As Chief Information Security Officers (CISOs), it's crucial to manage risks in a holistic and consolidated manner as the landscape of threats, particularly those targeting applications, continues to evolve and expand. With the increasing reliance on digital technologies, artificial intelligence (AI), and cloud-based services, the attack surface for potential cyber threats is growing and changing.

When it comes to vulnerability management, time is critical - every minute a vulnerability goes unaddressed, the risk escalates. To ensure all risks are addressed, security teams need vulnerability management processes that are reliable and efficient, and, crucially, don’t drain their resources. And given that 22% of cybersecurity professionals have admitted to ignoring an alert completely, we can’t afford to rely on the human element alone.

Last week I met with a Director of a European Bank. A question he asked me was "How much should we spend on Cyber Security"? As there is no one-size-fits-all answer to this question, I will try to break it down: Small Businesses (1-50 employees): Secure Your Startup/ SMB/ SME Medium Businesses (51-500 employees): Step Up Your Game Large Businesses (500+ employees): Go Big on Security Enterprise Level (5000+ employees): Fortify the Fortress Bonus Tips Practical Steps Invest in Cybersecurity.

Trustwave SpiderLabs, in its just-released report 2024 Professional Services Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies, has uncovered an increasing number of ransomware, third-party supplier, and technology-based attacks targeting the professional services sector.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for newly discovered or analyzed threats by the SafeBreach Labs team. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats.

On June 25, 2024, the Sansec security research and malware team announced that a popular JavaScript polyfill project had been taken over by a foreign actor identified as a Chinese-originated company, embedding malicious code in JavaScript assets fetched from their CDN source at: cdn.polyfill.io. Sansec claims more than 100,000 websites were impacted due to this polyfill attack, including publicly traded companies such as Intuit and others.

CISOs today intersect with all facets of the business, whether that be liaising with network teams to manage performance, or balancing the costs of IT operations to avoid isolation from core business functions. Successful CISOs navigate these intersections by adopting proactive strategies in order to transition from a back-office role and become recognised as valued strategic partners within their organisations.

There’s a new navigation experience in Tines that’s been created with usability in mind. We’ve reorganized our main menus and brought core areas to the forefront for easier access.