It is increasingly common for Salesforce Orgs to be in scope for SOX. Auditors are concerned about revenue-related data and critical business processes on the platform. The problem is that Orgs are complex, often highly customized, and much of what auditors are most concerned about is hidden away in custom objects or very difficult to track.

SOC 2 – which stands for System and Organization Control 2 – is a cybersecurity compliance framework that specifies how third-party service providers should store and process organizational and client data. SOC 2 is part of the American Institute of Certified Public Accountants’ (AICPA) SOC reporting framework and utilizes the AICPA Statement on Standards for Attestation Engagements No. 18 (SSAE 18) standard.

You can stay safe from gift card scams by checking gift cards for physical tampering before purchasing them and avoiding requests that ask you to purchase gift cards as a form of payment. While gift cards are a common gift that many people choose to give each other, they are also commonly used by scammers for financial gain. According to the Better Business Bureau, gift card scams increased 50% from 2022 to 2023 with losses from January to September 2023 totaling $147 million.

The ISA-62443 series of standards, developed by the International Society of Automation (ISA), is a comprehensive set of guidelines for ensuring the security of Industrial Automation and Control Systems (IACS). ISA 62443-2-1:2009 is one specific standard within this series that focuses on establishing an industrial automation and control systems security system.

The International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) started creating the 62443 series of standards in 2002.

Kansas State University (K-State) is below Tuttle Creek Lake in northeast Kansas. The university serves 20,000 students, employs a complex faculty of emeritus, postdocs, and graduates, and offers over 50 programs. On Tuesday (January 16th, 2024), K-State published a statement concerning the disruption of some of its services; hours later, a preliminary investigation determined the cause of the disruptions came from a cybersecurity event.

This week was slow in the cybersecurity breach world; a combined 775k records got exposed stemming from two health centers (Singing River Health and Harris Center for Mental Health and IDD) and a nationwide mortgage lender (Academy Mortgage Corporation); a communications security solution (Egress) released a risk report urging action of business leaders; and Kansas State University suffered widespread disruptions, potentially compromising the sensitive data of their students and faculty.

Ransomware poses a pervasive threat to businesses, with no foolproof method to completely ward it off. However, organizations can adopt practical measures to reduce their vulnerability and bounce back swiftly in the face of an attack. While all organizations are potential targets by ransomware threat groups, Trustwave SpiderLabs’ most recent threat intelligence report noted the manufacturing sector is the most impacted industry by ransomware.

The OWASP Mobile Application Security Testing Guide (MASTG) and the OWASP Mobile Application Security Verification Standard (MASVS) are two vital resources that have been instrumental in reshaping the landscape of mobile app security. Developed by cybersecurity experts, the MASTG is an elaborate manual that describes the technicalities for meeting the security requirements listed in the OWASP Mobile Application Security Verification Standard (MASVS).

According to Vanta’s State of Trust Report, 54% of businesses say that regulating AI would make them more comfortable investing in it. But with regulation still in flux, how can companies adopt AI safely and responsibly to minimize risk while accelerating innovation?