Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

When pursuing success in business or other endeavors, two key concepts play a crucial role: process and practice. While some argue that process and practice are interchangeable, in reality, they're vastly different. But how do we use process and practice to become more efficient and successful? Is one of them more crucial than the other? Can you do one without the other? To answer these questions, we’ll dive deeper into process and practice and how to apply both.

There is no downside for an organization to have a security awareness program in place. It may not be 100% effective in stopping workers from making an error and causing a cyber incident, but like any preventative endeavor such a program can reduce the possibility of a disastrous cyber incident from occurring. An organization’s staff is on the front line when it comes to defending their place of work. Kind of a human firewall, if you will.

In my previous blog on Kubernetes security foundations, we discussed the growing adoption of cloud-native applications and the security challenges they present. We highlighted the limitations of traditional network firewalls in securing these applications and emphasized the importance of implementing cloud-native security policies to protect network traffic effectively.

In the ever-evolving landscape of digital threats and cybersecurity challenges, organizations face a significant burden known as security debt. Just like financial debt, security debt accrues when organizations compromise security measures in favor of convenience, speed, or cost-cutting measures. Over time, this accumulated debt can pose serious risks to the organization's data, reputation, and overall stability.

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The terms computer security, information security and cybersecurity were practically non-existent in the 1980s, but believe it or not, firewalls have existed in some form since that time.

This week in London, SecurityScorecard hosted a roundtable discussion on cyber risk in the insurance supply chain. Keynote speaker Santosh Pandit, head of Cybersecurity at the Bank of England, shared his insights with 20 London-based insurers on managing cyber risk in the financial sector and the latest regulatory initiatives that may impact the insurance industry.

New disclosures regarding the widespread exploitation of CVE-2023-34362, a new vulnerability affecting the MOVEit file transfer software, and the Cl0p ransomware group’s claim of responsibility for its widespread exploitation and the resulting data theft, have continued in the weeks since the vulnerability’s original publication.

The past few years have witnessed a rapid surge in the use of SaaS applications across various industries. But with this growth comes a significant challenge: managing security and assessing risk in application connectivity.

The financial outlook for the rest of 2023 and 2024 is far from cheery, and economic uncertainty is affecting everyone and everything, including the cybersecurity sector. Security budget cuts or freezes are the course many organizations are tempted to take in this financially precarious situation. Conservative spending is a natural response to the present economic downturn and a possible recession knocking on our doors, implying fewer clients, lower profits, and higher costs.

Modern applications are hugely dependent on open-source software. 80 percent of most organizations’ apps and code base is now open source, in some cases more. While this is great for swift development and innovation, it increases the possibility of vulnerabilities arising that bad actors can exploit, and it expands the potential attack surface.