Data loss prevention vendors tackle gen AI data risks
Data loss prevention (DLP) vendors are racing to add support for generative AI use cases to their platforms, following the popularity and increasing adoption of…
5 areas where zero trust can’t protect your organization
Adopting zero trust is no fail-safe against cyberattacks. Attackers are constantly finding new ways to get around zero trust, and this often happens because not…
3 strategies that can help stop ransomware before it becomes a crisis
Over the past decade, the average value of ransoms demanded by hackers has gone from hundreds of dollars to hundreds of thousands — even into…
Why API attacks are increasing and how to avoid them
Australian energy company Jemena has been using APIs, in some form, for about a decade. Its use of APIs — application programming interfaces — has…
How CISOs can balance the risks and benefits of AI
The rapid pace of change in AI makes it difficult to weigh the technology’s risks and benefits and CISOs should not wait to take charge…
Insured companies more likely to be ransomware victims, sometimes more than once
Companies with cyber insurance are more likely to get hit by ransomware, more likely to be attacked multiple times, and more likely to pay ransoms,…
Siemens focuses on zero trust, legacy hardware, supply chain challenges to ensure cybersecurity of internal systems
Siemens has been working to be on top of vulnerabilities found in its products, but more importantly, to ensure the security of its internal operations.…
AI-fueled search gives more power to the bad guys
Concerns about the reach of ChatGPT and how easier it may get for bad actors to find sensitive information have increased following Microsoft’s announcement of…
How AI chatbot ChatGPT changes the phishing game
ChatGPT, OpenAI’s free chatbot based on GPT-3.5, was released on 30 November 2022 and racked up a million users in five days. It is capable of…
The cybersecurity challenges and opportunities of digital twins
Digital twins are a digital representation of objects, structures or systems that give organizations greater insight into the life cycle of these objects, but this…
Top 5 security risks of Open RAN
When a cell phone or other mobile device connects to the nearest cell tower, the communication takes place over something called a RAN — a…
6 signs your IAM strategy is failing, and how to fix it
Companies have been developing and executing identity and access management (IAM) strategies for decades. “It started with mainframe time sharing, so nothing is new,” says Jay Bretzmann,…
Adversarial machine learning explained: How attackers disrupt AI and ML systems
As more companies roll out artificial intelligence (AI) and machine learning (ML) projects, securing them becomes more important. A report released by IBM and Morning Consult in…
9 ways hackers will use machine learning to launch attacks
Machine learning and artificial intelligence (AI) are becoming a core technology for some threat detection and response tools. The ability to learn on the fly…
7 machine identity management best practices
Machine identities are a large, and fast-growing part of the enterprise attack surface. The number of machines—servers, devices, and services—is growing rapidly and efforts to…
Fantastic Open Source Cybersecurity Tools and Where to Find Them
Open source is a double-edged sword for information security. On the one hand, security professionals rely on countless open source security software tools, frameworks, and…
What is the cyber kill chain? A model for tracing cyberattacks
As an infosec professional, you’ve likely heard about using a cyber kill chain to help identify and prevent intrusions. Attackers are evolving their methods, which…
How attackers sidestep the cyber kill chain
The idea of the cyber kill chain was first developed by Lockheed Martin more than a decade ago. The basic idea is that attackers perform reconnaissance, find…
Why DevOps pipelines are under attack and how to fight back
In mid-2017, Russian state-sponsored attackers installed a malicious worm in a Ukrainian financial software package. When businesses updated their software, it became infected. The worm,…
Data residency laws pushing companies toward residency as a service
Data residency laws require that companies operating in a country keep data about its citizens on servers located in that country. For companies that have…
Ransomware recovery: 8 steps to successfully restore from backup
According to a ransomware survey report released in June by Keeper Security, 49% of companies hit by ransomware paid the ransom–and another 22% declined to…
Botnet attacks on APIs: Why most companies are unprepared
As companies move applications to the cloud and expose functionality via application programming interfaces (APIs), criminals have been moving quickly to take advantage of this…
How API attacks work, and how to identify and prevent them
In early May, fitness company Peloton announced that it had exposed customer account data on the internet. Anyone could access users’ account data from Peloton’s…
Tips and tactics of today’s cybersecurity threat hunters
Threat hunting isn’t just for the biggest organizations anymore. As the SolarWinds attack demonstrated, any size company can be vulnerable to stealthy attackers who worm…
5 ways attackers counter incident response, and how to stop them
Last month, the UK’s National Cyber Security Centre reported that one organization paid nearly $9 million to attackers for a decryption key after falling victim…
How strong, flexible data protection controls can help maintain regulatory compliance
Privacy and security regulations are evolving quickly. The European Union’s GDPR and California’s new CPRA law are only the most high-profile examples. According to Privacy…
Supply chain attacks show why you should be wary of third-party providers
What is a supply chain attack? A supply chain attack, also called a value-chain or third-party attack, occurs when someone infiltrates your system through an…
CPRA explained: New California privacy law ramps up restrictions on data use
In November, Californians approved a ballot measure, Proposition 24, a.k.a. the California Privacy Rights Act (CPRA), to create a new consumer data privacy agency. It…
How secure are your AI and machine learning projects?
When enterprises adopt new technology, security is often on the back burner. It can seem more important to get new products or services to customers…
How to protect backups from ransomware
Despite a recent decline in attacks, ransomware still poses significant threats to enterprises, as the attacks against several major newspapers demonstrated this month. It is…