Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

To find out, check out Episode 19 of the Cyjax Geopolitical and Cybersecurity Podcast. Here’s a summary of what’s on the table… A new year brings new threats! So join our CISO Ian Thornton-Trump CD and his guests Lisa Forte, Partner at Red Goat Security and Philip Ingram MBE of Grey Hare Media, for expert analysis of how some of the more compelling world events set to take place this year could impact global stability and security.

As cyber threats get smarter every day, businesses must now make sure they are compliant with cybersecurity laws. Compliance isn't just a matter of checking off boxes; it's a proactive way to keep customer trust, protect private data, and stay out of big fines. There is a lot of pressure on companies to keep their systems safe and follow the rules set by Data Privacy Regulations like GDPR, HIPAA, and CCPA. A new report says that violations cost companies $4 million on average per breach.

Happy New Year from Key Manager Plus! Though years may pass, one thing that never changes is our commitment towards providing hassle-free certificate life cycle management for every enterprise. To stay true to this goal, over the years, our team has constantly improved its offerings to match user requisites and market needs, and 2023 was no different, with updates that redefined the administrative experience and enhanced product security.

Businesses are currently witnessing improvements in cybersecurity capabilities, thanks to advancements in Artificial Intelligence (AI). However, the progress is accompanied by a parallel increase in the threat and sophistication of cyber-attacks, especially when the right event monitoring and threat detection tools are not utilized. Deloitte's latest research on security operations indicates that in 2023, 12.5% of businesses experienced more than one security event.

As organizations increasingly rely on external vendors and enterprise buying patterns continue to decentralize, the challenge of managing risk associated with third parties becomes critical. Unfortunately, even uncovering vendor relationships within an organization can be a struggle, with over 80% of workers admitting to using non-approved SaaS applications. This ‘Shadow IT’ is not only frustrating; it introduces tremendous risk.

AgentTesla is a Windows malware written in.NET, designed to steal sensitive information from the victim's system. It’s considered commodity malware given its accessibility and relatively low cost. Commodity malware poses a significant threat as it enables less sophisticated cybercriminals to conduct various types of cyberattacks without requiring extensive technical knowledge. AgentTesla has been a persistent and widespread threat since its emergence in 2014.

The European Union’s Digital Operational Resilience Act (DORA) is set to go into effect on January 17, 2025, and with it will come new information security and risk management requirements placed on EU financial service providers and their associated critical third-party technology entities.

Browser extensions are a classic shadow IT concern. Assessing the reputation and security of a browser extension is crucial before installing it on a company computer, as extensions often have wide-ranging permissions that could be abused for data theft or other malicious activities. In an open environment style company, extensions generate significant shadow IT risk that needs to be managed and addressed.