AppSecCon 2022: The World's Biggest AppSec Conference By Security Leaders for Security Leaders (May 18-19)
IT - Security

Data loss happens when a company loses access to clusters of information for specific reasons. Data can be destroyed, deleted, corrupted, or rendered useless with intent or by accident during this event.

Data loss can also occur in physical storage setups or the cloud. It's an incident that takes place when data is in transit or processed by a network.

It makes sense to safeguard the information that can keep your company running, even after losing some data. After all, data is invaluable. Having data loss prevention protocols in place is imperative Still, you can salvage your daily operations by knowing how to prevent data loss.

It doesn't have to be challenging, especially since there are so many helpful tools. Below, we discuss a few ways to prevent data loss and some key data breach prevention tools.

Productive CISO-vendor partnerships are to key to overall security success. Here's how to establish and maintain effective relationships with security vendors.

Effective partnerships between CISOs and their cybersecurity vendors are integral to security success. A well-oiled relationship built on trust, communication and mutual understanding can reap significant benefits for a business's cybersecurity posture. Conversely, one that is problematic and incohesive can have the opposite effect, negatively impacting a company's security practices and leaving them vulnerable to risks and wasted investment.

Software-as-a-Service (SaaS) has experienced significant growth in the last few years. The increased demand for communication and collaboration tools due to remote working has accelerated SaaS adoption even further.

Globally, SaaS revenue is witnessing a 20% growth every year and is projected to reach $300 billion by 2024. SaaS is especially popular among organizations looking for easily accessible, flexible, hassle-free and cost-effective business solutions.

The SaaS Backup and Recovery Report 2022 from Spanning provides new insights into the SaaS universe, the current state of SaaS data protection and what you should know to enhance your data protection strategy. This report also explores the top IT priorities for businesses in 2022, what organizations look for in an IT vendor, the biggest risks businesses face today and why SaaS data backup is crucial for mid-market enterprises (MMEs).

6 Best Data Loss Prevention Strategies
Security Boulevard, May 2nd, 2022
Data loss has a worldwide cost of $3.92 million. Any organization lacking the diligence to protect its data is at risk of losing it to cyberattackers

Data loss is more than a mere inconvenience; it's an event that can make or break your company's future. The only meaningful way to fight such an event is with a robust data loss prevention strategy.

There are many data loss prevention methods, but they have the same goal: To counter and reduce the risks of losing your company data.

DLP technology is available in two categories: Enterprise DLPs for desktops and servers in a company, and integrated DLPs, which are used to keep secure web gateways, email encryption, and other tools.

Below, we discuss data loss prevention implementation strategies. Keeping your data safe is intrinsically linked to your system's security.

Security operations (SecOps) teams continue to be under a constant deluge of new attacks and malware variants.

In fact, according to recent research, there were over 170 million new malware variants in 2021 alone. As a result, the burden on CISOs and their teams to identify and stop these new threats has never been higher. But in doing so, they're faced with a variety of challenges: skills shortages, manual data correlation, chasing false positives, lengthy investigations, and more. In this article, I'd like to explore some of the threat detection program challenges CISOs are facing and provide some tips on how they can improve their security operations.

Phishing is a growing risk and concern for businesses today. There are 383,278 spam, phishing and malware attacks on the BBC every day, according to recent data from think-tank Parliament Street.

That is up by 35% compared to 2020 data. Phishing attacks are a serious threat that can lead to ransomware infection. 59% of organisations that fall victim to a phishing attack are infected with ransomware as a result. As these threats escalate, what, if anything, can organisations do to protect themselves?

Phishing is the number one attack vector for bad actors

Phishing is a social engineering attack. It attempts to steal user data such as login credentials and credit card numbers. Such schemes are becoming increasingly sophisticated. They can easily trick people into assuming it is a normal email or text from a trusted person or reputable business, such as their colleague or bank.

A Guide to EDR, NDR, XDR, and SIEM
Security Boulevard, May 2nd, 2022
As the ever-increasing list of cybersecurity acronyms and vernacular grows, what cybersecurity tools are truly best for your team and meet your organization's needs?

To make sense of it all, let's dive into security technologies used in the market today and the differences between endpoint detection and response (EDR), network detection and response (NDR), extended detection and response (XDR), and security information and event management (SIEM).

In addition to this blog, a webinar featuring LogRhythm's Deputy CISO Andrew Hollister and VP of Field Engineering Jonathan Zulberg covers this topic in depth. You can watch the presentation or read this e-Book, 'Alphabet Soup: Making Sense of EDR, NDR, XDR, and SIEM,' for a detailed transcript of their insightful discussion.

Last year saw the highest average cost of a data breach in 17 years, with the cost rising from $3.86 million to $4.24 million on an annual basis, according to the IBM Cost of a Data Breach Report.

Clearly, organizations must have the correct people and processes in place to prepare for unrelenting cyber attackers.

As CIOs, CISOs, CTOs, and IT managers think about boosting cybersecurity strategies, they should consider what happened in the year prior and what might potentially get worse. Below are some of the cybersecurity threats that remain stubbornly consistent - and must be guarded against at all times.

Why You Should Use A Password Manager
Security Boulevard, May 4th, 2022
With World Password Day upon us, let's consider password managers.

Nowadays, individuals and organizations use different online apps and social media platforms that require them to submit login credentials. Creating a unique, long, and complex password can be tricky and difficult to remember.

That's why the majority of people end up using weak and easy-to-remember passwords or they create and memorize a strong password, and then reuse it across multiple sites.

However, hackers are always on the prowl so following a secure practice when creating passwords is vital. A strong password should contain between 8 and 12 characters, consist of numbers, uppercase and lowercase letters, and special symbols. Always avoid using your nickname, pet name, date of birth, street name, or any publicly available information. You can also use an acronym for easy-to-remember phrases.

You've probably taken notice that how you authenticate your personal accounts is slowly starting to evolve. Phones can now be unlocked via facial recognition, and many devices and apps can verify your identity through fingerprinting technology.

Biometric identification may be the way of the future, but don't be mistaken, passwords remain most practical in the present. Unfortunately, cybercriminals continue to compromise passwords to gain unauthorized access and to steal personal data that can be used to commit identity theft, online fraud, and cyberattack.

According to Verizon's Data Breach Investigation's Report, 61% of all cyberattacks can be 'attributed to leveraged credentials,' and a study from Avast found that 90% of passwords are vulnerable to cyberattacks.

With 15 billion usernames and passwords currently available on the dark web, it's imperative that both password security and proper password hygiene are a top priority in your personal digital life.

The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets.

Security teams need to understand these attack pathways better in order to fight back

Maintaining digital risk management in today's connected world requires updating security processes and procedures to identify the levels of risk that the more traditional approaches fail to identify. This means understanding your applications and the interconnection between technologies across your supply chain/alliances and/or partners. You also need to understand the data processes.

That means data flow mapping - 'knowing' your data; 'who' has got access to 'what'; 'how' do they access it and 'how often'; and the physical locations that could be under different local regulation and legislation. This should be accompanied by work to build mature commercial obligations between you and your suppliers to achieve the levels of risk mitigation you require.

Still using 'MrFluff' as your password? Maybe mixed with a little Leet-speak - say, 'MrFl0ff' - to confound all those hackers who want to vacuum out your 401K plan?

Still using 'MrFluff' as your password? Maybe mixed with a little Leet-speak - say, 'MrFl0ff' - to confound all those hackers who want to vacuum out your 401K plan?

Well, today is the first Thursday in May, and that means it's World Password Day. Time to celebrate! You can do that by retiring 'MrFl0ff' and replacing him with a longer, stronger password than a pet's name (consistently a subset of the most hacked passwords worldwide, studies have found). Contrast Security experts also suggest turning on multi-factor authentication (MFA) for important accounts, which would give MrFluff a new, far harder to crack name - like, say, *6fjI5%4&crkN.'

We asked Contrasters for more tips on what developers and enterprises should know about password policies: Read on!

Had you told me 30 years ago the first web browser would be the ancestor of most software interfaces, I'd have been skeptical.

Of course, that was before most of us had an inkling of what the web would become. Even with that hindsight, it's staggering how web browsers have become our primary windows into the digital world. Were it not for mobile apps, that domination would be nearly absolute. And many apps use the same scripting languages that create modern websites.

The rise of the cloud and services era cemented the browser's ubiquity. It doesn't matter what backend software or operating systems you deploy. At the front, users can fire up any modern browser and interact with those systems. Rather than installing bespoke client software on every device, you simply point users to a URL.

The New Cybersecurity Mandate
CSO Online, May 5th, 2022
Parsing the White House's cybersecurity directives.

The increasing importance of cybersecurity was underlined in President Biden's of May 12, 2021. This focus has been reiterated, and even more emphatically described in the context of the Russian invasion of Ukraine.

A surprising conclusion from these governmental missives is that in the high-tech world of cybersecurity, the core challenge is not advanced cryptological methods nor quantum computing, but simply implementing known best practices in the real world.

I'll bet you never thought you'd see a president issue an executive order describing how to handle logging, but that day has come. Let's take a look at what the highest levels of government are calling for in cybersecurity.

See all Archived IT - Security articles See all articles from this issue