CYBER THIS WEEK – AUGUST 20, 2023
Vulnerabilities on external attack surfaces live far too long
As an industry, security leaders managed to bring down Mean Time to Detection (MTTD) and Mean Time to Remediation (MTTR) for internal attack surface vulnerabilities to just a couple of weeks or less. But why haven’t they succeeded in bringing these figures down on the external side?
How to prevent and prepare for a cyber-catastrophe
Ransomware and data leaks are inconvenient and costly. But what about a cyber-incident that leads to mass casualties?
From Vulnerability To Resilience: A Guide To Cybersecurity In The Manufacturing Sector
Being an integral part of complex supply chains, the manufacturing sector is prone to cyberattacks. Any security vulnerabilities might enable attackers to gain unauthorized access, introduce malicious codes or even disrupt operations.
6 best practices to defend against corporate account takeover attacks
When bad actors get control of business or corporate accounts, it can be more dangerous than comprised personal or consumer accounts. Here are some ways to stop them.
Lock Down APIs to Prevent Breaches
Developers need to focus on creating secure web and mobile applications because flaws in Web application programming interfaces (APIs) have left companies open to attack.
How to Choose the Right Identity Security Solution for Your Business
In the context of identity security, assessing your business needs and risk profile entails a thorough examination of your organization’s particular requirements and weaknesses. This includes comprehending the nature of your industry, the sensitivity of the data you manage, and the possible consequences of identity theft.
How disjoined threat intelligence limits companies — and what to do about it
The fragmentation of threat intelligence can put organizations on unequal footing with their adversaries. Indicators of compromise don’t follow a common language and naming taxonomies vary wildly from one research firm to the next, making it difficult to determine when analysts are describing activities of the same threat actor.
What India’s Data Protection Law Brings to the Regulatory Mix
There are nuanced questions, though, about what India will allow — including certain exceptions for government collection of data — and who the state might put on a “red list” that would preclude them from engaging in business that relies on data derived from citizens of India.
The Vulnerability of Zero Trust: Lessons from the Storm 0558 Hack
While IT security managers in companies and public administrations rely on the concept of Zero Trust, APTS (Advanced Persistent Threats) are putting its practical effectiveness to the test. Analysts, on the other hand, understand that Zero Trust can only be achieved with comprehensive insight into one’s own network.
Boards Don’t Want Security Promises — They Want Action
Boards are concerned with risk and liabilities, so your approach should concentrate on risk, likelihood, and mitigations. This emphasis on action can be a tremendous spur to making changes in your approach. This also can be an opportunity to look at how to get more of the basics right across your operation.