Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Businesses of all types face a variety of direct and indirect cybersecurity risks that originate from external sources. Protecting against them is where External Risk Mitigation and Management, or ERMM, comes into play. Here’s a look at the role that the ERMM process plays in providing the intelligence, scoping and discovery capabilities that modern organizations need.

Cyjax analysts have identified the distribution of STOP ransomware on Google Groups through mass spam attacks on Usenet. Over 385,000 posts have been observed, which contain malicious links resulting in ransomware infection. This campaign, henceforth referred to as “STOPNET.GG”, has been in operation since at least May 2023, and is ongoing at the time of writing.

LockBit continues to be a top threat for organizations in the very diverse ransomware landscape. In the first half of 2023, there were more successful LockBit attacks than using any other ransomware family, with BlackCat and Clop coming in second and third. LockBit continued to successfully breach the world’s top companies and governmental agencies throughout 2023.

The Indian government implemented the Data Protection and Privacy (DPDP) Act, a groundbreaking measure designed to regulate data protection within the country, in August 2023. In today’s rapidly evolving digital era, it has become increasingly important to have robust legislation in place to safeguard people’s data. With so much information being shared online, this act protects our data from misuse and unauthorized access.

If you want to significantly reduce the attack surface and data breach risks for your organization, zero trust architecture may be the answer. This approach is becoming a priority for global organizations and tech giants like Microsoft that seek to reduce cybersecurity risks in their IT environments. It’s no wonder then that 10% of large organizations will have a comprehensive and mature zero trust program in place by 2026, according to Gartner’s predictions.

Artificial Intelligence tools such as Bard, ChatGPT, and Bing Chat are the current big names in the Large Language Model (LLM) category which is on the rise. LLMs are trained on vast data sets to be able to communicate by using everyday human language as a chat prompt. Given the flexibility and potential of LLMs, companies are integrating them into many workflows inside the tech industry to make our lives better and easier.

Cybersecurity forms the backbone of safeguarding your business’s data. With cybercrime becoming more sophisticated, traditional security measures are often insufficient. Staying vigilant and proactive is more important than ever. Penetration testing, a critical component of a comprehensive cybersecurity strategy, plays a pivotal role in this endeavour.

While businesses might have become more prepared for direct cyberattacks, 2023 demonstrated that unfortunately a business is only as secure as the organizations within their environment. Third-party risk, which is to say any risk to an organization by external parties in its ecosystem or supply chain, was the headline culprit in 2023.

DSPM or Data Security Posture Management is the modern approach to securing the information ecosystem. It represents a pivotal shift from the traditional castle-and-moat approach focused on IT devices to one that is focused on data.

DevSecOps – for many, it feels like a magical black box where code and sensitive digital assets go in one end, and a working piece of software comes out the other. Security practices within the development and operational phases can often get lost. Organizations that haven’t adopted DevSecOps see half of their apps at risk of attacks, while those with a DevSecOps-first approach have only 22% at risk. That’s why the core principles of DevSecOps are important.