Attack Surface Assessment tools enable information security teams to look at their organizations “outside-in” from the attacker’s point of view, prioritizing the issues that attackers will see first.
The vendor risk management process is now an essential requirement of all cybersecurity programs. Without it, you're a sitting duck for supply chain attacks and third-party data breaches. In recognition of this, regulatory bodies are increasing their third-party risk compliance requirements and enforcing obedience by threatening heavy financial penalties for non-compliance.
Cyber insurance coverage? Through the roof these days. Also, coverage is not that easy to get. The many breaches and the dollar judgements handed down make cyber insurance another costly operating investment. A mid-sized client of mine, as an example, pays $1 million in annual cyber insurance costs just to do business with its commercial and government customers. The issue adds another twist to the topic of third-party risk.
While 1Password is usually there to autofill your passwords, sometimes you still have to manually type them in.
During the assessment of one of the financial applications built upon the flutter framework, we came across that the application was using PGP encryption for encrypting the API requests. It is pretty common for financial applications to be implementing traffic encryption, with AES seen to be the preferred algorithm for encrypting traffic. There is plenty of research already available on decrypting AES encrypted traffic.
A company can accumulate massive amounts of information that security analysts are not able to monitor instantly. This can mean that priority security alerts either go unnoticed or are considered a false alarm because the appropriate technology is not available, which results in organizations failing to take action in time.
