Expert analysis
ChatGPTriage: How can CISOs see and control employees’ AI use?
It’s been less than 18 months since the public introduction of ChatGPT, which gained 100 million users in less than two months. Given the hype, you would expect enterprise …
Risk related to non-human identities: Believe the hype, reject the FUD
The hype surrounding unmanaged and exposed non-human identities (NHIs), or machine-to-machine credentials – such as service accounts, system accounts, certificates and …
How to design a third-party risk management framework
Most organizations focus on securing routers, servers, firewalls, and other endpoints, but threats can also arise from unfamiliar sources such as third-party networks, which …
How AI helps decode cybercriminal strategies
With terms like “AI washing” making their way into mainstream business consciousness, the hype surrounding AI is making it harder to differentiate between the true …
Diversifying cyber teams to tackle complex threats
Technologies such as GenAI, ML and IoT are giving threat actors new tools that make it easier to target consumers and organizations. From Savvy Seahorse which lures victims …
Microsoft’s cybersecurity dilemma: An open letter to Satya Nadella
Microsoft is suffering cybersecurity failures due to systemic problems with strategic leadership. The world is witnessing an alarming trend of cybersecurity issues with …
July 2024 Patch Tuesday forecast: The end of an AV giant in the US
July 2024 Patch Tuesday is now live: Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112) The US celebrated Independence Day last week, …
The impossibility of “getting ahead” in cyber defense
As a security professional, it can be tempting to believe that with sufficient resources we can achieve of state of parity, or even relative dominance, over cyber attackers. …
Preparing for Q-Day as NIST nears approval of PQC standards
Q-Day—the day when a cryptographically relevant quantum computer can break most forms of modern encryption—is fast approaching, leaving the complex systems our societies rely …
Why are threat actors faking data breaches?
Earlier this year Europcar discovered a hacker selling info on its 50 million customers on the dark web. The European car rental company immediately launched an investigation, …
How to create your cybersecurity “Google Maps”: A step-by-step guide for security teams
Cybersecurity isn’t just about firewalls and antivirus. It’s about understanding how your defenses, people, and processes work together. Just like Google Maps …
Low code, high stakes: Addressing SQL injection
Like a bad movie that seems to go on forever, SQL injection (SQLi) attacks have lingered since the late 1990s. Due to various factors, they remain the third most common source …