Expert analysis

How to make Infrastructure as Code secure by default

How to make Infrastructure as Code secure by default 2024-09-13 at 07:46 By Help Net Security Infrastructure as Code (IaC) has become a widely adopted practice in modern DevOps, automating the management and provisioning of technology infrastructure through machine-readable definition files. What can we to do make IaC secure by default? Security workflows for IaC […]

React to this headline:

Loading spinner

How to make Infrastructure as Code secure by default Read More »

Cybersecurity is a fundamental component of patient care and safety

Cybersecurity is a fundamental component of patient care and safety 2024-09-11 at 08:01 By Help Net Security Healthcare institutions are custodians of vast repositories of sensitive patient data, encompassing comprehensive health histories, insurance profiles, and billing data. The ramifications of a data breach often extend far beyond the immediate task of patching the vulnerabilities and

React to this headline:

Loading spinner

Cybersecurity is a fundamental component of patient care and safety Read More »

Tech stack uniformity has become a systemic vulnerability

Tech stack uniformity has become a systemic vulnerability 2024-09-10 at 07:31 By Help Net Security Crashes due to faulty updates are nothing new; in fact, one reason IT teams often delay updates is their unreliability and tendency to disrupt the organization’s day-to-day operations. Zero-days are also an old phenomenon. In the past, due to a

React to this headline:

Loading spinner

Tech stack uniformity has become a systemic vulnerability Read More »

AI cybersecurity needs to be as multi-layered as the system it’s protecting

AI cybersecurity needs to be as multi-layered as the system it’s protecting 2024-09-09 at 08:01 By Help Net Security Cybercriminals are beginning to take advantage of the new malicious options that large language models (LLMs) offer them. LLMs make it possible to upload documents with hidden instructions that are executed by connected system components. This

React to this headline:

Loading spinner

AI cybersecurity needs to be as multi-layered as the system it’s protecting Read More »

September 2024 Patch Tuesday forecast: Downgrade is the new exploit

September 2024 Patch Tuesday forecast: Downgrade is the new exploit 2024-09-06 at 08:16 By Help Net Security I asked for a calm August 2024 Patch Tuesday in last month’s forecast article and that came to pass. The updates released were limited to the regular operating systems and all forms of Office applications. Six zero-day vulnerabilities

React to this headline:

Loading spinner

September 2024 Patch Tuesday forecast: Downgrade is the new exploit Read More »

Human firewalls are essential to keeping SaaS environments safe

Human firewalls are essential to keeping SaaS environments safe 2024-09-06 at 08:01 By Help Net Security Businesses run on SaaS solutions: nearly every business function relies on multiple cloud-based tech platforms and collaborative work tools like Slack, Google Workspace apps, Jira, Zendesk and others. We recently surveyed security leaders and CISOs on top data security

React to this headline:

Loading spinner

Human firewalls are essential to keeping SaaS environments safe Read More »

How to gamify cybersecurity preparedness

How to gamify cybersecurity preparedness 2024-09-05 at 07:01 By Help Net Security Organizations’ preparedness and resilience against threats isn’t keeping pace with cybercriminals’ advancements. Some CEOs still believe that cybersecurity requires episodic intervention rather than ongoing attention. That isn’t the reality for many companies; cyber threat preparedness requires a concerted training effort, so cybersecurity teams

React to this headline:

Loading spinner

How to gamify cybersecurity preparedness Read More »

Managing low-code/no-code security risks

Managing low-code/no-code security risks 2024-09-03 at 07:31 By Help Net Security Continuous threat exposure management (CTEM) – a concept introduced by Gartner – monitors cybersecurity threats continuously rather than intermittently. This five-stage framework (scoping, discovery, prioritization, validation, and mobilization) allows organizations to constantly assess and manage their security posture, reduce exposure to threats, and integrate

React to this headline:

Loading spinner

Managing low-code/no-code security risks Read More »

Complying with PCI DSS requirements by 2025

Complying with PCI DSS requirements by 2025 2024-09-02 at 12:31 By Help Net Security Version 4.0.1 of the Payment Card Industry Data Security Standard (PCI DSS), which came into effect back in April, incorporates a few important changes to make it fit for the modern digital world, addressing how technologies, the threat landscape and payment

React to this headline:

Loading spinner

Complying with PCI DSS requirements by 2025 Read More »

The NIS2 Directive: How far does it reach?

The NIS2 Directive: How far does it reach? 2024-08-29 at 07:31 By Help Net Security The NIS2 Directive is one of the most recent efforts of the EU legislator to boost cybersecurity across the bloc and to keep up with the challenges of an increasingly digitalized society and growing cyber threats. As the name implies,

React to this headline:

Loading spinner

The NIS2 Directive: How far does it reach? Read More »

How to prioritize data privacy in core customer-facing systems

How to prioritize data privacy in core customer-facing systems 2024-08-27 at 07:45 By Help Net Security Evolving global data privacy regulations are keeping marketers on their toes. In April 2024, the American Privacy Rights Act (APRA) was introduced in the Senate. The proposed bill would create a federal consumer privacy framework akin to the GDPR,

React to this headline:

Loading spinner

How to prioritize data privacy in core customer-facing systems Read More »

Two strategies to protect your business from the next large-scale tech failure

Two strategies to protect your business from the next large-scale tech failure 2024-08-26 at 06:47 By Help Net Security The CrowdStrike event in July clearly demonstrated the risks of allowing a software vendor deep access to network infrastructure. It also raised concerns about the concentration of digital services in the hands of a few companies.

React to this headline:

Loading spinner

Two strategies to protect your business from the next large-scale tech failure Read More »

Vulnerability prioritization is only the beginning

Vulnerability prioritization is only the beginning 2024-08-23 at 07:30 By Help Net Security To date, most technology solutions focused on vulnerability management have focused on the prioritization of risks. That usually took the shape of some risk-ranking structure displayed in a table with links out to the CVEs and other advisory or threat intelligence information.

React to this headline:

Loading spinner

Vulnerability prioritization is only the beginning Read More »

A survival guide for data privacy in the age of federal inaction

A survival guide for data privacy in the age of federal inaction 2024-08-22 at 07:31 By Help Net Security Things change fast in the world of data privacy. Just earlier this year, the question I was being asked most frequently was, “How similar will the proposed federal privacy law (APRA) be to the EU’s GDPR?”

React to this headline:

Loading spinner

A survival guide for data privacy in the age of federal inaction Read More »

Strategies for security leaders: Building a positive cybersecurity culture

Strategies for security leaders: Building a positive cybersecurity culture 2024-08-20 at 07:32 By Help Net Security Culture is a catalyst for security success. It can significantly reduce cybersecurity risks and boost cybersecurity resilience of any organization. Culture can also greatly enhance the perceived value, relevance and reputation of the cybersecurity function. So how can security

React to this headline:

Loading spinner

Strategies for security leaders: Building a positive cybersecurity culture Read More »

To improve your cybersecurity posture, focus on the data

To improve your cybersecurity posture, focus on the data 2024-08-19 at 07:31 By Help Net Security Effectively converging, managing and using enterprise data is a huge undertaking. Enterprises have vast hoards of data, but those hoards exist within siloed systems and applications, and it requires a lot of manual effort by highly skilled data scientists,

React to this headline:

Loading spinner

To improve your cybersecurity posture, focus on the data Read More »

Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32

Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32 2024-08-16 at 12:46 By Help Net Security I recently spent six days in Las Vegas attending DEF CON, BsidesLV, and Black Hat USA 2024, where I had the opportunity to engage with and learn from some of the top security experts in the world.

React to this headline:

Loading spinner

Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32 Read More »

Delta vs. CrowdStrike: The duties vendors owe to customers – or do they?

Delta vs. CrowdStrike: The duties vendors owe to customers – or do they? 2024-08-14 at 08:01 By Help Net Security In a potentially groundbreaking dispute, Delta Air Lines is threatening to sue CrowdStrike, a leading cybersecurity firm, for alleged negligence and breach of contract. This case brings to the forefront critical questions about the duties

React to this headline:

Loading spinner

Delta vs. CrowdStrike: The duties vendors owe to customers – or do they? Read More »

Browser backdoors: Securing the new frontline of shadow IT

Browser backdoors: Securing the new frontline of shadow IT 2024-08-13 at 07:31 By Help Net Security Browser extensions are a prime target for cybercriminals. And this isn’t just a consumer problem – it’s a new frontier in enterprises’ battle against shadow IT. Ultimately, more extension permissions result in potentially bigger attack surfaces. Research shows that

React to this headline:

Loading spinner

Browser backdoors: Securing the new frontline of shadow IT Read More »

August 2024 Patch Tuesday forecast: Looking for a calm August release

August 2024 Patch Tuesday forecast: Looking for a calm August release 2024-08-09 at 13:01 By Help Net Security July ended up being more ‘exciting’ than many of us wanted; we’re supposed to be in the height of summer vacation season. First, we had a large set of updates on Patch Tuesday, then we had to

React to this headline:

Loading spinner

August 2024 Patch Tuesday forecast: Looking for a calm August release Read More »

Scroll to Top