Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The SolarWinds supply chain attack in 2020 reminded the world how a single weakness in trusted software can have global consequences. That incident reshaped how organizations view software integrity and the importance of securing every stage of the development pipeline.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! An amazing fraud bust and outcome.

When it comes to cyber insurance for SMEs, many small and medium-sized enterprises believe that cyber insurance feels like an optional extra, not a necessity, something to worry about later. This risk-taking attitude is often driven by various common misconceptions: The opposite is often true. Smaller businesses are frequently seen as easier targets due to limited budgets, lean security teams, and less mature cyber defences.

While external cyberattacks often make the headlines, internal security risks (aka insider risks) present a significant danger that is sometimes underestimated. These risks can arise from disgruntled employees, negligent insiders, or malicious actors with privileged access. The repercussions of such breaches can be severe, resulting in data loss, financial harm, legal fines, and harm to reputation.

Not investing in a Security Incident and Event Management (SIEM) solution means you’re missing out on significant business benefits. A SIEM platform provides real-time detection and response to security incidents, helping you reduce the risk of costly compliance violations. Combine that with SIEM use cases such as consolidating and streamlining reporting, and your security team saves time and operational costs.

In Part 1 of the cloud app control series, we explored how SinaraTech, a mid-sized ecommerce company, implemented access control to help reduce shadow cloud app usage by blocking risky or redundant sites. But the story isn't over yet. The SOC team had more nuanced challenges to be addressed. Let's continue down the road to find answers to those challenges.

Modern businesses are more reliant on mobile devices than ever before. Employees need smartphones and tablets for communication, productivity, and even security authentication. As remote and hybrid work setups become more common, mobile technology is necessary for keeping workers connected to their organizations. At the same time, these devices expose a weak link in the cybersecurity chain: the human layer.

Security teams are facing a daunting challenge: today’s cyberattacks are slower, quieter, and more difficult to spot than ever before. Adversaries, from nation-state actors to malicious insiders, have mastered the art of flying under the radar. They stretch their activities over days, weeks, or even months, using legitimate credentials and tools to disguise their actions as normal business operations. The uncomfortable truth is that most SIEM and XDR platforms are stateless.