As a CISO, securing web applications and ensuring their resilience against evolving cyber threats is a non-negotiable priority. Verizon’s Data Breach Investigations Report 2023 cites web applications as the top attack vector by a long shot (in both breaches and incidents). Here’s a simplified checklist for securing web applications that will help you improve your organization’s security posture and the integrity of your technology.
A new report sheds light on whether CISOs have been the victim of a cyber attacks, if they're every paid a ransom, their greatest cyber concerns, and much more. While most of the reports I cover on this blog are typically surveys of those "in the trenches," we do like to cover analysis of c-suite perspectives. The CISO Report from Splunk provides some interesting insight into experienced cyber attacks and their impact.
To secure our world, Cybersecurity Awareness Month encourages four steps that make it easy to stay safe online. As a CISO, my team and I advocate for these practices constantly within our organization. If you are a security practitioner looking to bolster cybersecurity awareness, here’s a brief look at how we explain these steps to help make staying safe online easier. Before we dive in, making cybersecurity practices relatable and clear is key to the adoption at any organization.
Last week, our good friend Raj Umadas, Director of Security at ActBlue, teamed up with our very own Tim Erlin, Head of Product, to talk about the newly proposed NIST Cybersecurity Framework (CSF). It was a fantastic discussion covering the intent behind this update, the major changes from v1.1 to v2.0, and how it applies to API security. Raj and Tim really dug deep into a lot of issues, and answered a lot of questions from the audience.
According to the Cyber Security Skills in the UK Labour Market 2023 report released by the UK government, 50% of UK businesses face a fundamental cyber security skills gap, while 33% grapple with an advanced skills gap. This is just one of the challenges that the Chief Information Security Officer (CISO) must face. While these figures remain similar to 2022 and 2021, it's evident that there's still work to be done to bridge the expertise divide.
Trust is hard to earn but necessary for any successful relationship. As organizations build the systems to support Zero Trust, they find themselves balancing security and functionality across their operations. Incident Response and Network Operations in particular can be full of traumatic experiences, and as we sink into those moments the typical responses are freeze, flight, or fight.
As competition ramps up in the financial services sector, agile and efficient application development is critical to delivering the seamless digital experiences today’s customers want. Chances are, if you’re not already moving applications to cloud and containers, you’re considering it. But cloud-native development also brings security and compliance implications you may not have fully thought through.
