Security News > 2021 > September

The webinar breaks down how even large enterprises struggle with time to response. Look at any of the major breaches of the past years and you'll find large security teams that overlooked red flags or mishandled their incident response.

You need to analyze many potential entry points, attack paths, and data exfiltration tactics to reveal the scope of what took place-all while the culprits are potentially taking steps to cover their tracks. The attacker might then use stolen user credentials to move laterally throughout the network, finally launching a DCShadow attack that uses replication permissions to imitate a domain controller and make changes to Active Directory.

Indonesia's Ministry of Communications and Informatics is investigating a leak of over a million records from the nation's COVID-19 quarantine management app. News of the leak was revealed on August 30th by security review site vpnMentor, which wrote that its research team discovered exposed databases generated by eHAC, an app that is mandatory for use by travellers moving into and out of Indonesia, or within its borders.

For too long, both the private and public sectors have not prioritized cybersecurity efforts enough and only acted in "Good faith" - an inadequate effort to improve cybersecurity. Recently, President Biden issued the Executive Order on Improving the Nation's Cybersecurity, to set government standards and best practices for cybersecurity across sectors, and it is good to see the focus on automation.

"While third-party risk is not necessarily new, it is something that is often a blind spot as it's often not seen as a direct responsibility of CISOs and security teams," said Gene Yoo, CEO of Resecurity, Inc and former security executive at a major U.S. financial institution. "This blind spot is typically created when there's a lack of visibility into the actual state of the cybersecurity posture and security team of the third-party vendor. However, when an incident does occur, that is when it quickly becomes an issue as the organization itself will take the blame for the breach."

Singapore's governmental digital services arm, GovTech, has launched a "Rewards programme" to further crowdsource tests of the nation's cybersecurity. The Vulnerability Rewards Programme joins the Government Bug Bounty Programme and the Vulnerability Disclosure Programme, all of which work alongside the government's own security checks.

The American Petroleum Institute published its 3rd Edition of Standard 1164, Pipeline Control Systems Cybersecurity, underscoring the natural gas and oil industry's ongoing commitment to protecting the nation's critical infrastructure from malicious and potentially disruptive cyber-attacks. It is based on the NIST Cybersecurity Framework and NERC-CIP standards and significantly expands the scope compared to the previous edition of the standard to cover all control system cybersecurity instead of solely SCADA systems.

80% of leaders and 75% of employees said their company is currently using a hybrid model or is fully remote and considering a hybrid work model. 54% of employees reported up to six instances of lost productivity due to network access issues and leaders cite home internet security and leakage of sensitive company data among their top security challenges.

Data from Synergy Research Group shows the CPaaS market continues to demonstrate strong market growth. The latest 2Q 2021 market share report shows CPaaS market grew over 40% worldwide with Twilio maintaining its number one market share ranking.