“Shifting Left” has long been thought of as a silver bullet of sorts for security. Conducting security testing earlier in the development cycle to catch vulnerabilities in staging rather than production environments is certainly worthwhile and can significantly lower an organization’s risk profile.
IT environments in businesses are often volatile. The value of hardware might depreciate over time. There is constant evolution in the world of software. Existing configurations go through a variety of transitions. While some of these updates are permitted since they are part of the organization's regular patching cycle, others raise red flags because they appear out of nowhere.
In the business world, compliance means making sure that companies of all sizes are meeting the standards set by regulatory or oversight groups in various laws and standards, such as HIPAA, PCI DSS, SOX, and GDPR. Sometimes, an organization will self-impose its compliance by adhering to guidance and frameworks from organizations such as NIST, ISACA, ISO, and other advisory bodies.
Ransomware attacks are on the rise. Many organizations have fallen victim to ransomware attacks. While there are different forms of ransomware, it typically involves the attacker breaching an organization’s network, encrypting a large amount of the organization’s files, which usually contain sensitive information, exfiltrating the encrypted files, and demanding a ransom.
This week it was revealed that a huge credential stuffing attack had cost sports betting organization DraftKings $300,000. More specifically, cyber-crooks had used credential stuffing to gain access to many DraftKings customer accounts via a large-scale account takeover (ATO) attack and withdrawn funds. DraftKings has subsequently reimbursed the affected accounts, leaving the business out of pocket rather than its customers.
Enterprise email encryption is a must-have security tool for anyone who wants to safeguard data that’s in transit. The truth is, there are numerous types and technologies available to help you with this, but what you need for your business ultimately depends on how seriously you want to take the protection of your own, and your clients’ or customers’ data.
After reviewing the NCSC Annual Review for 2022, we discuss our 5 key takeaways and give our thoughts on the topic.
The need for cybersecurity in small and midsize businesses (SMBs) has never been more crucial. Any organization can suffer catastrophic effects from cyberattacks, but small businesses are particularly vulnerable. Unprepared small firms may experience tremendous financial consequences as well as damage to their reputation, productivity, staff morale and much more when a cyberattack occurs. When establishing cybersecurity processes and strategies, it is crucial to understand the risks.
Believe it or not, the Financial Services industry has one of the slowest vulnerability remediation rates, with a median of 426 days. “Financial regulators can no longer rely on static, point-in-time assessments to understand the cybersecurity risks posed to the financial system,” said Sachin Bansal, SecurityScorecard’s Chief Business and Legal Officer, in a recent BusinessWire article. “Continuous monitoring tools must be a part of every regulator's toolbox.”
In software testing, negative testing refers to the practice of feeding a system with unexpected or invalid inputs. Given an input field that accepts numeric values from 0-100, positive tests would assess if the application does what it's supposed to do, given input values such as "1", "2" or "99".
