As 2023 Cybersecurity Awareness Month continues, let's look at a couple of the areas the Cybersecurity and Infrastructure Security Agency (CISA) and National Cybersecurity Alliance (NCSA) are focusing on this year.

In a recent blog, we covered the basics of breach and attack simulation (BAS) and MITRE ATT&CK, including the challenges security teams often face when attempting to utilize the ATT&CK framework and how BAS can help. Now, it’s time to get more specific. In this installment of our latest series, we’ll discuss the ways organizations typically leverage BAS and MITRE ATT&CK for threat-informed defense.

TL;DR This vulnerability appears to be less severe than initially anticipated. Cato customers and infrastructure are secure. Last week the original author and long-time lead developer of cURL Daniel Stenberg published a “teaser” for a HIGH severity vulnerability in the ubiquitous libcurl development library and the curl command-line utility. A week of anticipation, multiple heinous crimes against humanity and a declaration of war later, the vulnerability was disclosed publicly.

Cyberthreats and ransomware attacks can be crippling for public sector organizations. The cost of ransomware attacks in government often runs into the millions of dollars, which mostly stems from downtime and recovery (or in some cases, paying the ransom). A Sophos’ 2023 “State of Ransomware” report noted that in 2023 the K-12 education sector has seen the highest ransomware attack rate of any industry, with 80% of schools reporting a ransomware attack.

In an increasingly connected digital landscape, the security of your organization’s data and publicly facing assets is more critical than ever. According to the CrowdStrike 2023 Threat Hunting Report, more than 20% of all interactive intrusions are associated with the exploitation of public-facing applications. As an organization’s attack surface expands and cyberthreats proliferate, it is imperative IT and security teams take a proactive approach to safeguarding their digital footprint.

The healthcare industry has rapidly embraced digital technologies to enhance patient care, streamline operations, and improve communication. However, this digital transformation brings with it a significant challenge: protecting patient data. One often overlooked risk comes from tracking pixels, which can lead to (accidental) data leakage and privacy breaches.

We’re thrilled to announce that Tines has been named HashiCorp’s 2023 Emerging Partner of the Year. The award is especially significant, as it marks the success of our partnership with HashiCorp within its very first year. Tines was recognized for our smart, secure workflow builder, which allows frontline teams to work more efficiently and effectively by incorporating HashiCorp Terraform and Vault across their automations.

The world around us is often a reflection of who we are and what we value. The same can be said for businesses. It’s no longer enough to be resilient, trustworthy, and secure your own organization; the companies you do business with need to meet these same standards.

A vendor risk report provides stakeholders with a snapshot of your Vendor Risk Management (VRM) performance. With concerns over the threat of supply chain attacks growing, cybersecurity reporting is evolving towards an increased focus on Vendor Risk Management program performance. Board members and senior management want to know how effectively your VRM initiatives are identifying and addressing vendor-related security risks.

A cybersecurity report shouldn’t be feared. Instead, it should be regarded as an opportunity to demonstrate the effectiveness of your cybersecurity program, and while management is brimming with delight over your efforts, maybe also a chance to sneak in a request for that cyber budget increase.