When thinking about many of the worst data breaches we’ve seen so far (Equifax, CapitalOne, Target, Home Depot, and more), there was one common element: The attacks were not detected while they were active on the internal networks. It’s easy to think of the internal network as what’s onsite and directly in control. However, an organizations internal network also includes what extends beyond what’s on-premises, like instances within the public cloud and off-site hosted data centers.

In the age of the digital world, cyber threats and vulnerabilities have gained the attention of security leaders as well as countries across the globe. The issue of cyber warfare is no longer limited to organizations. Rather, even state-sponsored cyber-attacks are being organized and launched against enemy states.

Sebastian Neef (@gehaxelt) is a IT security freelancer and a top contributor from the Detectify Crowdsource community. In this guest blog, he looks at ways WordPress plugins leak sensitive data in the wild: The OWASP Top 10 puts Sensitive Data Exposure on the 3rd place of the most common web security issues. In this blog post we will have a look at sensitive data exposure that you might not be aware of.

Given the complexity of large enterprise environments, coupled with the diversity of the vendor landscape, there is no single, agreed-upon “best” way to buy security. The battles continue between CAPEX or OPEX, net-30 or net-90, annual or multi-year, perpetual or subscription. One thing we do know, however, is that all too often the consumer pays for something he or she does not use.

The United States’ National Security Agency (NSA) has put together a short guidance document on mitigating vulnerabilities for cloud computing. At only eight pages, it is an accessible primer for cloud security and a great place to start before taking on something like the comprehensive NIST 800-53 security controls.

The Standardized Information Gathering (SIG) questionnaire is used to perform an initial assessment of vendors, gathering information to determine how security risks are managed across 18 different risk domains. SIG was developed by Shared Assessments and is a holistic tool for risk management assessments of cybersecurity, IT, privacy, data security, and business resiliency. The SIG questionnaire was created by Shared Assessments.

Social engineering is the art of human deception. In the world of cybersecurity, it’s how to fool human beings in order to conduct cyber attacks. Some of these cyber attacks can be very expensive to your business! In fact, many of the worst cyber attacks to your organization’s network start with fooling you or one of your employees. Penetrating a network without human interaction is really tough.

During the past year, we have witnessed significant data breaches that have impacted industries ranging from hospitality to legal to social media. We have seen a continuation of financially motivated threats, such as business email compromise (BEC), which continue to plague corporate bank accounts. Ransomware has brought multiple cities, schools and universities to their knees, earning threat actors significant funds.

The quality of Redscan’s cybersecurity services has been recognised in the 2020 Cybersecurity Excellence Awards.

The Vendor Security Alliance (VSA) questionnaire was created by a coalition of companies committed to improving Internet security. It is one of the most well-known, highly respected security questionnaires, alongside: The VSA questionnaire is free to use and accessible on the VSA website.