Business is inherently risky. Types of risk abound: financial, legal, regulatory, reputational and more. In the most extreme scenarios, failing to maintain an acceptable level of risk could result in injury or death, as in a factory; or, in the case of critical infrastructure, widespread economic catastrophe.

Assessing the cybersecurity risk posed by third-party vendors and service providers is time-consuming, operationally complex, and often riddled with errors. You need to keep track of requests you send out, chase up vendors who haven't answered, and ensure that when they do they answer in a timely and accurate manner.

As we head into Q3 of 2020, life is looking quite different for all of us around the world. With many governments beginning to implement plans to ease restrictions, economies are expected to slowly regain their footing. Even as brick and mortar businesses around the world gradually re-open, we will continue to see a trend towards contactless payments, digital banking, online orders and e-commerce.

If your organization offers or needs cyber security solutions, you must have heard of the Advanced Encryption Standard before. In this article, we will take a closer look at AES and how it can be beneficial for your organization. The Advanced Encryption Standard (also known as Rijndael) is one of the most popular global encryption standards, that is why its acronym AES keeps coming up in almost every discussion related to cyber security.

The energy industry used to operate on a simple hub-and-spoke model, in which large power plants would produce energy in a centralized location and distribute it out to consumers. Yet as solar, wind, and other small-scale renewable energy sources take hold in the market, that hub-and-spoke model is being replaced by a complex grid of interconnected devices.

If, like many organisations, your business has been forced to support mass employee remote working, it’s likely that you’ve also had to roll out new services and applications to maintain business continuity and productivity. Understandably, cyber security may not have been front of mind during this process.

Even with tough economic times, e-commerce is up 25% since the beginning of March. But, fraud has increased as well; according to Malwarebytes online credit card skimming has increased by 26% in March alone. In our April “Staff Picks for Splunk Security Reading” blog post, I referenced a story about an e-commerce site getting hacked with a “virtual card skimmer” (thanks Matthew Joseff for sharing this with me).

DNS spoofing, or DNS cache poisoning, is a cyber attack where false Domain Name System (DNS) information is introduced into a DNS resolver's cache. This causes DNS queries to return an incorrect response, which commonly redirects users from a legitimate website to a malicious website designed to steal sensitive information or install malware.

The most critical element in combating malicious attempts on technology today is visibility. When considering the sheer amount of various cloud, firewall, IDS/IPS, anti-virus, etc. offerings, integrations are a necessity to enable effective security.

Digital attacks continue to exploit coronavirus 2019 (COVID-19) as part of their malicious operations. On May 5, 2020, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) along with the United Kingdom’s National Cyber Security Centre (NCSC) published a joint alert in which they revealed that they had witnessed APT actors targeting local governments, academia and pharmaceutical companies.