October is rapidly approaching, and that means new cybersecurity regulations known as NIS2 are set to be enacted by European Union (EU) member states. States are required to publish their local version of the NIS2 Directive into law by the 17th of October. Whilst many countries are well on track, however, some have already acknowledged they will not meet the deadline. This delay leaves organisations somewhat in the dark as to what they will need to comply with and by when.

The most effective Third-Party Cyber Risk Management programs prioritize risk remediation as highly as risk identification. While Security Ratings Service (SRS) have long focused on risk identification, the burden of curation and remediation has traditionally fallen on the customer. Let's look at how best-in-class security programs achieve measurable cyber risk reduction through effective guided remediation.

As artificial intelligence (AI) continues to advance, its impact on cybersecurity grows more significant. AI is an incredibly powerful tool in the hands of both cyber attackers and defenders, playing a pivotal role in the evolving landscape of digital threats and security defense mechanisms. In this blog, let’s explore the ways AI is employed by attackers to conduct cyber attacks, and how defenders are using AI to deter and counter threats.

After a new zero-day vulnerability is announced, the National Vulnerability Database (NVD) publishes a measure of its severity under the Common Vulnerability Scoring System (CVSS). CVSS scores are a crucial tool for organizations as they give an approximation of the severity of disclosed vulnerabilities.

On April 12th, Palo Alto disclosed a vulnerability with a maximum severity rating for the PAN-OS Global Protect Gateway. There was clear evidence that the vulnerability was being actively exploited as early as March 26th. When exploited, this vulnerability enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Palo Alto expected patches to be released for tested mitigations to block known attacks on April 14th.

This is the final installment of our Microsoft Copilot for Security blog series. Over the past eight weeks, our weekly blog helped various cyber security groups see possible use cases for Microsoft Copilot for Security. This final blog explores how AI and Microsoft Copilot for Security can assist external auditors and consultants in interacting with Microsoft Purview. Azure Policy and Microsoft Purview work together to ensure the proper governance and compliance of data assets.