Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the last few years, boards have rushed to incorporate Cyber Risk into the Board’s overall risk management duty, without really knowing how effective those efforts have been. For the first time ever, Diligent and Bitsight have partnered to see just how well the effort at the board level is translating into reducing Cyber Risk for their company.

In today’s digital landscape, cybersecurity threats are evolving at an alarming rate. With the growing number of cyber-attacks and data breaches, businesses must prioritise their security measures to protect sensitive information and safeguard their reputation. Penetration testing is an essential component of this defence strategy.

We hear a lot about the cybersecurity skills gap, which the latest research puts at 3.4 million globally. There are lots of reasons why organizations find themselves dealing with a skills deficit — from an actual dearth of qualified talent to internal factors including turnover, lack of budget/competitive wages, limited opportunities for growth and promotion, and lack of training. One aspect that is within a company’s control, but is often unremarked, is unrealistic hiring practices.

Read how the latest addition to GitGuardian code security platform, automates vulnerability detection, prioritization, and remediation in software dependencies, directly impacting the health of your codebase.

You're browsing your inbox and spot an email that looks like it's from a brand you trust. Yet, something feels off. This might be a phishing attempt, a common tactic where cybercriminals impersonate reputable entities — we've written about the top 50 most impersonated brands used in phishing attacks. One factor that can be used to help evaluate the email's legitimacy is its Top-Level Domain (TLD) — the part of the email address that comes after the dot.

In February 2024, Lookout discovered an advanced phishing kit targeting the Federal Communications Commission (FCC), along with several cryptocurrency platforms. While most people think of email as the realm of phishing attacks, this threat actor — known as CryptoChameleon — used the phishing kit to build a carbon copies of single sign-on (SSO) pages, then used a combination of email, SMS, and voice phishing to target mobile device users.

Does your security team have dozens of tools to manage, all with disparate user experiences, data models, and capabilities? Unfortunately, this is the result of many traditional SIEM solutions that lack the ability to integrate all features. This creates a big challenge for your SOC because analysts have to ensure they’re using the right tool at the right time to detect attacks. But today, there’s a better option.

You are the CISO of a leading financial services firm serving a large number of clients with substantial assets. You process a massive volume of data every day, and much of it is sensitive: customer account information, social security numbers, and other PII.

In the intricate landscape of defense contracting, the Cybersecurity Maturity Model Certification (CMMC) has emerged as a beacon for fortifying the defense industrial base’s cybersecurity posture. Central to CMMC compliance is the critical process of scoping – a systematic approach to identifying systems and assets subject to assessments. Let’s delve into the essence of scoping, emphasizing its significance, and understanding how it evolves through different CMMC levels.

The European Union (EU) Artificial Intelligence Act is a key landmark legislation that represents one of the first laws to go into effect regarding the application and use of artificial intelligence (AI) technology. This historic regulatory framework was created to govern the use, development, and deployment of AI systems within the EU and establish an operational cyber framework for businesses.