From compliance with more rigorous cybersecurity regulations to navigating the shifting complexities of cyber liability insurance, CISOs and other cybersecurity leaders are gaining a growing number of non-technical responsibilities.

The holiday season brings a shift in how people and businesses operate: Some companies may partially shut down, leaving only a skeleton crew to manage their IT environments, while others head into their busiest time of year. This seasonal change in staffing and business operations, combined with the general holiday distraction, often creates risk and makes organizations more vulnerable to cybercrime.

Read also: Darkode admin gets an 18-month prison sentence, US authorities dismantle the IPStorm botnet, and more.

Validating the security of your organization’s sensitive information at a single point in time with an annual risk assessment can be helpful, but what about the other 364 days of the year? If you have a cloud application and hope to sell your services to federal agencies, point-in-time assessments won’t be enough.

Man Bites Dog: In an unusual twist in cybercrime, the ransomware group BlackCat/ALPHV is manipulating the SEC's new 4-day rule on cyber incident reporting to increase pressure on their victims. This latest maneuver highlights a sophisticated understanding of regulatory impacts in ransomware strategies.

This blog post series offers a gentle introduction to Rego, the policy language from the creators of the Open Policy Agent (OPA) engine. If you’re a beginner and want to get started with writing Rego policy as code, you’re in the right place. In this three-part series, we’ll go over the following: As a reminder, Rego is a declarative query language from the makers of the Open Policy Agent (OPA) framework.

Organizations are transitioning into the cloud at warp speed, but cloud security tooling and training is lagging behind for the already stretched security teams. In an effort to bridge the gap from endpoint to cloud, teams are sometimes repurposing their traditional endpoint detection and response (EDR) and extended detection and response (“XDR) on their servers in a “good enough” approach.

In the age of cloud computing, where more and more virtual hosts and servers are running some flavor of Linux distribution, attackers are continuously finding innovative ways to infiltrate cloud systems and exploit potential vulnerabilities. In fact, 91% of all malware infections were on Linux endpoints, according to a 2023 study by Elastic Security Labs.

A data breach can wreak havoc on an organization and can also have long-term consequences for those who have their personal information exposed. In this article, we'll outline the biggest cybersecurity data breaches in history, as well as a rundown of some of the more recent notable cybersecurity breaches. Data is the new currency, and cybersecurity breaches are a major threat to individuals and businesses.

The basis of Zero Trust is defining granular controls and authorization policies per application, user, and device. Having a system with a sufficient level of granularity to do this is crucial to meet both regulatory and security requirements.