Tag: business

Want to be an effective cybersecurity leader? Learn to excel at change management

Jan 29, 2025 8:37 AM

Tags: authentication, awareness, business, cio, ciso, cloud, compliance, corporate, cybersecurity, finance, fraud, group, guide, Hardware, identity, jobs, password, privacy, risk, risk-management, service, skills, software, strategy, technology, threat, vulnerability, zero-trust

If there’s one thing that’s inevitable in cybersecurity, it’s change. Ever-evolving technology requires new protections, threats seem to multiply and morph on a daily basis, and even the humblest pieces of software and hardware demand constant updating to stay secure.That work has been increasing as the importance, visibility, and impact of security initiatives have ramped…
Data Privacy Day 2025: Time for Data Destruction to Become Standard Business Practice

Jan 29, 2025 7:44 AM

Tags: business, compliance, data, privacy

Compliance standards are mandating better data security. There are several ways to do this, but most organizations would admit that erasure is not one of them. First seen on darkreading.com Jump to article: www.darkreading.com/data-privacy/data-privacy-day-2025-time-for-data-destruction-to-become-standard-business-practice
Only 13% of organizations fully recover data after a ransomware attack

Jan 29, 2025 5:37 AM

Tags: attack, business, data, ransomware

Ransomware attacks are disrupting and undermining business operations and draining revenue streams, according to Illumio. Findings from the study reveal that 58% of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/29/ransomware-attacks-business-operations-disruption/
5 ways boards can improve their cybersecurity governance

Jan 28, 2025 11:36 PM

Tags: attack, breach, business, ciso, cloud, cyber, cybersecurity, data, election, endpoint, finance, gartner, governance, government, group, identity, incident, india, infrastructure, jobs, middle-east, network, ransomware, regulation, risk, skills, technology, threat, training

As chairman of the board for Cinturion Group, Richard Marshall is intimately involved in ensuring the security of the fiber optic network his company is constructing from India through the Middle East and on to Europe.The monumental Trans Europe Asia System (TEAS) will be difficult enough to build given it will be buried beneath thousands…
Cryptographic Agility’s Legislative Possibilities & Business Benefits

Jan 28, 2025 10:37 PM

Tags: business, computing

Quantum computing will bring new security risks. Both professionals and legislators need to use this time to prepare. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/cryptographic-agility-legislative-possibilities-benefits
AI is a double-edged sword: Why you need new controls to manage risk

Jan 28, 2025 9:36 PM

Tags: ai, business, control, cybersecurity, detection, risk, tool
API Supply Chain Attacks, The Sky’s the Limit

Jan 28, 2025 6:36 PM

Tags: access, api, attack, authentication, awareness, business, control, credentials, credit-card, data, defense, email, endpoint, exploit, flaw, GDPR, governance, jobs, login, malicious, mobile, penetration-testing, phone, programming, risk, service, supply-chain, technology, unauthorized, vulnerability

Account takeover of a third-party service provider may put millions of airline users worldwide at risk. Summary Salt Labs has identified an account takeover vulnerability in a popular online top-tier travel service for hotel and car rentals. The service is integrated into dozens of commercial airline online services and allows airline users to add hotel…
What’s Yours is Mine: Is Your Business Ready for Cryptojacking Attacks?

Jan 28, 2025 5:36 PM

Tags: attack, business, cloud, threat

Cryptojacking may be stealthy, but its impact is anything but. From inflated cloud bills to sluggish performance, it’s a threat that companies can’t ignore. Learn more from Pentera about how automated security validation can protect your org from these threats. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/whats-yours-is-mine-is-your-business-ready-for-cryptojacking-attacks/
»BlackBerry erfindet sich neu Die Transformation eines Tech-Pioniers«

Jan 28, 2025 10:36 AM

Tags: business, cybersecurity, iot, strategy

BlackBerry, einst Synonym für sichere Business-Smartphones, hat in den vergangenen Jahren eine bemerkenswerte Transformation durchlaufen. Vom Vorreiter in der mobilen Kommunikation wandelte sich das Unternehmen zu einem führenden Anbieter von Cybersecurity- und IoT-Lösungen. Hans-Peter Bauer, Vice President Cybersecurity, gibt Einblicke in diesen Wandel und die Strategie, die BlackBerry heute relevanter denn je macht. Herr… First…
What Makes This “Data Privacy Day” Different?

Jan 28, 2025 10:03 AM

Tags: access, ai, attack, breach, business, cloud, data, data-breach, finance, identity, infrastructure, malware, monitoring, phishing, privacy, ransomware, risk, scam, threat, tool, training, vulnerability

As we celebrate Data Privacy Day, Bernard Montel, Tenable’s EMEA Technical Director and Security Strategist, wants to remind us that we live in a digital world and that we need to protect it. With data breaches a daily occurrence, and AI changing the playing field, he urges everyone to “do better.” Launched in April 2006…
The cybersecurity skills gap reality: We need to face the challenge of emerging tech

Jan 28, 2025 8:03 AM

Tags: access, ai, application-security, business, cio, ciso, cloud, computing, control, corporate, cybersecurity, data, jobs, risk, skills, technology, training

The cybersecurity skills shortage remains a controversial topic. Research from ISC2 states that the current global workforce of cybersecurity professionals stands at 5.5 million, but the workforce currently needs 10.2 million, a gap of 4.8 million people.Skeptics (and there are lots of them) say hogwash! They claim that these numbers are purely self-serving for ISC2,…
The Case for Proactive, Scalable Data Protection

Jan 27, 2025 11:03 PM

Tags: business, cloud, cyber, data, threat

Whether you’re facing growing data demands and increased cyber threats, or simply looking to future-proof your business, it’s time to consider the long-term benefits of transitioning to a cloud-first infrastructure. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/case-proactive-scalable-data-protection
Data Privacy Day 2025: A Chance to Take Control of Your Data

Jan 27, 2025 3:03 PM

Tags: access, ai, awareness, business, cloud, compliance, control, country, data, encryption, governance, law, password, privacy, regulation, service, software, strategy, technology, tool

Data Privacy Day 2025: A Chance to Take Control of Your Data madhav Mon, 01/27/2025 – 09:19 Trust is the cornerstone of every successful relationship between businesses and their customers. On this Data Privacy Day, we reflect on the pivotal role trust plays in the digital age. It’s earned not just through excellent products or…
CISOs’ top 12 cybersecurity priorities for 2025

Jan 27, 2025 11:03 AM

Tags: access, ai, api, attack, authentication, automation, awareness, business, cio, ciso, cloud, compliance, control, corporate, cybersecurity, data, detection, framework, governance, identity, incident response, infrastructure, intelligence, jobs, mitigation, monitoring, mssp, oracle, penetration-testing, privacy, risk, risk-management, service, strategy, technology, threat, training, usa, zero-trust

Security chief Andrew Obadiaru’s to-do list for the upcoming year will be familiar to CISOs everywhere: advance a zero-trust architecture in the organization; strengthen identity and access controls as part of that drive; increase monitoring of third-party risks; and expand the use of artificial intelligence in security operations.”Nothing is particularly new, maybe AI is newer,…
The Small Business Guide to Everyday Access Management and Secure Off-boarding

Jan 26, 2025 11:03 PM

Tags: access, business, guide, startup

Learn how to secure your company’s digital assets in just 10 minutes a day. This practical guide shows small business owners and startup founders how to manage access, respond to security issues, and handle employee departures efficiently”, all without disrupting daily operations. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/the-small-business-guide-to-everyday-access-management-and-secure-off-boarding/
Insurance companies can reduce risk with Attack Path Management

Jan 24, 2025 12:22 AM

Tags: access, attack, backdoor, blueteam, breach, business, credentials, credit-card, data, identity, insurance, login, microsoft, network, risk, social-engineering, technology, threat, tool, vulnerability

TL;DR Insurance companies host large amounts of sensitive data (PII, PHI, etc.) and often have complex environments due to M&A and divestitures Most breaches start with human error Fortune 500 companies rely on Microsoft Active Directory as a backbone for Identity and Access Management Attackers target Active Directory to move laterally and escalate privilege An Attack…
SOC vs MSSP: Which is Right for Your Business?

Jan 23, 2025 9:22 PM

Tags: business, finance, mssp, risk, service, soc

One of the most pivotal decisions an organization faces is whether to build an in-house Security Operations Center (SOC) or outsource security operations to a Managed Security Service Provider (MSSP). While the choice may seem straightforward at first glance, the long-term implications”, on finances, operations, and risk management”, are anything but simple. Like all things…
Automating endpoint management doesn’t mean ceding control

Jan 23, 2025 6:22 PM

Tags: ai, automation, business, compliance, control, cybersecurity, data, endpoint, governance, intelligence, ml, risk, security-incident, skills, threat, tool, vulnerability

Beset with cybersecurity risks, compliance regimes, and digital experience challenges, enterprises need to move toward autonomous endpoint management (AEM), the next evolution in endpoint management and security solutions. CSO’s Security Priorities Study 2024 reveals that 75% of security decision-makers say that understanding which security tools and solutions fit best within their company is becoming more complex. Many are…
Operationalizing MITRE ATLAS to Defend Against Attacks on AI

Jan 23, 2025 6:22 PM

Tags: ai, attack, business, conference, cybersecurity, governance, mitre, risk
Doti AI Launches Platform to Securely Find Enterprise Data

Jan 23, 2025 4:23 PM

Tags: access, ai, business, data

The AI-powered work platform helps organizations securely identify and access internal enterprise data as part of business processes and workflows. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/doti-ai-launches-platform-to-securely-find-enterprise-data
Security Needs to Start Saying ‘No’ Again

Jan 23, 2025 3:22 PM

Tags: business, cybersecurity, risk

The rush to say yes allows cybersecurity teams to avoid hard conversations with business stakeholders but also risks losing their ability to effectively protect organizations. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/security-needs-start-saying-no-again
10 top XDR tools and how to evaluate them

Jan 23, 2025 11:22 AM

Tags: ai, attack, automation, business, cloud, computing, container, corporate, credentials, data, defense, detection, edr, email, encryption, endpoint, finance, firewall, google, guide, Hardware, iam, ibm, identity, incident response, infrastructure, intelligence, malicious, malware, marketplace, microsoft, mitigation, network, office, okta, open-source, organized, risk, security-incident, service, siem, skills, soar, software, spam, technology, threat, tool, training, vulnerability, zero-day

Little in the modern IT world lends itself to manual or siloed management, and this is doubly true in the security realm. The scale of modern enterprise computing and modern application stack architecture requires security tools that can bring visibility into the security posture of modern IT components and integrate tightly to bring real-time threat…
HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA

Jan 23, 2025 11:22 AM

Tags: access, authentication, breach, business, cloud, compliance, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, encryption, endpoint, hacker, healthcare, HIPAA, insurance, mfa, network, nist, office, privacy, regulation, risk, risk-assessment, service, software, strategy, threat, unauthorized, update, vulnerability

HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA madhav Thu, 01/23/2025 – 06:25 Data Breaches in Healthcare: Why Stronger Regulations Matter A data breach involving personal health information isn’t just about stolen files”, it’s a gut punch to trust and a serious shake-up to people’s lives. Think about…
Is Your Automation Exposing Critical Data?

Jan 23, 2025 6:22 AM

Tags: automation, business, ciso, data, identity

Is Automation Compromising Your Data Security? In modern business environments, how secure is your automation process? Alarmingly, many companies are unknowingly exposing critical data due to inadequate Non-Human Identity (NHI) and Secrets Management practices. This emerging field is crucial to maintaining data integrity and has become a high-priority concern for many CISOs, IT professionals, and……
Entra Connect Attacker Tradecraft: Part 2

Jan 23, 2025 5:22 AM

Tags: access, attack, authentication, business, cloud, control, credentials, detection, group, microsoft, password, powershell, service, windows

Now that we know how to add credentials to an on-premises user, lets pose a question: “Given access to a sync account in Domain A, can we add credentials to a user in another domain within the same Entra tenant?” This is a bit of a tall order assuming we have very few privileges in Entra…
Google Cloud Security Threat Horizons Report #11 Is Out!

Jan 22, 2025 11:22 PM

Tags: access, api, apt, attack, authentication, breach, business, cloud, corporate, credentials, cybersecurity, data, detection, exploit, extortion, google, identity, intelligence, leak, mfa, password, phishing, ransomware, service, tactics, theft, threat, tool, vulnerability

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Threat Horizons Report, #11 (full version) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8, #9 and #10). My favorite quotes from the report follow below:…
25 on 2025: APAC security thought leaders share their predictions and aspirations

Jan 22, 2025 8:22 PM

Tags: access, advisory, ai, api, attack, authentication, awareness, best-practice, breach, business, ciso, cloud, compliance, control, cryptography, csf, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, data-breach, deep-fake, detection, disinformation, encryption, endpoint, exploit, extortion, finance, framework, fraud, government, group, hacking, Hardware, identity, incident, incident response, infrastructure, injection, intelligence, international, iot, malicious, malware, microsoft, monitoring, network, nist, phishing, privacy, ransomware, regulation, resilience, risk, risk-management, scam, service, skills, social-engineering, software, spear-phishing, strategy, supply-chain, tactics, technology, threat, tool, training, update, vulnerability, warfare, zero-trust

As threat actors and security teams harness the growing potential of artificial intelligence (AI), who will prevail? From generative AI (GenAI) to agentic AI, we look through the lens of 25 of Asia-Pacific’s thought leaders in security and dive into their predictions and goals for the year. src=”https://b2b-contenthub.com/wp-content/uploads/2025/01/Athikom.jpg?quality=50&strip=all” alt=”athikom” loading=”lazy” width=”400px”>Athikom Kanchanavibhu Chief Information Security…
The Quiet Rise of the ‘API Tsunami’

Jan 22, 2025 8:22 PM

Tags: access, api, attack, authentication, breach, business, cloud, compliance, control, data, data-breach, encryption, endpoint, finance, GDPR, healthcare, HIPAA, infrastructure, law, leak, mail, malicious, mfa, mobile, monitoring, network, privacy, programming, regulation, risk, security-incident, service, threat, tool, unauthorized, update, vulnerability

As enterprises increasingly adopt cloud-native architectures, microservices, and third-party integrations, the number of Application Programming Interfaces (APIs) has surged, creating an “API tsunami” in an organization’s infrastructure that threatens to overwhelm traditional management practices. As digital services proliferate, so does the development of APIs, which allow various applications to communicate or integrate with each other…
Doti AI Raises $7 Million Seed Funding for Instant Access to Internal Company Data

Jan 22, 2025 7:22 PM

Tags: access, ai, business, data, office

Doti’s platform uses AI to improve, automate, and streamline standard office and business processes across distributed and hybrid environments. The post Doti AI Raises $7 Million Seed Funding for Instant Access to Internal Company Data appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/doti-ai-raises-7-million-seed-funding-for-instant-access-to-internal-company-data/
Conduent confirms cybersecurity incident behind recent outage

Jan 22, 2025 6:22 PM

Tags: business, cybersecurity, government, service

American business services giant and government contractor Conduent confirmed today that a recent outage resulted from what it described as a “cyber security incident.” First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/conduent-confirms-cybersecurity-incident-behind-recent-outage/