Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As organizations navigate through the complexities of the digital era, the challenge of accurately identifying and managing their asset inventory has become a critical aspect of their security posture. This task, known as attack surface discovery and asset attribution, involves a delicate balance: identifying all assets that belong to the organization while ensuring that no extraneous ones are included.

The last 12 months have been awash with incidents that led to significant data breaches, government regulatory and legal sanctions, and loss of business services availability. In 2023 we saw the most private personally identifiable information exposed, business services shut down, and CISOs fired—and even charged for legal violations by the federal government.

In response to the growing number of malicious actors that have managed to exploit cybersecurity vulnerabilities and cause irreparable damage to organizations, governments worldwide have decided to intervene, recognizing a need for a systematic approach to safeguarding national assets. Helping to lead the way in this institutionalized effort is the Australian Prudential Regulation Authority (APRA). ‍

On December 26, 2023 the Department of Defense (DoD) unveiled the long-anticipated Proposed Rule for the Cybersecurity Maturity Model Certification (CMMC) Program, sending a clear message to defense contractors that CMMC is happening sooner than many thought, and that those taking a “wait and see” attitude can no longer wait to prepare.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. If there ever was a good example of what can happen if you don’t have a good password and no 2FA enabled, this is it.

In the ever-evolving cybersecurity landscape, organizations are constantly striving to enhance their defenses against organized malicious actors. As cyber attacks become more advanced, regulatory bodies have created and enforced compliance requirements to ensure that organizations protect sensitive data and systems. One groundbreaking solution that can help your organization meet these challenges is Extended Detection and Response, known as XDR.

Although SIEMs have existed for more than 20 years, many organizations still fail to achieve full data visibility into their environments. Two problems compound this challenge. First: attack surfaces. As organizations scale their digital infrastructures and bring on new applications, the amount of data analysts need to monitor and analyze increases exponentially.

Technology trends may come and go, but cloud storage has become a mainstay for efficient data management. Instead of relying on physical drives such as local SSDs, the cloud allows users to store their data securely in remote data centers. On the other hand, traditional storage methods, such as hard disk drives (HDDs), have been storage mainstays for decades. Through magnetic spinning disk technology, HDDs have been reliable for long-term storage.

Welcome to 2024 and a new monthly feature here at GitGuardian, a comic strip called "Guardian Goofs." If you like it, please show it some love by hitting one of those "share" links below it. And check back on the first Thursday of each month for the newest "Goof." Share this article on Twitter, HackerNews, LinkedIn, or Reddit.

Knowledge is power. Power is money. In the context of information systems and applications, knowledge is ingested, processed, and used as data. Data theft or loss can be devastatingly costly to a business. Data is one of an organization’s most valuable assets, and must be secured and protected as such.