In the first part of this series, we looked at some common issues when a Chief Information Security Officer (CISO) is communicating with the Board. At the heart of many of these issues is how the CISO and upper management view security. As one CISO recently told me, "It's a catch-22 situation: If the business leaders don't consider this to be a business problem, they are unlikely to listen to people they don't consider to be business leaders telling them it is.".

Phishing emails are a tremendous threat and one of the most common vehicles cyber criminals use to trick employees and succeed in their attacks. Cybercriminals are on a mission to gain access to sensitive information, such as login credentials, business information, customer data, or financial data. Despite the best efforts by IT departments and security professionals to put the proper filters in place, cybercriminals still often find a way to get into employee inboxes with their phishing schemes.

An Incident Response Plan prepares a business for responding to a security breach or cyber-attack. An Incident Response Plan outlines the steps an organisation should take when they discover a potential cyber-attack, allowing them to quickly identify, contain, and remediate threats. It’s also essential for organisations to have processes in place when reporting a cyber attack.

The accolades continue for Salt Security! Hot on the heels of being named in Inc.’s Best Workplaces 2023, our platform has now been included in the CyberTech 100 list, which highlights the top companies in cybersecurity for financial services organizations. These company recognitions also follow a slew of recent awards for us, among them the Ally Technology Peace of Mind award presented by Ally Financial, the largest US digital-only bank and auto finance company.

McPherson Hospital is a large-scale health facility in McPherson, Kansas. The hospital employs more than 225 people and offers walk-in care, emergency care, primary care services, and a range of specialty health services. This large facility generates approximately $7 million in revenue annually. It was hit by a data breach recently, risking the information of patients significantly.

Kubescape is an open-source, CNCF sandbox, end-to-end Kubernetes security tool designed to assess the security posture of Kubernetes clusters created by ARMO. It helps identify security risks and misconfigurations that could potentially be exploited by attackers, and provides automatic assistance to remediate them. Kubescape was launched less than two years ago, in August 2021, and already has more than 8.3K stars on GitHub, and over 100 open-source contributors.

Red Teaming will always have similar concepts and strategies, but no Red Team endeavour is the same, and the meaning may change from one organization to another. Simply stated, Red Teaming is acting as an adversary within your own network to achieve a scenario or objective that a potential attacker can leverage or has value. A true Red Team objective should not be to achieve the goals as quickly as possible. A Red Team operation requires a dedicated team, the right tools, and patience.

Akira is a new family of ransomware, first used in cybercrime attacks in March 2023.