Security News

Third-party risk management best practices and why they matter
2024-01-29 05:50

With organizations increasingly relying on third-party vendors, upping the third-party risk management game has become imperative to prevent the fallout of third-party compromises. Why you must do TPRM. Third-party risk management offers numerous advantages for companies.

The effect of omission bias on vulnerability management
2024-01-24 06:30

One of these is the omission bias, which has interesting ramifications in the world of cyber security, specifically vulnerability management. In this article, we discuss omission bias in vulnerability management, particularly vulnerability remediation, and how IT operators can overcome it with today's new management platforms.

Ransomware negotiation: When cybersecurity meets crisis management
2024-01-18 05:00

He discusses ransomware gangs, the role of cyber insurance, and how governments and regulatory bodies are responding to the ransomware threat. In light of the increasing sophistication of ransomware attacks, can you discuss the dynamics of negotiating with ransomware gangs? How do these negotiations typically unfold, and what are the critical business considerations during these interactions?

Key elements for a successful cyber risk management strategy
2024-01-15 04:30

In this Help Net Security interview, Yoav Nathaniel, CEO at Silk Security, discusses the evolution of cyber risk management strategies and practices, uncovering common mistakes and highlighting key components for successful risk resolution. We hope to find the 'golden' indicator for which risk will eventually lead to a breach, but until that day, security teams need to holistically incorporate several layers of risk factors to determine business risk and drive justifiable communications.

Digital ops and ops management security predictions for 2024
2023-12-14 05:30

Big incidents will be BIG. High-visibility attacks will continue to be rare, but when they occur, they will be major news, with massive implications for customers and even wider society, depending on the organization affected. Unlike the indiscriminate "Spray-and-pray" attacks we used to be so afraid of, bad actors will shift their attention to building sophisticated campaigns to take down high-value targets that are more financially rewarding for them.

Guide: Application security posture management deep dive
2023-12-13 03:45

Distinguishing real, business-critical application risks is more challenging than ever. A siloed, ad hoc approach to AppSec generates noisy false positives that overwhelm under-resourced security teams.

This Free Solution Provides Essential Third-Party Risk Management for SaaS
2023-11-30 11:55

Wing Security recently announced that basic third-party risk assessment is now available as a free product. But it raises the questions of how SaaS is connected to third-party risk management...

Organizations’ serious commitment to software risk management pays off
2023-11-21 04:30

There has been a significant decrease in vulnerabilities found in target applications - from 97% in 2020 to 83% in 2022 - an encouraging sign that code reviews, automated testing and continuous integration are helping to reduce common programming errors, according to Synopsys. The report details three years of data derived from tests run by Synopsys Security Testing Services, with targets made up of web applications, mobile applications, network systems and source code.

Generative AI is shaping future incident management processes
2023-11-15 05:00

Research points to generative AI as a means to resolve the incident management paradox with 84.5% who either believe AI can significantly streamline their incident management processes and improve overall efficiency or are excited about the opportunities AI presents for automating certain aspects of incident management. "Traditional, rule-based automation tools are no longer sufficient for the demands of modern operations teams. Despite robust incident management processes within numerous organizations, the relentless surge in service incidents - with its consequential impact on customers and financial ramifications - mandates a transformative approach. The path forward lies in harnessing innovative solutions like generative AI, augmented by automation and guided by human judgment, to not only expedite incident resolution but also proactively detect and preempt potential issues before they escalate."

k0smotron: Open-source Kubernetes cluster management
2023-11-14 04:30

Open-source solution k0smotron is enterprise-ready for production-grade Kubernetes cluster management with two support options. The k0smotron operator is deployed onto an existing Kubernetes cluster, designated as the management cluster similar to a "Mothership," that orchestrates and provides control plane services on demand.