CISA Releases Cyber Defense Alignment Plan for Federal Agencies

September 19, 2024 at 11:06AM CISA released the FOCAL plan to align federal agencies against cyberthreats. It aims to standardize operational cybersecurity practices across agencies and identify collective cybersecurity goals. The plan outlines five priority areas and presents alignment goals to improve operational cybersecurity and resilience for the Federal Civilian Executive Branch (FCEB). Based on … Read more

Compliance and Risk Management Startup Datricks Raises $15 Million

September 11, 2024 at 11:24AM Datricks, a compliance and risk management startup, has secured $15 million in Series A funding led by Team8’s venture capital arm, with additional investments from SAP and Jerusalem Venture Partners. The Tel Aviv-based startup, founded in 2019, offers an AI-based platform for financial risk detection, which has already prevented significant … Read more

Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free

September 9, 2024 at 06:45AM Wing Security’s SaaS Pulse offers organizations free continuous oversight into SaaS security, addressing evolving risks through real-time insights, threat intelligence, and risk prioritization. The tool aims to prevent unnoticed vulnerabilities by providing ongoing monitoring and actionable data, thereby avoiding expensive breaches and data leaks. Learn more at https://wing.security/. From the … Read more

Check Point, Cisco Boost AI Investments with Latest Deals

August 30, 2024 at 07:39AM Cybersecurity giants Check Point Software and Cisco are continuing their investments in AI, with recent acquisitions of startups Cyberint and Robust Intelligence. Both companies aim to strengthen their AI capabilities for threat detection and risk management. Check Point seeks to expand its security operations center with Cyberint’s expertise, while Cisco … Read more

Dick’s Sporting Goods Discloses Cyberattack

August 29, 2024 at 09:48AM Retail chain Dick’s Sporting Goods disclosed a cyberattack leading to unauthorized access of confidential information. The breach was discovered on August 21, prompting activation of their response plan and engagement with security experts. The company stated no disruption to business operations. They did not disclose details on the attackers, compromised … Read more

Why LLMs Are Just the Tip of the AI Security Iceberg

August 28, 2024 at 10:03AM The rise of generative AI and large language models bring real security risks, from exposing data to malicious attacks. The rapid adoption of AI introduces new risks, but the opaque nature of AI models makes identifying and managing these risks challenging. Implementing an AI security framework and following key strategies … Read more

Why End of Life for Applications Is the Beginning of Life for Hackers

August 22, 2024 at 10:04AM The text discusses the importance of tracking end-of-life and end-of-support dates for software assets to mitigate security risks. It emphasizes the challenges of migrating applications and the need for early planning to justify costs and demonstrate business value. The commentary also highlights the need to address internal politics and stakeholders … Read more

The Hidden Security Gaps in Your SaaS Apps: Are You Doing Due Diligence?

August 16, 2024 at 07:40AM SaaS applications offer convenience and efficiency but come with security risks, making due diligence essential. AppOmni offers the Due Diligence Questionnaire (DDQ) and SaaS Event Maturity Matrix (EMM) to simplify the process and enhance security measures. These resources facilitate identifying and addressing security gaps, streamlining the due diligence process and … Read more

A Lesson From the CrowdStrike Incident

August 12, 2024 at 10:04AM The recent outage at CrowdStrike underscores the vulnerability of even leading cybersecurity companies to breaches due to faltering process adherence. It revealed the necessity of comprehensive visibility, automated compliance checks, real-time auditing, and proactive risk management to maintain security and reliability. Adhering to established processes and governance frameworks is vital … Read more

How MSPs and MSSPs offer vCISO services with skilled CISOs in short supply

August 7, 2024 at 11:35AM Cynomi’s eBook “What does it take to be a full-fledged Virtual CISO?” details how service providers can expand vCISO services economically. The role of Chief Information Security Officer (CISO) is crucial in the current cyber threat landscape, but there’s a shortage of skilled CISOs, leading to the increased demand for … Read more