Helping to define and examine the top perceived cloud security threats of the day, the ‘Egregious Eleven’ is the most recent iteration in an evolving set of summary reports published by the Cloud Security Alliance (CSA). It follows on from the ‘Treacherous Twelve,’ which they defined for us in 2016, and the ‘Notorious Nine,’ which they presented in 2013.
In cybersecurity, an attack vector is a path or means by which an attacker can gain unauthorized access to a computer or network to deliver a payload or malicious outcome. Attack vectors allow attackers to exploit system vulnerabilities, install different types of malware and launch cyber attacks. Attack vectors can also be exploited to gain access to sensitive data, personally identifiable information (PII) and other sensitive information that would result in a data breach.
We all know about the type of attacker who leverages their technical expertise to infiltrate protected computer systems and compromise sensitive data. This breed of malicious actor makes news all the time, prompting us to counter their exploits by investing in new technologies that will bolster our network defenses. However, there is another type of attacker who uses different tactics to skirt our tools and solutions.
Privileged access management (PAM) consists of strategies and technologies for exerting control over the elevated (“privileged”) access and permissions for users, accounts, processes and systems across an IT environment. By implementing an appropriate level of privileged access controls, PAM helps organizations condense their organization’s attack surface and prevent, or at least mitigate, the damage arising from external attacks as well as from insider wrongdoing or negligence.
When companies are investigating the weak points in their cyber defenses, they must look beyond their IT infrastructure. In most cases, an organization’s biggest security vulnerability does not stem from the machines on its network, but from people on the payroll. And because this is common knowledge to threat actors, social engineering attacks that target employees generally constitute a bigger threat to businesses than cyber campaigns that directly attack computer systems.
We are proud to partner with Fortinet and join their Fabric-Ready Technology Alliance Partner program. With this partnership, Fortinet customers will be able to extend their network security architecture to their Kubernetes environments. Our partnership was driven from interest from Fortinet’s customers to protect their Kubernetes based infrastructure. Kubernetes adoption is growing like wildfire and nearly every enterprise on the planet is at some stage of their Kubernetes journey.
With more and more automation systems and industrial devices being connected to networks, raw data from every device can be transformed into a treasure chest of valuable information. Granted, this data can help to optimize the process, but with connectivity comes new ICS cybersecurity concerns.
Over the past few years, there has been a massive cultural and legal shift in the way consumers view and secure their personal data online that’s in line with the rise of advanced technologies like artificial intelligence. Concerned by an increasing rate of incidents that range from the 2017 Equifax hack to the scandalous Cambridge Analytica gaming of consumers’ social media data for political purposes, policymakers have begun to strike back on consumers’ behalf.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. Quite a bizarre selection for you this week. The first, and well, what can I say? Another example of our robot overlords failing.
