In recent years, the cybersecurity landscape has evolved dramatically, with more advanced threats and operational challenges for organizations. Many vendors offer security platforms that address these changes and streamline security management. This post explores vital capabilities managed service providers (MSPs) should prioritize when assessing such platforms and explains some shortcomings observed in other security platforms.

It's that time of year again when the security delegates from Tech Field Day descend on Silicon Valley (well, in this case, descend virtually on Silicon Valley) to hear about the cool new things vendors are doing in the security space. This year, I was fortunate to be one of the presenters at XFD10 along with my partner in crime, Matt Honea, Head of Security and Compliance at Forward Networks.

In today's digital landscape, organizations face increasingly sophisticated cyber threats that can compromise sensitive data, disrupt operations, and tarnish their reputation. To mitigate these risks, regulatory frameworks have been developed to ensure robust cybersecurity practices.

In the current cyber threat landscape, where online security is paramount, the threat of session cookie replay attacks looms large. These attacks sidestep the conventional need for credentials and aim to hijack your online sessions, potentially compromising sensitive data and taking over user accounts. This blog post delves into the intricacies of session cookie replay attacks, shedding light on what they are, how they work, and the potential consequences they can unleash.

The massive uptick in QR Code phishing is an indicator that scammers are seeing success in taking victims from the initial attack medium to one under the attacker’s control. It’s usually bad when we compare one month or quarter to another and see an increase. But when it’s a single month compared to more than half a year, you know it’s REALLY bad. And that’s what we find in security vendor ReliaQuest’s latest blog covering how Quishing is being used.

Social engineering remains one of the top attack vectors that cybercriminals use to execute malicious acts. KnowBe4’s security awareness training and simulated phishing platform allows workforces to make smarter decisions, strengthen an organization’s security culture and human risk by protecting their organization from phishing, social engineering and ransomware.

Software development at the speed of business is a constant balance of tradeoffs, and managing the risk of open-source software is one of the most emerging prominent examples. This is driven home by high-profile supply chain attacks such as the ones on SolarWinds, Log4J, and MoveIt. Each of these examples represents a different type of abuse, including.

Cybersecurity readiness is the ability to identify, prevent, and respond to cyber threats. Yet despite the daily headlines and warnings, organizations struggle to achieve cybersecurity readiness. Just look at the statistics: 78% of senior IT and security leaders lack confidence in their company’s security posture. And, despite increased investments in cybersecurity controls, nearly 80% believe their organization lacks sufficient cybersecurity protections.

The different types of ransomware include crypto ransomware, locker ransomware, scareware, leakware and Ransomware-as-a-Service (RaaS). Ransomware is a type of malware, also known as malicious software, that prevents victims from accessing the data stored on their devices until they’ve paid a cybercriminal a certain amount of money, commonly referred to as a ransom.

The Monetary Authority of Singapore (MAS) is Singapore's central bank and financial regulatory authority. Along with regulating monetary policies, banking, and currency issuance, MAS sets standards for financial institutions' operational practices. MAS’ third-party risk management guidelines provide structure for financial institutions to ensure resilience against third-party outsourcing arrangements risks, including supply chain vulnerabilities and information security.