Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyber insurance is a necessity in today’s cybersecurity landscape, especially in the wake of widespread ransomware attacks on commercial businesses of all sizes. A cyber insurance policy enables companies to transfer the cost of recovering from cyber incidents. In the event of a data breach, your cyber insurance policy can cover the costs of damages to others, profits lost if your network goes down, and the cost of negotiating ransomware.

The trends shaping the industry, and the challenges impacting implementation Meeting compliance requirements is essential to building a successful and trustworthy security program. However, it’s an area of cybersecurity too often overlooked, as it’s hardly the most glamorous field in the industry.

Cybercrime is lucrative. This world of hackers, malware, and brokers is now a trillion-dollar industry, the number one threat to the global economy, and is showing zero signs of slowing down. Fueled by the digital revolution, the global shift to a hybrid work model, and the rapid adoption of the cloud, more avenues have opened for threat actors to exploit. And their attack methods continue to evolve, with new innovations staying a step ahead of a cybersecurity industry determined to stop them.

With December 9 just weeks away, auto dealerships need to prepare for changes in the FTC Safeguards rule and understand how they’re going to move forward in compliance with the new rule. With roots in the Gramm-Leach-Bliley Act (GLBA), the Safeguards Rule expands the definition of “financial institution” to include a broader swath of industries that provide financial services to customers.

Consolidation is not a new word when it comes to security vendors. As companies grow, needs change, and new technologies develop, different vendors merging has become a common sight. Gartner has been tracking these consolidation trends, and what those trends highlight is two things.

On Tuesday, November 8, 2022, VMware disclosed three critical-severity vulnerabilities impacting VMware Workspace ONE Assist Server versions 21.x and 22.x. If successfully exploited, the reported vulnerabilities could lead to a threat actor obtaining administrative access to the application without the need to authenticate.

On November 8, 2022, Microsoft published their November 2022 Security Update and patched six actively exploited vulnerabilities. The vulnerabilities impact Windows and Exchange Server.

On November 8th, 2022, Citrix disclosed a critical authentication bypass (CVE-2022-27510), a remote desktop takeover (CVE-2022-27513), and a user login brute force protection functionality bypass (CVE-2022-27516) vulnerability affecting several versions of Citrix ADC and Citrix Gateway. This bulletin only applies to customer-managed Citrix ADC and Citrix Gateway appliances as Citrix-managed cloud services are not affected. A threat actor could leverage these vulnerabilities in specific circumstances.

Cloud adoption is vastly increasing. Right now, 9o% of businesses are using or plan to use a multi-cloud environment. While the cloud, which refers to internet-accessed servers that are not directly managed by the business, can help organizations scale in a cost-effective manner, they also create new cybersecurity risks.