Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

Vendor Risk Management Best Practices

Vendor risk management is hard. And it's getting harder. But it doesn't have to be. Business units are outsourcing more of their operations to third-party suppliers. In turn, these suppliers outsource to their own service providers. It's undeniable, the average organization's exposure to third-party risk and fourth-party risk has never been higher.

Navigating ICS Security: Best Practices for ICS Decision-Makers

As a security consultant, I’m not going into an environment to design and build an organization’s network from the ground up in most situations. For the majority of the time, I’m working with legacy environments where some old technologies might be phasing out and newer ones joining the mix of solutions.

How Egnyte Uses AWS to Create An Innovative Approach to Storage, Collaboration, Security and Compliance

The life sciences industry is undergoing major transitions. Pharma, biotech, and medical device companies generate more data than ever and require higher processing power for clinical trials, gene sequencing and more. Many life sciences organizations are transitioning legacy technology stacks to the cloud, which promises the ability to accelerate processes, mobile collaboration, and strong security. To further complicate matters, there is increasing pressure to maintain regulatory compliance.

What is the SHIELD Act?

The New York Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) or Senate Bill 5575, was enacted on July 25, 2019 as an amendment to the New York State Information Security Breach and Notification Act. The law goes into effect on March 21, 2020. The motivation behind the SHIELD Act is to update New York's data breach notification law to keep pace with current technology.

The Importance of Third-Party Vendor Risk Management for the Banking Industry

Today’s banks and financial institutions closely cooperate with various third-party vendors. While such cooperation brings a lot of benefits, it also raises some significant concerns regarding the security of the data and resources these vendors have access to. In fact, according to Verizon’s 2019 Data Breach Investigations Report, the financial sector is among the most targeted, accounting for about 10% of all data breaches across all industries in 2018.

The Outcomes of SIEM and SOAR in 2019 (Part 1)

Like the previous years, 2019 also witnessed the surge in data breaches and cyber-attacks. However, organizations having SIEM or/and SOAR system in place were better than those using traditional security tools. The cyber-attacks in 2019 were mostly related to financial crimes, supply chain attacks, phishing exploits, state-sponsored attacks, Grid attacks, health sector attacks, and attacks on IoT devices. Cybersecurity skills shortage was also one of the major concerns in 2019.

CVE-2020-0601 - How to operationalize the handling of vulnerabilities in your SOC

Software vulnerabilities are part of our lives in a digitalized world. If anything is certain, it’s that we will continue to see vulnerabilities in software code! Recently the CVE-2020-0601 vulnerability, also known as CurveBall or “Windows CryptoAPI Spoofing Vulnerability”, was discovered, reported by the NSA and made headlines. The NSA even shared a Cybersecurity Advisory on the topic. Anthony previously talked about it from a public sector and Vulnerability Scanner angle.