Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The need for cybersecurity in small and midsize businesses (SMBs) has never been more crucial. Any organization can suffer catastrophic effects from cyberattacks, but small businesses are particularly vulnerable. Unprepared small firms may experience tremendous financial consequences as well as damage to their reputation, productivity, staff morale and much more when a cyberattack occurs. When establishing cybersecurity processes and strategies, it is crucial to understand the risks.

Believe it or not, the Financial Services industry has one of the slowest vulnerability remediation rates, with a median of 426 days. “Financial regulators can no longer rely on static, point-in-time assessments to understand the cybersecurity risks posed to the financial system,” said Sachin Bansal, SecurityScorecard’s Chief Business and Legal Officer, in a recent BusinessWire article. “Continuous monitoring tools must be a part of every regulator's toolbox.”

In software testing, negative testing refers to the practice of feeding a system with unexpected or invalid inputs. Given an input field that accepts numeric values from 0-100, positive tests would assess if the application does what it's supposed to do, given input values such as "1", "2" or "99".

The trends shaping the industry, and the challenges impacting implementation Meeting compliance requirements is essential to building a successful and trustworthy security program. However, it’s an area of cybersecurity too often overlooked, as it’s hardly the most glamorous field in the industry.

My colleague, 1Password Senior Security Specialist (and all round stand-up guy) Chris Butler, and I recently chatted about a trend that’s emerged over the past few years: attempts to capitalize on cybersecurity incidents through self-promotion.

Personal data remains attractive for malicious actors and cybercriminals. As they evolve their methods for stealing and compromising such data, implementing sufficient data protection measures is especially vital for any organization. In some industries, protecting personal data is a must to comply with privacy laws and regulations. But even if your organization is not subject to a particular data privacy requirement, it’s highly recommended to secure the data of your customers and employees.

Supply Chain attacks are not new, but this past year they received much more attention due to high profile vulnerabilities in popular dependencies. Generally, the focus has been on the dependency attack vector. This is when source code of a dependency or product is modified by a malicious actor in order to compromise anyone who uses it in their own software.

Cyber threats are a big deal in today’s society. It seems like every other day, there is a new scam or cyber attack that is making the rounds. In this blog post, we will take a look at some of the biggest threats and scams that you need to be aware of. We will also discuss how to protect yourself from these attacks.

Pro-Russian threat actor group Killnet claims to have launched DDoS attacks against Starlink and the United States’ government website whitehouse.gov. Starlink is a satellite internet service company operated by SpaceX. In 2019, SpaceX began launching Starlink satellites, and as of September 2022 is reported to have launched more than 3,000 satellites into low-Earth orbit (LEO).

Environments like GitHub present data exposure risk in the form of secrets leakage and sensitive PII leaking from repositories. Read this online guide, for free, to learn about the problem of secrets exposure and leakage in GitHub, as well as how to easily implement secrets detection and scanning to prevent this risk.