Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Water and wastewater treatment may not be at the top of most people’s list of discussion topics, but the more you think about it, the more clear it becomes that this particular subsegment of the utilities market is a vital part of our critical infrastructure. We rely on the ability to turn on the tap and get clean, safe water every day. And we’ve seen what havoc losing that ability can wreak from the crisis in Flint, MI.

The healthcare industry faces a plethora of serious cybersecurity risks. Indeed, 2021 saw a record number of major health data breaches in the U.S. — the breach notification portal of the U.S. Department of Health and Human Services lists at least 713 incidents affecting 45.7 million individuals. The Healthcare Insurance Portability and Accountability Act (HIPAA) is designed to help healthcare organizations reduce risks to the security and privacy of electronic personal health information (ePHI).

Aside from executing physical attacks on servers, hardware or people, there are three main access points where criminals can break into systems: web, mobile and API. In this post, we’ll focus on mobile security, an area increasingly being exploited due to a sharp rise in mobile device use over the course of the pandemic.

SOC Analysts manage and monitor a range of detection technologies to identify, investigate and respond to threats, 24/7/365. But what does the role of a SOC Analyst actually involve day-to-day, what are the rewards and challenges of the job, and how do people get into it as a career? To find out more, we spoke with SOC Shift Lead, Anthony Howell.

As mentioned in our previous blog post about threat hunting, there is significant interest in it. In fact, according to Pulse, 32% of IT leaders say that their organizations plan to reinforce their endpoint security posture by adding a threat hunting program to their overall security strategy. And it is not surprising since it is a potent tool to defend your customer. Here we have some of the key benefits that hunting brings to your value-added services.

Last week, a critical vulnerability identified as CVE-2022-0185 was disclosed, affecting Linux kernel versions 5.1 to 5.16.1. The security vulnerability is an integer underflow in the Filesystem Context module that allows a local attacker to run arbitrary code in the context of the kernel, thus leading to privilege escalation, container environment escape, or denial of service.

Tsippi Dach explores some notable breaches caused by mis configuration s and how organizations can avoid becoming the next big headline.

According to Microsoft, Zero Trust is now ‘the top security priority’ for 96% of the interviewed security decision makers, while 76% were currently in the process of implementation. 90% of those interviewed stated that they were ‘familiar’ with Zero Trust and able to pass a knowledge test. The nature of this test and the appropriate right answers weren’t provided.

As cyber threats continue to evolve, investing in generic services and off-the-shelf products leaves organisations exposed by failing to deliver the specific outcomes they need. Repeating these investments each year means that the level of security never truly improves, as attackers effectively invest more than the defenders.

Since organizations around the globe began investing more aggressively in their digital transformation by migrating and modernizing applications within the cloud, the value of audit logging has shifted. It has expanded from industries like finance and healthcare to nearly any company with a digital strategy.