Observability has gained a lot of momentum in the past year, be it full stack observability or data observability. Modern complex IT systems using clouds, microservices and serverless are easy to develop and deploy but extremely difficult to observe. These systems generate tremendous amounts of data and need an automated way of handling the volume. The next era of delivering customer experience is underpinned by the full stack observability capability.

In the wake of the takedown of the REvil/Sodinokibi ransomware gang by the Russian Federal Security Service (FSB) on January 14, Eastern-European cybercriminals are feeling the ground shake. In the days following the FSB action, Trustwave SpiderLabs researchers have analyzed a slew of Dark Web chatter and have found that this potential new world is breeding fear in that community.

In September 2021, the Indian Markets Regulator, Security, and Exchanges Board of India (SEBI) banned an employee of an Indian MNC headquartered in Bangalore and his counterpart, an employee of a leading Global information technology company from trading in stock exchanges till further orders. An impounding of illegal proceeds of 2.62 crore rupees were generated through insider trading activities. This is just an example of insider trading.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24.

MSPs are playing an increasingly important role in organizations' cybersecurity. This is the key finding from our Pulse "Outsourcing Security" survey of more than 100 organizations worldwide: 88% of respondents are outsourcing their cybersecurity processes or tools, and the most common type of outsourcing agreements selected is through MSPs (55%).

Single sign-on, or SSO, is a valuable addition to your enterprise security arsenal. It doesn’t protect against every threat, but it can reduce your attack surface, lower IT costs, and provide a better login experience for your employees.

In what is being described as the most significant update to the scheme since it launched in 2014, the National Cyber Security Centre (NCSC) has announced that the technical controls for Cyber Essentials and Cyber Essentials Plus will be updated as of 24th January 2022. The change is to bring the scheme in-line with the evolving cyber security challenges that organisations now face, particularly around the adoption of cloud services and hybrid working.

The results from the 2021 Global Security Attitude Survey paint a bleak picture of how organizations globally are feeling about the cybersecurity landscape before them. Organizations are grappling with shortages of cybersecurity skills and a lack of capability to detect and contain intrusions in a timely way.

Privilege abuse is the top misuse-related reason for data breaches according to the 2021 Data Breach Investigations Report by Verizon. To mitigate the risk of data leaks and other incidents, it’s crucial to enhance the protection of critical assets and keep a close eye on the activity of privileged users. Yet it can become a real ordeal for an IT security manager not only to secure access to their organization’s servers but also to track and manage all privileged sessions.

The threat landscape is expanding and security professionals are barely keeping up. On a daily basis, CISOs and cybersecurity staff need to contend with new malware variants, data breach attempts, ransomware attacks, zero-day exploits - all while ensuring uninterrupted dedication to vendor risk mitigation efforts. With so many cyber threats testing your cyber resilience at once, where should you focus your cybersecurity efforts?