In the past four years, cyberattacks have more than doubled. Cybercriminals are leveraging emerging technologies like artificial intelligence (AI) to facilitate more sophisticated attacks. Geopolitical tumult has increased cyber risk. Couple these factors with a near-ubiquitous desire for businesses to expand their operations, and it’s easy to understand the need for scaling Security Operations...

I recently came across the "Johari Window Model" and thought this would be a good way to gain inspiration to explain the conundrum faced by many cybersecurity customers. The table below shows us the breakdown of the stages that are applicable not just to IT and OT environments but also to other facets of our daily lives. This model can be applied...

The Internet of Things (IoT) refers to the global network of physical devices connected to the internet, capable of collecting and sharing data. IoT devices range from everyday household items to sophisticated industrial tools. By integrating sensors and communication hardware, IoT bridges the gap between the physical and digital worlds, enabling environments where smart devices operate...

The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) regulations often make exacting demands of Fortra Tripwire's customers, requiring them to update or create new change processes and document those processes in order to comply. In any NERC CIP-centered IT\OT project, there are always crucial indicators of success - even before the project gets...

Many companies strive to achieve the best security possible. Along the path to improved security, many companies are also required to meet various compliance standards. In some cases, compliance is also a regulatory requirement. This crossroad between security and compliance can sometimes seem at odds with the organization’s goals. Compliance does...

The ISF (Information Security Forum) Standard of Good Practice (SoGP) is a comprehensive set of best practices designed to help organizations effectively manage their information security risks. Covering various topics, including governance, risk management, compliance, incident management, and technical security controls, it helps establish and...

Much has been made of cyber resilience in recent years. And with good reason: failing to bounce back quickly from a security event can have dramatic financial consequences. In early 2023, Royal Mail took several days to recover from a Lockbit cyberattack, losing upwards of £10 million in the process. However, for all the talk about resilience, the industry seems to be overlooking one of its...

“When the cat’s away, the mouse will play,” the old adage goes. Filings to anti-fraud non-profit Cifas would support that claim, as Insider Threat Database (ITD) reports rose by 14% this past year and are largely attributable to hard-to-monitor work-from-home employees mixed with “increasing financial pressures.” The report details further incidents...

As technologies advance and the world grows more complicated, collaboration and coordination have become increasingly important. Setting standards, sharing information, and bringing experts together are essential to safely developing technologies for national and global priorities, and the world needs organizations to fulfill this role. The...

From more broad laws like GDPR to industry-specific regulations like HIPAA, most organizations today must comply with some kind of data protection guideline. Some businesses may even have to comply with numerous data protection regulations. As such, compliance with data protection regulations has become increasingly complicated. National Institute...

Alexandre Dumas's timeless novel "The Three Musketeers" immortalized the ideal of unyielding solidarity, the enduring motto "All for one and one for all." In the face of ever-evolving threats in the digital realm, the European Union echoes this spirit with its landmark Cyber Solidarity Act. This new legislation recognizes that collective defense is...

In 2023, companies lost about $4.45 million on average because of data breaches. As cyber threats advance, securing endpoints is more important than ever. An advanced Host-based Intrusion Detection System (HIDS) provides a sturdy remedy to improve endpoint security. By monitoring and examining system responses and device status, HIDS identifies and...

Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team, or two great tastes that go great together. As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reese’s cup, a recent gap analysis that I was part of...

On an ordinary day, you're casually surfing the web and downloading some PDF files. The document icons seem pretty legitimate, so you click without a second thought. But, to your surprise, nothing happens. A closer look reveals that what you believed to be a harmless PDF was, in fact, an executable file. Panic sets in as your settings lock up, and...

In the intricate landscape of cybersecurity, Digital Forensics and Incident Response (DFIR) stand as the sentinels guarding against the onslaught of digital threats. It involves a multifaceted approach to identifying, mitigating, and recovering from cybersecurity incidents. In the physical world, the aftermath of a crime scene always yields vital...

The demand for innovative threat detection and intelligence approaches is more pressing than ever. One such paradigm-shifting technology gaining prominence is Federated Learning (FL). This emerging concept harnesses the power of collaborative intelligence, allowing disparate entities to pool their insights without compromising sensitive data. A...

What Is a Host-Based Intrusion Detection System (HIDS)? A host-based intrusion detection system, or HIDS, is a network application that monitors suspicious and malicious behavior, both internally and externally. The HIDS’ job is to flag any unusual patterns of behavior that could signify a breach. By bringing this activity to the team’s attention,...

Energy efficiency and availability is a major concern for all countries and governments. The electric grid is a vital sector, and any malfunctions will create ripple effects on any nation’s economy. As the grid is heavily dependent on cyber-enabled technologies and a vast chain of suppliers, contractors, and partners, the ability to safeguard the...

The financial services sector faces unprecedented cybersecurity challenges in today's digital age. With the industry being a prime target for cybercriminals, understanding and adhering to cybersecurity regulations has never been more crucial. This article delves into the labyrinth of cybersecurity regulations affecting financial services,...

Today, almost every organization is engaged with a third-party vendor at some level when offering products or services. Take, for instance, an e-commerce business that may not be able to function properly unless multiple third-party integrations are involved, such as CRMs, payment gateways, live chat APIs, or a shipping gateway, to name a few....