Cybersecurity training is not the same across all companies; SMB training programs must be tailored according to size and security awareness. Who better to give advice about how small- or medium-sized businesses should handle cybersecurity than an organization and expert with currency in helping SMBs survive? Anete Poriete, UX researcher at CyberSmart, in her Real Business article, The Best Practises for Cybersecurity Training in SMEs, said there's a common misconception that SMBs aren't aware of cybersecurity threats.
Despite a marked increase in concerns around malware attacks and third-party risk, only 8% of organizations with web applications for file uploads have fully implemented the best practices for file upload security, a report from OPSWAT reveals. Most concerning, one-third of organizations with a web application for file uploads do not scan all file uploads to detect malicious files and a majority do not sanitize file uploads with CDR to prevent unknown malware and zero-day attacks.
The Open Source Security Foundation on Wednesday announced the availability of a new GitHub app that can be used to automatically and continuously enforce security best practices for GitHub projects. Allstar is a companion to Security Scorecards, an automated risk assessment tool for repositories and their dependencies that was also contributed by Google.
Google and the Open Source Security Foundation have released Allstar, an app that allows organizations / owners of GitHub repositories to set up security policy expectations for GitHub projects and to make sure that these policies are adhered to. "Allstar works by continuously checking expected GitHub API states and repository file contents against defined security policies and applying enforcement actions when expected states do not match the policies," OpenSSF's John Mertic explained.
The PCI Security Standards Council and the Cloud Security Alliance issued a joint bulletin to highlight the importance of properly scoping cloud environments. At a high level, scoping involves the identification of people, processes, and technologies that interact with or could otherwise impact the security of payment data or systems.
Pulumi announced that SANS Institute is using the Pulumi Cloud Engineering Platform to streamline the delivery of applications and infrastructure, increasing the speed of delivery by 3X. Pulumi enabled SANS to adopt cloud engineering best practices so that it could reduce deployment times, simplify its cloud architectures and ultimately create a better experience for end customers. SANS now delivers cloud infrastructure using TypeScript and GitOps workflows, allowing it to use the power of modern languages and software engineering to deploy and configure infrastructure through a single platform.
Business email compromise refers to all types of email attacks that do not have payloads. In a recent study, 71% of organizations acknowledged they had seen a business email compromise attack during the past year.
Learn how to get the most out of container security best practices. "Ford discussed the challenges of container security."Container security startups are looking to solve for some of the challenges that containers introduce: the increasingly automated nature of modern software development can exacerbate security issues quickly.
The report details the impact of COVID-19, IT's chief concerns about new spending decisions, the impact remote work had on security best practices, and overall satisfaction within the IT organization. "Remote work put enormous pressure on admins and organizations, and now that the work landscape has changed permanently, the top priority for SMEs is to address those challenges. IT professionals' 2021 priorities of layered security for more secure work-from-anywhere, making remote work easier, and more efficient device management underscore the need for a more consolidated, platform approach to IT that reduces complexities and cost."
From WannaCry, Petya, and SamSam to Ryuk, these ransomware attacks have caused huge financial and reputation losses for both public and private sector organizations - the recent attacks on Colonial Pipeline are just the latest example. Most of successful ransomware attacks happen because organizations overlook a simple security practice.