Companies with cloud-first strategies are growing in number as the benefits of cloud have become more apparent and appetizing in the fallout of the COVID-19 pandemic. However, simply having a cloud-first strategy doesn’t guarantee success in the cloud, cost savings and increased agility. Similarly, security remains a pervasive threat if a process for mitigation is not built into the very foundation of your cloud strategy.
There are numerous solutions organizations can implement to mitigate risks associated with employee use of corporate connected devices in the execution of personal business. In this article, we will delve a bit deeper to explain the pros and cons of implementing a few of the more common solutions. It is important to note, that regardless of the solution, an effective awareness and training program for employees is the number one most effective safeguard for your organization.
As pharmaceutical companies and healthcare organizations turn their attention from the development to the deployment of coronavirus vaccines, well-resourced cybercriminals are hotly following suit. The vaccine supply chain is rife with logistical complexities making the enormously valuable data on the various vaccines deeply attractive to threat actors. In fact, cybercriminals are already attempting to steal vaccine formulas and disrupt operations.
Audio-based social app Clubhouse has allegedly suffered a data breach, as a third-party developer designed an open-source app that allowed Android smartphone users to access the invite-only, iPhone-only service. The app, which launched in March 2020, has quickly gained popularity, raising $100 million in funding in January.
Digital Shadows highlighted the growing role of Initial Access Brokers within the criminal ecosystem within its Initial Access Brokers Report. Rather than infiltrating an organization deeply, this type of threat actor operates as a ‘middleman’ by breaching as many companies as possible and goes on to sell access to the highest bidder – often to ransomware groups.
Reddit has named Allison Miller as Chief Information Security Officer (CISO) and VP of Trust. An industry expert and innovator, Miller will oversee the Safety and Security teams at Reddit where she’ll be responsible for expanding trust & safety operations and data security, as well as evolving programs to mitigate security challenges and risks. Miller will also redesign Reddit’s trust frameworks and transparency efforts to enable further growth across the platform.
Sequoia Capital, one of the largest and most successful venture capital firms in the world, has told its investors that some of their personal and financial information may have been accessed by a third party, after a Sequoia employee's email was successfully phished, according to an Axios report.
Positive Technologies expert Egor Dimitrenko discovered a high-severity vulnerability in the VMware vSphere Replication data replication tool. This solution allows organizations to create backups of virtual machines and run them if the main virtual machine reports a failure. The bug could have allowed attackers with access to the VMware vSphere Replication administration web interface to execute arbitrary code on the server with maximum privileges and start lateral movement on the network to seize control of the corporate infrastructure.
International SOS recently released its Risk Outlook report, unveiling the top security risks for the international workforce in 2021. Here, we talk to Jeremy Prout, Director of Security at International SOS, to discuss how to protect the workforce against the top risks found within the report.
Nuspire announced the release of its 2020 Q4 and Year in Review Threat Landscape Report. Sourced from its 90 billion traffic logs, the report outlines new cybercriminal activity and tactics, techniques and procedures (TTPs) with additional insight from its threat intelligence partner, Recorded Future.