Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Securities and Exchange Commission (SEC) adopted new rules last week that require companies listed on the US Stock Exchange to disclose any material cybersecurity incidents. In addition to reporting incidents, companies are also required to describe their approach to cybersecurity risk management, strategy, and governance on an annual basis.

With the SEC's adoption of new rules on cybersecurity risk management, strategy, governance, and incident disclosure by public companies, one thing is clear: better definitions are required.

Michigan State University is a large school located in East Lansing, Michigan. This public university has more than 49,000 students per semester and is set over a location spread across 5,300 acres. The university caters to hundreds of thousands of students over time, many of whom may have been exposed due to a recent data breach. The breach wasn't on the university itself, but it likely impacted many of the students attending Michigan State.

Velero is the most popular tool for backing up and restoring Kubernetes cluster resources and persistent volumes. However, there may be situations where you need to restore Velero backup data without using Velero itself. For example, if Velero is not installed and configured correctly, or if more fine-grained restore control is required. In this post, we will explore how to do this when either Restic or Kopia was used by Velero to store the persistent volume (PV) data.

It’s hard to imagine that there are upwards of 100 billion devices connected to each other today. Many of these devices are terrestrial; however, more and more devices are being brought online across the sky, sea, and space. As complexity grows, we need to ensure we have the right level of automation in place to keep everything running smoothly. One of my first goals at Forward Networks was to echo what we are already doing publicly – building a secure product in a secure environment.

As promised, we wanted to dedicate a blog to detections and findings from the network operations center (NOC) at Black Hat Asia 2023 as a follow up to our Lessons Learned blog. Some of these discoveries may not surprise the seasoned analyst or senior threat hunter – but will hopefully provide a little entertainment, because the more things change, the more they stay the same.

In 2022, the finance industry suffered the second-highest number of data breaches. Besides implementing an attack surface management solution, the finance sector must also ensure its remediation product can quickly and efficiently address cybersecurity risks. If you’re in the market for a cyber risk remediation product, this post outlines the key features to look for to maximize the ROI of your new IT security tool. Learn how UpGuard protects financial services from data breaches >

Cyber risk remediation, the process of actively identifying, remediating, and mitigating cybersecurity risks, is particularly critical for the technology industry. With its characteristic enthusiasm towards adopting the latest trends in innovation, without a cyber threat remediation product, tech companies are unknowingly increasing their risk to a swatch of data breach risks.

When you rely on a tool to support you in an intense situation, you probably want reassurance that it got tested for extreme conditions. For example, if you’re about to go skydiving, you'd want to know that the parachute strapped to your back underwent rigorous testing and will perform it's needed most. The same is true with the systems supporting our security initiatives. What happens when those systems are under high pressure in an emergency?

In this episode of The Future of Security Operations podcast, Thomas speaks to Jeff Moss, Senior Director, Information Security, at Incode Technologies. Incode is the leading provider of world-class identity solutions for the world’s largest financial institutions, governments, retailers, hospitality organizations, and gaming establishments.