Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This is the third part of a three-blog series on startup security. Please have a look at part one and part two. New companies often struggle with the question of when to start investing in information security. A commonly heard security mantra is that security should be involved since the very beginning and at every step along the way. While this is obviously true, it is quite detached from reality and provides little practical guidance.

We talk extensively about the impact of inbound cybersecurity attacks and the devastation they can cause, but what about outbound data loss? According to an IBM study, human error is the leading cause of 95% of cybersecurity breaches. That means 19 in 20 breaches could be avoided entirely if not for a person introducing risk either through human error, deliberately breaking security protocol, or malicious behavior.

Kroll has observed an increase in two social engineering tactics known as “vishing” and “smishing.” These tactics use phone calls, voice altering software, text messages and other tools to try to defraud unsuspecting people of valuable personal information such as passwords and bank account details for financial gain. These types of attacks use similar techniques to the common infection vector, phishing.

Security transformation doesn’t succeed without network transformation. The two go hand-in-hand when it comes to building the secure access service edge (SASE) architecture of the future, and if security degrades the network experience, or the network experience bypasses security, each of those trade-offs introduces more risk to the enterprise—it doesn’t have to be that way.

Over the past few years, the awareness of privacy and personal security has taken a significant step forward. Typical users have now adopted far more suspicious practices when utilizing multiple PC or mobile device applications. This is a direct result of the constant attempts of cybercriminals to launch malicious campaigns aimed at gaining access to both credentials and internal systems.

As software companies grow, they start to see exponential growth in resources needed to support the business. A startup can quickly go from a few servers and a handful of databases to a sea of Kubernetes clusters. Managing access to all of these resources comes with a myriad of problems. One problem at scale is deciding who can access what resources and how to provide relevant access to those resources on-demand.

On June 8, an explosion took place at Freeport LNG’s liquefied natural gas (LNG) export facility in Quintana, Texas. The company later explained that the explosion resulted from a rupture in an over-pressurized pipeline, but did not comment as to how the pressure built up enough to cause such a rupture. In the wake of the explosion, Freeport reported that the outage resulting from it would persist until September, after which the facility would only resume partial operations.

The cybersecurity industry can be one of the most demanding industries to work in. Employees are constantly under pressure to stay ahead of the latest threats. As a result, security professionals often operate in a state of high alert, which can take a toll on their physical and mental health. In addition, the industry is notoriously competitive, which can lead to employee burnout. There has been much talk about the ongoing ‘Great Resignation’ and what prompted it.

Gartner defines Extended Detection and Response (XDR) as “a SaaS-based, vendor-specific, security threat detection and incident response tool that natively integrates multiple security products into a cohesive security operations system that unifies all licensed components”. Simply put, the main component of XDR is the ability to correlate data across multiple security systems and tools for better detection and response.

When using DNS in the Cloud, security cannot be forgotten. This article is for cloud architects and security practitioners who would like to learn more about deployment options to DNS security and security best practices for DNS in the Cloud. You will learn DNS best practices for DNS security, and see the advantages of a cloud approach for DNS. The three main requirements for DNS are: In this article, we begin with DNS basics, then move on to the topic of DNS in the Cloud.