Malicious actors are constantly finding new ways to deliver their malicious payloads. With the recent migration of businesses moving to web application-based services, file storage, email, calendar, and other channels have become valuable means for delivering malicious code and payloads. In some instances, these services are abused as Command and Control infrastructure since many enterprises trust these services by default.

Achieving comprehensive security for the products delivered and deployed by organizations is becoming more difficult, due to a variety of factors. A key one is the growing volume, variety and complexity of software and connected devices in use. Another is the overwhelming risk of inherited software supply chain exposures. The result: Companies struggle every day to provide software with optimal security and protection against malicious activities, takeovers, data theft, and commercial sabotage.

A world without Linux is hard to imagine. Every Google search we run is accomplished on Linux-based servers. Behind the Kindle we enjoy reading, to the social media sites we spend scrolling away every day sits the Linux kernel. Would you believe your ears if I tell you the world’s top 500 supercomputers run on Linux? No wonder Linux has permeated into every aspect of the digital age, not to mention its steadily growing enterprise user base.

The effects of the global pandemic pushed organizations to accelerate their digital transformation strategies. Because of this, companies in all industries were faced with an array of new technologies like cloud and containers that support the shift to edge computing and remote workers. With so much focus on these factors, companies often overlook some of the repercussions that come along with such rapid innovations. One of which is the need for a new approach to asset visibility.

We are thrilled to announce native support of Kong Mesh, Istio and Kuma within Styra Declarative Authorization Service (DAS), enabling users to combine stellar service mesh solutions with the only authorization management platform that supports trusted cloud architecture. Styra DAS allows teams to manage policies across a broad spectrum of systems, like Kubernetes, microservices, public cloud, and more.

The healthcare industry has always been an appealing target for cybercriminals. From high-value patient data to a low tolerance for downtime that could disrupt patient care, cybercriminals continue to find ways to take advantage of healthcare cybersecurity practices. In recent years, the healthcare industry has seen a 55% increase in cybersecurity threats, turning attacks on healthcare providers into a $13.2 billion industry and making it a gold mine for cybercriminals.

CIS Control 6 merges some aspects of CIS Control 4 (admin privileges) and CIS Control 14 (access based on need to know) into a single access control management group. Access control management is a critical component in maintaining information and system security, restricting access to assets based on role and need. It is important to grant, refuse, and remove access in a standardized, timely, and repeatable way across an entire organization.

On May 1, 2021, ISC² implemented a refreshed set of objectives for the CISSP certification exam for security professionals in order to keep it relevant to the latest technologies and cybersecurity standards, requirements and processes. New information security concepts, terms and acronyms have been added and others are better covered.

I had the pleasure of being at an in-person event recently. Aside from the joy it brought me to simply see people for the three-dimensional beings they are, it was of course incredible to connect with the Information Security community once more. Interestingly, a topic came up in quite a few of my conversations with fellow delegates. And it was one that I wasn’t expecting: encryption. It was often amiable, but on a couple of occasions eyes would roll.

During the pandemic, healthcare and education providers scrambled to adapt to providing services remotely, using tools like Slack, Google Drive, and Zoom to continue connecting with patients and students. McKinsey tracked a spike in the use of telehealth solutions in April 2020 that was 78 times higher than in February 2020. And, by some estimates, more than 1.2 billion children worldwide were impacted by school closures due to the pandemic — some of whom were able to learn remotely.