To solve the supply chain security dilemma, producers must get back to security basics. Get best practices for securing your supply chain. Nobody wants to be known as the weak link in the chain—any chain. But too many organizations are at risk of being just that in the digital supply chain because they haven’t made the cyber security of their products a priority. The most recent evidence of that is the SolarWinds/Orion cyber attack that impacted more than 18,000 organizations.

As digital security and data privacy become increasingly caustic issues, regulatory compliance is exceedingly challenging. Not only are various regions implementing unique standards, but industries, municipalities, and platforms are issuing new guidelines as well. While CTOs have many solutions for ensuring system compliance, the human element remains more difficult to oversee, mandate, and manage.

Trying to work out the best security tool is a little like trying to choose a golf club three shots ahead – you don’t know what will help you get to the green until you’re in the rough. Traditionally, when people think about security tools, firewalls, IAM and permissions, encryption, and certificates come to mind. These tools all have one thing in common – they’re static.

With more people working from home, the threat landscape continues to change. Things change daily, and cybersecurity staff needs to change with them to protect information. Threat hunting techniques for an evolving landscape need to tie risk together with log data. Within your environment, there are a few things that you can do to prepare for effective threat hunting. Although none of these is a silver bullet, they can get you better prepared to investigate an alert.

Writing secure code in a way that prevents code injection might seem like an ordinary task, but there are many pitfalls along the way. For example, the fact that you (a developer) follow best security practices doesn’t mean that others are doing the same. You’re likely using open source packages in your application. How do you know if those were developed securely? What if insecure code like eval() exists there? Let’s dive into it.

Cross-site scripting (XSS) is #7 in the current OWASP Top Ten Most Critical Web Application Security Risks – and the second most prevalent web application vulnerability. It is thought to exist in two-thirds of all applications.

When it comes to cybersecurity, industrial IT—consisting mainly of operational technology (OT) and industrial control systems (ICS)—has failed to keep up with development in the enterprise IT world. That’s mostly because industries’ adoption of internet technology has been slower when compared with enterprises. It would take some time to close the gap, but concerted efforts have already been made to upgrade the security of industrial IT and improve the efficiency of OT and ICS.