Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

For many CTOs, the most significant risk isn’t a lack of controls, it’s misplaced confidence. Gartner estimates that by 2025, 99% of cloud security failures will be the customer’s fault. And often, the failure begins with a false assumption: “Our cloud provider is handling PCI.” But PCI DSS doesn’t work that way. It’s a shared responsibility model, and the line between provider and customer isn’t always clear.

RSAC 2025 delivered an unforgettable week of cybersecurity insights and innovations. As the industry gathered to tackle the latest threats, one challenge loomed: the security risks posed by unfederated identities, unmanaged devices, applications, and AI-powered tools accessing company data without proper governance controls.

While security professionals know well that a defense-in-depth strategy is crucial to proper cybersecurity, sometimes a detailed story of how a threat was discovered and eradicated can bring the value home, especially to the uninitiated. This is one such story. In this case, the story relates to the value of employing a cybersecurity threat hunting service alongside a managed detection and response offering.

In today's hyper-connected world, cybersecurity is no longer an IT behind-the-scenes issue—it's a business imperative. With remote work being the new standard, the rollout of smart technologies speeding up, and cybercriminals employing AI, the threat landscape is evolving faster than ever in history. Firewalls and traditional antivirus tools are no longer sufficient for organizations to rely on. The future demands smarter, proactive, and highly integrated solutions to cybersecurity.

Email Threats Continue to Hit Businesses Where It Hurts Most The cyber threat landscape in 2024 saw a continued rise in email-based attacks, with businesses facing increasingly sophisticated forms of business email compromise (BEC) and fund transfer fraud (FTF). These threats aren’t just technical — they hit organizations financially, emotionally, and operationally.

It’s all over the news: GenAI will fuel a rise in scams and fraud. That’s a big claim, so let’s unpack what it means through the lens of one threat vector in particular: phishing.

RSAC 2025 revealed that AI agents are reshaping trust and identity. Learn what top CISOs are doing about it and how the conversation about NHI governance is evolving.

Just because you’re using a passkey doesn’t mean your password is gone. Microsoft is going passwordless in a new big push. As part of that new initiative, they are strongly pushing FIDO passkeys. I am a big fan of FIDO passkeys and FIDO in general. FIDO authentication offerings, including passkeys, are phishing-resistant, which makes them a HUGE improvement over passwords and most other multi-factor authentication products.

It’s hard to assume that most Jira admins are careless. They’re often overwhelmed. Jira isn’t just a project tracker. It’s not rare when, after some time, it becomes a labyrinth of configuration panels, permission schemes, and hidden behaviors that Atlassian sometimes changes – without notice. It’s no surprise that Jira in such a shape is also an easier target for potential attackers.

Imagine your organization’s cybersecurity as a garden. Achieving maturity isn’t a final milestone ‒ it’s about cultivating a thriving ecosystem. It’s when you’re not just reacting to weeds (ahem, threats), but proactively tending to the health of your infrastructure. It’s not about chasing alerts ‒ it’s about growing with confidence because you know your roots are strong, your systems are resilient, and your people are engaged.