In November 2018, the Australian Prudential Regulation Authority (APRA) released the Prudential Standard CPS 234 in direct response to the escalating attack landscape in the financial sector. APRA has understood these threats to be the direct result of banking services moving to more complex and heavily used digital platforms. The new standard emerged as an offshoot to the Notifiable Data Breach ...

While integrity has been a common word in the cybersecurity lexicon for years, its meaning and use have been relatively limited. It may be time to reconsider its central role in security. The reality of always-connected networks, fluid data transfers across cloud and hybrid environments, and broadly deployed endpoints presents an opportunity to take a fresh look at integrity as an organizing...

Finance companies opt for managed services to stay compliant, bolster overburdened security teams, and get ongoing support in keeping their data safe from damaging breaches. The finance sector regularly finds itself on the front lines of emerging attack techniques; attackers commonly search for edge vulnerabilities and test new malware variations against financial systems. However, most breaches...

When you opt to use multiple cloud providers, you’re implementing a multi-cloud strategy. This practice is increasingly common, and can refer to mixing SaaS (software as a service) and PaaS (platform as a service) offerings as well as public cloud environments that fall under the IaaS (infrastructure as a service) category. The most common public cloud environments today are Amazon Web Services ...

The concept of Zero Trust Architecture is fairly straightforward. Networks and systems have been traditionally designed with the assumption that everybody inside a defined perimeter can be trusted and that everybody outside that perimeter is hostile. With that assumption, the idea of building an impenetrable wall around that perimeter makes perfect sense. Over time, and as technology has advanced,...

As chief information security officer (CISO), it’s now a job requirement to effectively communicate with your non-technical C-suite and board of directors—preferably not just after there’s been a breach. This is the first in a series of executive white papers designed to share strategies for reducing your attack surface risk as well as how to clearly and objectively communicate your overall security posture to non-technical executives. Download this white paper and learn about: The definition of “attack surface” — and risks associated Design goals of attack surface analytics What non-technical C-suite executives and board members want

The chief information security officer, or CISO, is essential to the smooth and safe operation of any large organization. Over the past few years, though, the scope and scale of the CISO’s task has increased markedly. No longer simply a head of IT security, the CISO is responsible for a far wider range of cyber defenses and protective measures that extend well beyond the organization’s perimeter...

How proper foundational controls help block today’s advanced threats

The skills gap remains one of the biggest challenges within the cybersecurity industry. To gain more perspective on what organizations are experiencing, Tripwire partnered with Dimensional Research to survey 342 security professionals on this issue. This study explores hiring trends, how security teams are changing, and how they plan to address the issue in the face of growing cyber threats. ...

As news of cyberthreats targeting industrial environments like energy utilities and manufacturing plants continues to surface, Tripwire surveyed security professionals who work in these industries to understand how industrial organizations are protecting themselves. The survey findings revealed insights on the security professionals’ levels of concern, investment in cybersecurity, and how they are...