CYBER THIS WEEK – MARCH 12, 2023
Continuous Threat Exposure Management Stops Modern Threats
For cybersecurity, visibility is critical: security teams must be aware of all risks before they can find a way to reduce them. However, visibility requires a defined strategy and a programmatic approach. That approach should include continuous threat exposure management (CTEM).
Continuous Threat Exposure Management Stops Modern Threats (securityintelligence.com)
Why we need to democratize governance, risk, and compliance
Organizations of every size should get the support and help they need to succeed when navigating risk and compliance, but they often don’t get that help. Current standards and tools create a barrier for many businesses in the form of financial requirements and technical expertise.
Why we need to democratize governance, risk, and compliance | SC Media (scmagazine.com)
Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears
In a recent report, data security service Cyberhaven detected and blocked requests to input data into ChatGPT from 4.2% of the 1.6 million workers at its client companies because of the risk of leaking confidential information, client data, source code, or regulated information to the LLM.
Employees Are Feeding Sensitive Business Data to ChatGPT (darkreading.com)
IoT Cybersecurity Pillars – Four Core Tenets of Any IoT Security Program
The world has seen a significant increase in cyber-attacks aimed at critical infrastructure and security products in the last few years, with Industrial Internet of Things (IIoT) devices such as security cameras, becoming prime targets for hackers. Last year alone, there were more than 3 billion IoT breaches, and that is just the recorded number, the actual number is probably much higher.
It is clear that IoT and IIoT manufacturers must do more to help secure these devices and educate the market on security best practices
IoT Cybersecurity Pillars – Four Core Tenets of Any IoT Security Program — Security Today
What Does the National Cybersecurity Strategy Mean for Public and Private Stakeholders?
The Biden-Harris Administration has released a sweeping National Cybersecurity Strategy that seeks to change the approach to cyber defense. Experts weigh in on the new strategy and how it could improve the national cybersecurity posture.
The Pain of Double Extortion Ransomware
Double extortion ransomware is when a victim’s sensitive data is both stolen from the victim and encrypted in place, giving the criminal the option of demanding two (or more) separate ransom payments. Secure human identities and machine identities are the foundation for limiting the chances of a ransomware actor gaining access to our sensitive data.
The Pain of Double Extortion Ransomware – CPO Magazine
Stolen credentials increasingly empower the cybercrime underground
One of the most valuable commodities on cybercrime underground are stolen credentials since they can provide attackers with access into networks, databases, and other assets owned by organizations. It’s no surprise to see cybercriminals focused on this valuable commodity
Stolen credentials increasingly empower the cybercrime underground | CSO Online
Preventing Data Breaches In 2023: Why API Security Is Critical
The bottom line is that consumers feel more comfortable when they know that their information is safe from hackers. APIs are and will continue to be a lucrative attack vector for hackers to exploit as long as organizations continue to ignore them
Preventing Data Breaches In 2023: Why API Security Is Critical (forbes.com)
Organizations tempt risk as they deploy code more frequently
Organizations are deploying cloud-native code more frequently than a year ago, sometimes neglecting security requirements in critical stages of the development process.
Organizations tempt risk as they deploy code more frequently | CIO Dive
19 Cybersecurity Trends Every CISO Must Prepare for in 2023
Every organization needs to realign its cybersecurity goals and processes to meet the changing needs of the threat landscape. CISOs must stay ahead of the curve and be prepared for the cybersecurity trends defining 2023