Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


Five Reasons Why "Never" Being Breached May Not Be A Good sign

While countless companies have found themselves in the headlines after being breached over the last decade, there are also many companies we never hear about. Why is that? What makes them so unique that they were never successfully breached before? Is it that they have top of the line security technology? Is it that they don't have assets that attackers care about? Or is it that they've just gotten lucky thus far? None of those common misconceptions are likely the true reason.

CMMC: The Logical End of ISO 27001, SOC 2 & HITRUST Certifications

In the not-too-distant future, I can clearly see how ISO 27001, SOC 2 and HITRUST certifications could become a diminished, legacy activity, viewed as a rarity left over from marketing efforts to distinguish an organization’s security posture from its competition. Absurd? Unrealistic?

Moving to the Cloud: Motivations Behind the Migration

Consider how many times a day you check your mobile phone, smartwatch, smart TV, and/or other connected devices. How normal does it seem to be reaching out to an external source, not actually sure where this information is stored, or even coming from, but that it’s there, accessible and ready to be taken in? Organizations wishing to migrate to a third-party cloud solution (‘the cloud’) need to understand this point well.

Weekly Cyber Security News 06/12/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. I certainly have some ‘wow’ items for you this week. The first just does not bear thinking about as to the potential impact this breach could have – it really is an horrorfic ‘wow’: We know that BEC fraud schemes hope to take pot luck at a busy employee’s lapse of proceedure, but when they really have you in their eyes, the grip can be just ‘wow’.

Protecting your GCP infrastructure with Forseti Config Validator part four: Using Terraform Validator

In the previous posts of this series, we discussed how you can secure your infrastructure at scale by applying security policies as code to continuously monitor your environment with the Config Validator policy library and Forseti. In this article, we’ll discuss how you can reuse the exact same policies and Terraform Validator to preventively check your infrastructure deployments, and block bad resources from being deployed in Google Cloud Platform (GCP).

Cyber Security Protocols That You Should Know

According to the recent research on cyber security, a significant amount of security breaches happens due to human error. In this article, we took a closer look at cyber security protocols that can help you eliminate the human error and keep your organization safe. The recent research on cyber security illustrates that a great number of security breaches take place because of human error.

Key Takeaways from the CCPA Audit Webinar with Dr. Maxine Henry

Dr. Maxine Henry, one of Reciprocity’s renowned GRC experts, led a webinar on the California Consumer Protection Act (CCPA). This sweeping legislation creates data privacy rights for covered consumers—which means it also imposes obligations on businesses to safeguard personal information. Before implementation on January 1, 2020, Dr. Henry discusses how to prepare.

Major data center provider hit by ransomware attack, claims report

CyrusOne, a major provider of enterprise data center services, is reported to have suffered a ransomware attack. The Dallas-headquartered company, which operates more than 30 data centers across the United States, China, London, and Singapore, is reported by ZDnet to have had some of its systems infected by the REvil (Sodinokibi) ransomware.