Data Breaches

Forbes Global 2000 companies are failing to adopt key domain security measures, exposing them to significant security risks, according to CSC’s Domain Security Report 2022. The enterprise-class domain registrar and Domain Name System (DNS) threats mitigator found that 75% of Global 2000s have implemented fewer than half of all domain security measures with Domain-based Message Authentication, Reporting, and Conformance (DMARC), the only domain security measure with significantly increased adoption since 2020. The data follows Akamai…

Read More

In April 2014, Lockheed Martin revolutionized the cyber defense business by publishing a seminal white paper Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. This document sparked a new wave of thinking about digital adversaries, specifically, nation-state advanced persistent threat groups (APTs). The authors of the paper argued that by leveraging the knowledge of how these adversaries operate, cyber defenders “can create an intelligence feedback loop, enabling defenders to…

Read More

Seasoned CISO Mike Manrod knows the value of a good cybersecurity vendor evaluation. He recalls that in a past job he inherited some very expensive vaporware under a long-term services agreement. His predecessor had purchased an “innovative” beta identity and access management platform but hadn’t done any analysis on the product, simply accepting the vendor’s claims of its efficacy. It was a dud. Inversely, as CISO at his current company Grand Canyon Education, Manrod set…

Read More

New York-barred attorneys will be required to complete one continuing legal education (CLE) credit hour of cybersecurity, privacy, and data protection training as part of their biennial learning requirement beginning July 1, 2023. New York is the first jurisdiction to stipulate this specific requirement as the state aims to emphasize the technical competence duty of lawyers to meet professional, ethical and contractual obligations to safeguard client information. Lawyers have ethical obligations and professional responsibilities around…

Read More

Software developers know not to reinvent the wheel. So, they lean on reusable micro-services – and their corresponding application programming interfaces (APIs) – as building blocks for application components. “Developers want to focus on the added value they can bring instead of rebuilding things that have great solutions out there already,” says Grace Francisco, vice president of developer relations, strategy, and experience at Cisco. “APIs make that easy for developers to consume.” And they have been consuming:…

Read More

The problems cybersecurity startups attempt to solve are often a bit ahead of the mainstream. They can move faster than most established companies to fill gaps or emerging needs. Startups can often innovative faster because they are unfettered by an installed base. The downside, of course, is that startups often lack resources and maturity. It’s a risk for a company to commit to a startup’s product or platform, and it requires a different kind of customer/vendor…

Read More

The Australian Federal Police has revealed that those responsible for the data breach of Australian private health insurer Medibank are in Russia. On October 13, Medibank paused trading in the Australian Securities Exchange and announced there had been a “cyber incident”. At the time the company believed no data had been accessed and that the main issue was at its ahm and international student policy management units. But what started as the second largest breach…

Read More

Cloud security vendor Lacework this week announced the availability of a cloud-native application protection platform (CNAPP) for its broader Polygraph Data Platform offering, providing an agentless, low-touch option for organizations looking to improve their application security posture. There are two main components to the CNAPP release, according to Lacework, both of which require only that the user connect their cloud accounts with Lacework’s apparatus. The first is attack path analysis, which uses Lacework’s systems to…

Read More