In the OT space it is increasingly common to see devices that are used to bridge the gap between the world of PLCs and IP based networks. These types of devices are commonly referred to as ‘smart-devices’. While smart-devices offer the convenience of remote management, this functionality also may create potential weaknesses exploitable by threat actors as well, and practical exploitation of such flaws is being witnessed in the wild.

In part 1 of this series, we discussed data privacy, the related laws, and the data collection practices that help comply with those laws. In this blog, we’ll take a look at the challenges in securing customer data and five effective steps to overcome them. Many countries deem data privacy a fundamental human right and have implemented data protection laws.

There are unquestionable advantages to cloud native technologies, but significant challenges as well. Case in point: microservices authorization. Microservices have, for many companies, become the architecture of choice for cloud native apps — whether for migrating legacy apps or building new cloud native applications.

For the next installment in our series of interviews asking leading security and compliance specialists about their achievements in their field, we’ve welcomed Rhia Dancel, Lead Auditor and CMMC Registered Practitioner with the NSF. Rhia Dancel is an ISO/IEC 27001 and 9001 Lead Auditor for NSF-ISR as well as a CMMC Registered Practitioner and has previously held several auditing and technical positions in information security and pharma quality sectors.

The Center for Internet Security (CIS) controls are a relatively short list of high-priority, highly effective defensive actions that provide a “must-do, do-first” starting point for every enterprise seeking to improve its cyber defense. Initially developed by the SANS Institute and known as the SANS Critical Controls, these best practices are indispensable to organizations both large and small. By adopting these sets of controls, organizations can prevent the majority of cyberattacks.

Findings from our recent report, Fighting phishing: the IT leader's view, reveal that 98% of the companies surveyed conducted some form of cybersecurity training over the past 12 months. Yet, despite these efforts, employees keep falling for phishing attacks. Our research shows that 84% of the organizations we surveyed last year were phishing victims – a 15% increase from our 2021 report, The real and rising risk of phishing.

Recently, ThreatQuotient hosted an interactive discussion regarding security orchestration and cyber security automation adoption – what it is, what it’s meant to do, and why it can present a challenge for security teams to set up and maintain. What we heard from attendees was that the most common issues preventing them from integrating some form of security automation into their internal processes are the necessary time and resources.

The OWASP API Security Top 10 list highlights the most critical API security risks to web applications. Shifting security left means that API security can’t be left only to security teams. Developers need to be on top of potential vulnerabilities and remediate them as they develop. Building security into DevOps means we need to be thinking about how to deliver secure, high-quality code at velocity. Having some basic API security info under your belt will help.