From the cyberwar in Ukraine to ongoing ransomware threats and emerging global data regulations, 2022 has been a taxing year for CISOs. And they can expect more of the same in 2023, says Rodman Ramezanian of Skyhigh Security. He offers predictions and advice for the new year.
Ride-hailing app maker Uber says a data breach at a third party is responsible for the appearance on a hacking forum of internal data. The data is unrelated to the September incident Uber experienced after a hacker affiliated with Lapsus$ penetrated the company network, an Uber spokesperson says.
Four major cloud providers - AWS, Google, Microsoft and Oracle – will participate in a $9 billion U.S. Department of Defense remote computing contract, marking a departure from an earlier winner-take-all approach that ended up in court and slowed the DoD's cloud transformation program for years.
Cyber risk quantification (CRQ) is the measure of an organization’s cyber risk expressed in monetary terms, like dollars. CRQ has many benefits, but few security professionals understand how to implement it.
Join Paul Kelly, former head of risk at HSBC, and Chris Griffith, chief product officer at Balbix, as they...
A server misconfiguration at Kentucky-based CorrectCare Integrated Health Inc., a firm that provides medical claims processing for correctional facilities, has exposed sensitive information of nearly 600,000 inmates who received medical care during the last decade while incarcerated.
Sonatype’s eighth annual State of the Software Supply Chain Report blends a broad set of public and proprietary data and analysis, including dependency update patterns for more than 131 billion Maven Central downloads and thousands of open source projects, survey results from 662 engineering professionals, and the...
A hacking incident at a New York-based administrative management services firm has so far resulted in 20 anesthesiology practices reporting to federal and state regulators breaches affecting a total of about 430,000 individuals.
It has never been more vital to secure your supply chain, with governments also recognizing the urgency by increasingly calling for Software Bills of Materials (SBOMs) and the implementation of effective third-party security risk management (TPRSM) to stem the surge in ransomware and other cyberattacks.
It’s not...
Federal regulators are urging healthcare sector entities to identify all instances of OpenSSL in their infrastructures and to test and deploy a patch issued to fix certain severe vulnerabilities in the software as soon as possible.
As budgets tighten in anticipation of economic hardships, cybersecurity threats only continue to grow. Bill Bernard, CISSP of Deepwatch, advises security leaders to consider how senior management and the board view cybersecurity and then adjust how you prioritize people, technology and managed services.
In this...
A PSA is the central hub for any MSP or ITSP - it must integrate with all of the critical applications that an MSP needs to run their business, providing full visibility into customers, internal operations, and profitability.
The PSA solution should be purpose-built for MSPs and have a user experience that is...
From SolarWinds to Kaseya, Accellion, Log4j,
or Okta, third-party security breaches are
among the most devastating for organizations
affected.
Defense against third-party risk is
a top-tier risk register item, and it is not a one-off either – you need
continuous monitoring to evaluate the security stance of...
Aligning internal cybersecurity practices with external third-party risk management is a crucial, to evaluate control effectiveness against both internal and external risks.
Increased threats and more focus on enterprise-wide accountability are impacting TPRM and CPM. External third-party risk mapping to internal...
CDNs that don’t provide the real-time observability, baked-in security, and programmatic control needed to deliver the dynamic experiences today’s users demand.
Developer empowerment is essential for creating innovative digital experiences that help increase customer lifetime value, improve conversion rates,...
You can use security analytics platforms to alert on anomalous behavior, investigate security events, respond to security incidents, threat hunt on large data sets, and meet compliance use cases. But to realize these benefits, you’ll first have to select from a diverse set of vendors that vary by size, type of...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.