Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Over time, cybercriminals find ways to exploit new cybersecurity breaches, leading to the creation of malware that compromises users' security. Every year, one or more malware variants stand out as new, evasive, or dangerous. According to our Internet Security Report (ISR), last year it was Glupteba.

Over the past two decades, data has become a critical asset for nearly every organisation. Consequently, a variety of regulations and industry standards now govern business operations. In today’s data-driven age, certification through security audits serves as a testament to an organisation’s adherence to industry standards, regulations, and security measures.

For security professionals and CISOs, reading about operational technology (OT) security risk feels like nothing new. We know a lot of OT is insecure by design. Despite advisory warnings and perceptions around operational security air gaps, industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) are being targeted more frequently via digital assets on the network. Vulnerabilities in OT systems are not brand new.

In March 2022, when the not-so-new-anymore SEC cybersecurity regulations were initially drafted, some argued that smaller reporting companies, defined by having a public float of less than $250 million or an annual revenue of less than $100 million, should be exempt, given the "outsized costs" they faced. Others proposed that these smaller organizations should have a longer disclosure deadline, helping to alleviate the chances of non-compliance.

At Tines, our mission is to power the world's most important workflows, and AI has recently become a huge part of that story. We currently have two AI-powered capabilities that enable teams to work faster, reduce barriers to entry, and spend more time on the fulfilling work that attracted them to their professions in the first place. But this is only possible because they trust that these features are private and secure by design.

The main difference between passkeys and 2FA is that passkeys completely remove the need for individuals to enter a password, whereas 2FA enhances the security of an account by requiring an additional method of authentication in addition to a traditional username and password. Continue reading to learn more about the differences and similarities between passkeys and 2FA, and which is more secure.

Mobile devices have made it possible for employees to work and communicate from just about anywhere. But that convenience comes at a price. The rise of mobile devices and the rise of mobile security threats have gone hand-in-hand. Mobile devices like phones, tablets, and ChromeOS devices present an incredible vector for phishing, social engineering, and malware distribution—and threat actors are keenly aware of that fact.

Responding rapidly to cyber threats is a make-or-break capability in today’s high-stakes security environment. A missed alert can quickly escalate a minor incident into a major crisis, jeopardizing your organization’s critical assets and hard-earned reputation. A recent IBM study revealed that companies took an average of 237 days to identify a data breach in 2021 — an inexcusable delay that could invite catastrophic consequences. (Source: IBM Cost of a Data Breach Report 2022)

The latest Salt Security State of API Security Report is out now, and we’re thrilled to give a little sneak peek of its contents. As we have done in previous years, the State of API Security Report is assembled from survey responses and empirical data from Salt customers. This report includes the special addition of the “in the wild” API vulnerability research, much like last year’s report did, to give deeper insight into API concerns in real-world situations.

October is rapidly approaching, and that means new cybersecurity regulations known as NIS2 are set to be enacted by European Union (EU) member states. States are required to publish their local version of the NIS2 Directive into law by the 17th of October. Whilst many countries are well on track, however, some have already acknowledged they will not meet the deadline. This delay leaves organisations somewhat in the dark as to what they will need to comply with and by when.