In the world of security, authentication, and authorization methodologies are foundational aspects of defense. Authentication techniques protect against unlawful entry to systems through the verification of a user, and authorization either grants or denies the verified user’s access level.

Identity governance, also known as access governance, is an integral part of any enterprise data protection and compliance framework. Seamless and timely access to required systems or resources can significantly increase employees’ productivity and performance. However, excessive privileges or unmonitored user access can often lead to internal and external cybersecurity threats, such as insider attacks, data breaches, and unauthorized access.

Researchers investigating a newly-discovered botnet have admitted that they "accidentally" broke it. In November, security experts at Akamai described a Golang-based botnet that they had discovered, hijacking PCs via SSH and weak credentials in order to launch distributed denial-of-service (DDoS) attacks and mine cryptocurrency.

As the industrial sectors become more cyber-aware, OT visibility has become an important force towards protecting critical infrastructure. Yet, as OT Security progresses, the expansion of Industrial Internet of Things (IIoT) adds new challenges to maintaining pace with OT visibility. What once was a Whack-a-Mole game between security and its adversaries, now seems to be the same game between security and IIoT hyper-connectivity.

Zero trust is a security approach which replaces the traditional network edge. Since network resources can be anywhere – on-premises, in the cloud, or a hybrid of both – zero trust is built towards an identity-centric approach. This places people and resources at the heart of the security architecture.

Many people remember where they were during historic events. Whether it is a personal, or a public occurrence, it’s just human nature to remember these significant moments. Every profession also has its share of memorable events. In medicine, those who were in the profession will remember where they were when they heard about the first heart transplant or the discovery of a cure for a particular disease. In cybersecurity, there are similar events that stick in the mind.

The healthcare industry has been a favored target for cybercriminals for many years. In the first half of 2022 alone, 324 attacks against healthcare organizations have been reported. Attackers have primarily focused on large hospitals in years past, but there has been a sudden switch to smaller healthcare companies and specialty clinics. There seems to be a clear trend in attacks against the healthcare industry, and that trend includes targeting smaller healthcare companies and clinics.

As the years go by, technology continues to evolve, and as we rely more and more on smart devices and the online space, there becomes greater risks of cyberattacks. If you work as a cybersecurity professional, then you are fighting the good fight, but it isn’t always easy. The job is unpredictable, and it requires odd hours and constant vigilance.

Have you ever had to set up your Gmail account on a secondary device, such as your tablet, and when you tried to login, verification prompts were sent to your original device to confirm that the login attempt was done by you? You confirmed the login, and that ended it. That is exactly what happened to an Uber employee whose account was compromised.

UK police are texting 70,000 people who they believe have fallen victim to a worldwide scam that saw fraudsters steal at least £50 million from bank accounts. 200,000 people in the UK, including the elderly and disabled, are thought to have been targeted by conmen who masqueraded as highstreet banks.