Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

It’s no surprise that cloud adoption continues to be a major force impacting organizations today. A 2020 McKinsey survey indicated that many organizations saw several years worth of digital transformation take place in 2020. An IDG survey, which we referenced in our Securing Best of Breed SaaS Applications webinar, suggested that 95% of organizations expect to be partly or fully in the cloud by the end of 2021, with almost half the applications used by their workforce being SaaS or open source.

Imagine, it’s a Saturday morning and you receive a call from a bank: – Hello? – Hi [insert your name], we suspect that a fraudster is trying to use your card at a grocery store in Texas. – Well, I am at a grocery store in Texas! – Oh my gosh! Do you see him? If only credit card fraud was funny.

Members of the cybersecurity industry — including the Devo team — are gathering this week for the annual Black Hat USA conference in Las Vegas. Some will be present in person. Many others will participate virtually due to travel issues related to the pandemic. In either case, the latest edition of Black Hat, and its home city, have me thinking about cybersecurity and… gambling.

Regardless of size, every company could experience a cybersecurity incident one day. Security incidents can occur in companies, public institutions, schools, etc. Cybersecurity incident actions are similar to actions to be taken in response to a security incident, for example in a school. It is an inevitable reality that your network may be exposed to an incident threat.

Last year’s rapid and sometimes erratic transition to remote work left many businesses looking for new ways to understand employee behavior when working from home. According to a survey of 2,000 employers offering remote or hybrid work, 78 percent deployed employee monitoring software to track worker behavior in the past six months. As businesses emerge from the recent pandemic, it’s clear that some things will not return to business as usual.

NicheStack is a TCP/IP network stack commonly used in millions of Operational Technology (OT) devices around the world, including in critical infrastructure such as manufacturing plants, power generation/transmission/distribution, water treatment, and more. JFrog’s security research team (formerly Vdoo), together with Forescout Research Labs, recently discovered 14 new security vulnerabilities affecting the NicheStack TCP/IP stack.

There are multiple advantages of outsourced networking monitoring. No matter your organization’s size, it’s vitally important to protect the data that can be accessed inside and outside of the perimeter.

Vulnerability scan reports are requested from a wide variety of people or entities for many different reasons. Historically a report meant a static snapshot of the scan data. Some company stakeholders may want an executive overview of the current vulnerabilities present in their environment. In contrast, others may want additional data points such as trending to reflect how well they have made progress in remediating previous vulnerability scans detected.

I previously talked about how to get started with a threat intelligence program, which is the cornerstone to any security operation. Such a program enables security teams to gain a deeper understanding of adversaries and their tactics, techniques and procedures (TTPs), in order to determine what is relevant to the organization and how to mitigate risk.

Since our last update in January, there has been an unprecedented amount of activity in the data privacy world. And yes, we probably do say that every time! New laws have passed in Virginia and Colorado. The UK’s post-Brexit EU adequacy was confirmed. Plus of course, the EU’s significant changes to Standard Contractual Clauses and the reawakening of the debates over Identity Verification, especially in the context of social media.