Kroll, Red Canary and VMware conducted a survey of over 400 information security and 100 legal and compliance leaders from companies with over $500M in annual revenue to capture the current state of incident response from a technical and legal perspective. Our goal was to highlight trends, identify common challenges and understand how organizations are maturing their preparedness, detection and response programs.

A cybersecurity threat is the threat of malicious attack by an individual or organization attempting to gain access to a network, to corrupt data or steal confidential information. No company is immune from cyber attacks and the data breaches that can result. Some cyberattacks can even destroy computer systems. As cyber threats become increasingly sophisticated, your business must implement the security needed to safeguard its data and networks.

In December 2020, the world discovered that the SolarWinds’ Orion Platform had been compromised by cybercriminals, potentially affecting thousands of businesses the world over. Security groups such as the National Cyber Security Centre (NCSC) provided advice and guidance to security teams and IT companies on what actions they should take to minimize the impact on them and their customers.

Many frameworks, standards, and regulations require organizations to have an IT Asset Management program in place. However, the understanding of what separates a mature Information System Inventory (ISI) from an IT Asset Inventory and the benefits realized from an ISI are generally less well understood. Naturally this may lead to a higher likelihood of deprioritizing an ISI in favor of what are viewed as more pressing security needs. Figure 1.

In a nutshell, a data subject access request – or DSAR for short – is when someone asks a organisation for a copy of all personal data they hold about them, and then that organisation provides it in a clear and structured way. In addition to the data itself, DSARs allow a data subject (like you or me) to find out things like what the organisation is doing with the data, who they’re sharing it with, how long its held on to for, where they got it from, and so on.

Adaptation of large-scale web applications at a wider level in several multi-faced industry verticals like healthcare, banking, intelligence services and others has exposed them to massive data breaches. Despite increasing awareness about security, complex threat vectors continue to put organizations across the globe under attack.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. I admit this is frivolous, and low risk, but come on…. The increasing completely pointless devices out there that insist on Internet connection when you are highly unlikely going to be out of sight of said device is bonkers… No…

The rising trend in data breaches continues to angle upwards, and as a result, there has never been a more precarious time in history to launch and maintain a successful business. To prevent the repetition of mistakes that result in data theft, we’ve compiled a list of the 56 biggest data breaches in history, including recent data breaches in 2021. Click on the table of contents dropdown above for a list of all the companies in this post.

All security flaws should be fixed, right? In an ideal world, yes, all security flaws should be fixed as soon as they’re discovered. But for most organizations, fixing all security flaws isn’t feasible. A practical step your organization can – and should – take is to prioritize which flaws should be fixed first.

If you caught part one of our recap series on this year’s Collision conference, you know we covered a roundtable talk hosted by Veracode’s own Chris Wysopal. The talk focused on the risks of AI and machine learning, delving into discussions of how to manage the security aspects of these future-ready technologies — especially when it comes down to consumer privacy.