Insight

It’s unfortunate, but true: SaaS attacks continue to increase. You can’t get around it, COVID-19 accelerated the already exploding SaaS market and caused industries not planning on making a switch to embrace SaaS. With SaaS apps becoming the default system of record for organizations, it has left many struggling to secure their company’s SaaS estate. CISOs and security professionals work to limit this burgeoning threat landscape, however, it’s a work in progress.   One slight misconfiguration...

There is often confusion between Cloud Access Security Brokers (CASB) and SaaS Security Posture Management (SSPM) solutions, as both are designed to address security issues within SaaS applications. CASBs protect sensitive data by implementing multiple security policy enforcements to safeguard critical data. For identifying and classifying sensitive information, like Personally Identifiable Information (PII), Intellectual Property (IP), and business records, CASBs definitely help. However, as the number of SaaS apps increase, the amount of misconfigurations and...

This week, smart vulnerability management provider Edgescan has published the findings of its 2022 Vulnerability Statistics Report, which for the 7th year running offers a comprehensive view of the state of vulnerability management globally. The report reveals that organizations are still taking nearly two months to remediate critical risk vulnerabilities, with the average mean time to remediate (MTTR) across the full stack set at 60 days. High rates of “known” (i.e. patchable) vulnerabilities which have...

Many organisations have been considering a network transformation initiative to support the adoption of SaaS, cloud-based applications, and an increasingly remote workforce. Given the connectivity needs of a remote workforce - and knowing a hybrid workforce is here to stay - many IT teams have had to make sudden changes in the way workers connect to corporate systems that could introduce new cyber risks and vulnerabilities.   When developing a security strategy for supporting a hybrid...

Marak Squires is the maintainer of the ‘colors’ and ‘faker’ libraries. The two projects accumulate ~23 million weekly downloads and support ~23,000 projects. In January of 2022, he intentionally introduced an infinite loop that bricked every project relying on either one of these libraries. Consequently, GitHub suspended the developer’s account. The justification provided by the developer is one of retaliation to “Fortune 500s (and other smaller sized companies)” who extensively rely on cost-free and community-driven...

All businesses carry an inherent risk. Entrepreneurs expose themselves to different types of risks that may affect their business. For example, a natural calamity, fire, or lawsuit can severely impact the establishment. It can decimate the business model and cause the entrepreneur many problems and create a loss of reputation. This is one of the many reasons why businesses must carry tailored small business insurance. This is an insurance policy that business owners can customize based...

The COVID-19 pandemic is likely to go down in history as one of the defining moments of our lifetime. From a business perspective, it transformed business models, changed customer expectations, and disrupted the networks that run businesses. These changes are long lasting and accelerated the digital transformation journey, a journey that is now driven by cybersecurity impacts and needs.   It’s no secret that the shift to remote working at the start of the pandemic...

With work still to be done to boost diversity and inclusion in cyber security, KPMG UK’s Katie Diacon unpacks where some of the challenges exist, and what could make a difference. Cyber security is one of the most innovative and dynamic sectors to work in, and it is increasingly vital to the operational resilience of organisations. Katie Diacon, Director, TMT Cyber Security, KPMG in the UK, says success in the sector requires “a great combination...

Most careers might take an unexpected turn from time to time but very few people see the path of their entire professional existence re-wired, without warning, in a single morning.   One who did is Tracy Reinhold, now the chief security officer at critical event management company Everbridge, which has been described as the most successful security company nobody has heard of.   The morning was September 11, 2001, probably the first time in world history when a billion human beings alive at the time will be able to say without hesitation what they were doing on a single day. Most of us remember very little but this was an unwanted reminder that there are a few things about...

What keeps OT security specialists up at night? It’s mostly problems from the IT world, says Andy Norton, European Cyber Risk Officer at Armis.   Operational technology (OT) used to be the specialist networks nobody in IT bothered with, or perhaps thought they didn’t need to. For a while, that seemed reasonable; OT networks were usually isolated from IT operations, sat behind air gaps, and ran on obscure operating systems.   Then organisations across every...