Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Smart homes, connected cars, and smart watches: these are examples of consumer-focused devices in the Internet of Things (IoT). But the Internet of Things extends beyond consumer use as new technologies are implemented in industrial settings and critical infrastructure. With the continuing development of the Internet of Things come new attack surfaces and cybersecurity risk directly related to the IoT.

Finding savings and efficiencies is part of an IT leader’s role. But sacrificing security for the sake of convenience is almost always asking for trouble later down the line. There are IT security shortcuts that might be well-intentioned and seem sensible at the time, that could have serious and unintended negative consequences. We’ll run through nine common IT security shortcuts that can end up costing organizations millions.

Businesses are facing threats every day, ranging from natural disasters to cyberattacks. When it comes to ensuring your business is protected, two critical concepts play a pivotal role in ensuring an organization’s resilience: disaster recovery (DR) and high availability (HA). While both are integral components of a robust business continuity strategy, they serve distinct purposes and are two sides of the resilience coin.

Scammers are using AI technology to assist in voice phishing (vishing) campaigns, the Better Business Bureau (BBB) warns. Generative AI tools can now be used to create convincing imitations of people’s voices based on very small audio samples. “At work, you get a voicemail from your boss,” the BBB says. “They instruct you to wire thousands of dollars to a vendor for a rush project. The request is out of the blue. But it’s the boss’s orders, so you make the transfer.

Data trends show a clear upward momentum of posts from initial access brokers on the dark web, putting the spotlight on what may become cybersecurity’s greatest challenge. Any organization that has made cybersecurity a priority is laser focused on putting preventative measures, multiple means of detection, and a response plan in place.

Did you know that 41% of breaches involve email? For threat actors, cloud email systems like Gmail and Microsoft Exchange are treasure troves for valuable internal information like PII, PCI, PHI, secrets, and credentials. In order to limit the blast radius of privilege escalation attacks, and to remain in compliance with standards like HIPAA, it’s essential for enterprises to protect thousands of emails per day.

This blog is part of a series about how to use Vanta and AWS to simplify your organization’s cloud security. To learn more about how to use Vanta and AWS, watch our Coffee and Compliance on-demand webinar. ‍ Amazon Web Services, or AWS, is one of the most popular cloud providers for organizations today — providing one of the most flexible and secure cloud environments available.

The attacks are ongoing as of this writing. Here are a few screenshots of data and some insight. I’ll make sure to keep it brief since you have seen this news in various outlets.

In the dynamic landscape of cloud-native cybersecurity, image scanning has become essential to ensuring the safety and integrity of cloud workloads and digital assets. Historically, image scanners focus on finding vulnerabilities (CVEs) that may be the cause of exploits in Kubernetes workloads. However, there’s a significant gap that often goes unnoticed. This gap is the lack of comprehensive scanning for malware, viruses, crypto miners, and other malicious threats.

After a year of cyber attacks making headlines worldwide, many organizations, such as MGM Resorts, Clorox, and T-Mobile, have taken a reputational hit similar to SolarWinds. Sysdig’s 2024 Cloud-Native Security and Usage Report provided some informative key takeaways that CISOs can hone in on to improve their security posture. As a CISO, you do not want to catch your organization on that list; mitigating reputational risk is a part of your job.