Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

What's the buzz about NIS 2?

The latest version of the Network and Information Security Directive (NIS 2) has severe implications for companies that provide services or carry out activities in the European Union (EU). NIS 2’s goal is to establish a higher level of security and cyber resilience for member EU states in 18 essential industry sectors. Violations can lead to substantial fines, legal liability and even criminal sanctions on an individual level.

Polyfill.io and Software Supply Chain Security: A Cautionary Tale

Over 100,000 websites using a popular JavaScript service (polyfill.io) are now victims of a web supply chain attack. A web supply chain attack is a cyberattack is a type of software supply chain attack that targets a third-party web software component to gain access to an organization’s systems or data. These attacks can be difficult to prevent because they can be hard to detect, take advantage of trust, and have long-lasting effects.

Recent Interview Reveals How Asklepios Kliniken GmbH Improves Risk Exposure with CyCognito

I recently sat down with Daniel Maier-Johnson, the Chief Information Security Officer (CISO), and Markus Diehm, Cybersecurity Analyst, with Asklepios Kliniken GmbH, Germany’s second-largest private healthcare provider, to hear about their experience using CyCognito to gain continuous monitoring, prioritize cyber risks, and safeguard patient information. Vital to any healthcare organization, is keeping patient data safe while complying with an ever-growing number of government regulations.

Stop Remediating Backward - Reactive Approaches Aren't a Long-Term Solution

Prioritization in vulnerability management is not just about fixing problems but fixing the right problems at the right time. Not all vulnerabilities have the same level of risk. But gathering details to understand vulnerability impact takes time, a huge challenge for already overworked staff. Many are forced to work backward, taking critical issues obtained from 3rd party sources like CISA KEV or a Reddit forum and then search for assets that it may apply to.

Web Application Security Testing: Struggles, Shortfalls and Solutions

High-value data, mission criticality, and sheer numbers make web applications a compelling target for cyberattacks. According to Verizon’s 2023 Data Breach Investigations Report, web applications were the most commonly exploited vector in both incidents and breaches last year.1 There’s another reason why web applications may be so attractive to threat actors. Most security teams simply cannot keep pace with demands for application updates and patching, testing, and vulnerability remediation.

The Biggest Security Nightmares from 2023 and How They Could Ruin Your 2024

It feels like the number of security issues affecting vital internet-exposed assets is never-ending. No one can predict the next big vulnerability. But exposure management techniques can help prepare your organization for a wide range of issues by identifying, validating, and mobilizing your response to emerging threats. These processes also include validating fixes and issues, a well-documented mobilization process, and automatic scanning for high value assets.

What CISOs Need to Know About the SEC's New Rules

Working as a Chief Information Security Officer (CISO) has never been easy or glamorous. But with the recent adoption of new rules by the U.S. Security and Exchange Commission on cybersecurity risk management, strategy, governance and incident disclosure, life as a CISO has just gotten harder. Adding to the longstanding organizational risk CISO’s have always managed, now they have to contend with personal risk as well.