundation (CNCF), a staggering 96% of organizations are actively using or evaluating Kubernetes, with over 5.6 million developers worldwide embracing its capabilities.

Yep, it’s that time of year again. The moment when that dreaded questionnaire from your Cyber Insurer lands on your desk like a ton of digital bricks. Suddenly, panic mode kicks in, and you’re transported back to those school days, facing an exam that seemed more daunting than Mount Everest. Remember how you used to play the skipping game with exam questions, hoping for a miracle to help you conjure up some brilliant answers? Yeah, it’s like déjà vu all over again.

Managed service providers (MSPs) are an attractive target for cybercriminals because of the large amount of sensitive data they handle and their access to their customers' critical infrastructure. A recent survey revealed that 78% of MSPs consider cybersecurity to be their biggest challenge, which has risen considerably from 67% last year. This trend highlights how important it is for MSPs to invest in innovative cybersecurity solutions and train skilled personnel to protect against new threats.

The Common Vulnerability Scoring System (CVSS) is used to evaluate and communicate the technical severity of software, hardware and firmware vulnerabilities. While CVSS has been around for nearly 2 decades and now stands as an industry standard tool for scoring the severity of a vulnerability, the framework still has its limitations. To mitigate some of these challenges and improve the efficacy of the system, an updated version of CVSS was released in November 2023.

An attack vector, also known as a threat vector, is a way for cybercriminals to gain access to an organization’s network or system. Some common types of attack vectors that organizations need to defend against include weak and compromised credentials, social engineering attacks, insider threats, unpatched software, lack of encryption and misconfigurations. Organizations must identify all of the potential attack vectors and protect their network against them to avoid security breaches.

The role of the Chief Information Security Officer (CISO) has undergone a transformation as profound as the threats we face. Between new regulations such as SEC, NIS2, and DORA, the explosion of generative AI, and the rapidly expanding attack surface, the burden is now on cybersecurity leaders to not only protect the organization but build confidence with customers, regulators, board members, and other stakeholders. The key to building trust? Storytelling.

This is the third in a series of four posts about shadow IT, including how and why teams use unapproved apps and devices, and approaches for securely managing it. For a complete overview of the topics discussed in this series, download Managing the unmanageable: How shadow IT exists across every team – and how to wrangle it.