The latest trend in cybercrime is that attackers don't really focus on “hacking” in; they’re logging in. We see this now in the wild, driven by organized criminal groups like Scattered Spider and BlackCat, who’ve reemerged with a renewed focus on gaining access through legitimate means, often exploiting help desks and social engineering tactics.

Five worthy reads is a regular column on five noteworthy items we have discovered while researching trending and timeless topics. This week’s article elucidates what non-human identities are and why they are garnering attention today. Undoubtedly, today’s digital environment is burgeoning with technological advancements across various spheres, and cybersecurity is no exception. We are in an era where automation, cloud computing, and AI play a more critical role than humans.

RFPs and security questionnaires play an important role in the sales and procurement process, helping buyers evaluate potential vendors and ensuring all necessary criteria are met before entering the contract phase. Despite their importance, the process can be arduous for both buyers and vendors, necessitating the development of tools that are designed to simplify and streamline these tasks.

Security teams are juggling 25+ different security tools that perform different actions across detection, investigation and response. Look up an IP here, send malware to a sandbox there, block an executable over there. What’s worse is that the vast majority of those actions are being performed manually. This approach is simply too slow against fast-moving attackers and malware, and it certainly isn’t sustainable.

Thanks to ChatGPT, you’ve probably heard a lot about generative AI technology over the last few years. Generative AI is artificial intelligence technology that works by taking input data like a request, processing it through different algorithms, and producing an output based on learned patterns. ChatGPT is a generative AI chatbot. 91% of security teams use generative AI, but 65% don’t fully understand the implications.

NISPOM is an increasingly important part of the regulations surrounding work as a government contractor and is especially critical if you handle classified information. It’s also a lengthy and detailed part of the Federal Register and is complex enough that it often takes a specialist to know what’s important and what’s required. So, let’s talk about it.

Mobile devices now account for more than half of all web traffic, and that number seems poised to increase over the next few years. Between the Apple App Store and Google Play Store, there are already more than 5 million applications available — and not all of them are safe. A smart mobile app security strategy can mitigate some of the threats that come from unauthorized, misconfigured, or malicious software.

Do you know how secure your organization’s mobile devices are? You may have a handle on your on-premises device and network security, but the rise of remote employee access and bring-your-own-device (BYOD) policies has created new security challenges. Many organizations rely on endpoint detection and response (EDR) solutions to keep their traditional endpoints secure, but these solutions often don’t prioritize mobile endpoint security.

Smartphones and tablets can be invaluable tools in the workplace. They can also be tempting targets for cyber threats. Mobile attacks are on the rise, and outdated operating systems and misconfigured devices only exacerbate the issue. To protect your data, your users, and your organization’s digital integrity, you need a comprehensive mobile vulnerability management process.

Cybersecurity and operational resilience are paramount for organizations, especially those handling sensitive information. Three prominent compliance standards— the US CMMC 2.0, the Australian CORIE, and the EU’s DORA —address these needs in different sectors and regions. This blog will compare and contrast these standards, highlighting their unique features, similarities, and differences.