ThreatWorx Attenu8 – Vulnerability Prioritization aligned with CISA SSVC
Much has been said about vulnerability prioritization by different cybersecurity vendors, but the absence of a standard guide from an authoritative source had left much to be desired. Well that wait of now over, Cybersecurity and Infrastructure Security Agency (CISA) recently published the CISA Stakeholder-Specific Vulnerability Categorization (SSVC) guide. It is basically a customized decision tree […]
Top 5 cybersecurity myths busted!
Cybersecurity landscape is laden with myths and misconceptions. In this article we will look at top 5 myths for a good “reality check”. Myth #1 – Poor proactive security is acceptable as long as you have good reactive cybersecurity. Reality #1 – Good focus on proactive cybersecurity ensures good cybersecurity posture for the organization. Sadly this is […]
Keeping tab on your cloud environments
Given that misconfigurations contribute to a fair share of cloud breaches, it is vital to keep tab on your cloud environments. Cloud environments are rarely static, especially given that most of us leverage cloud for the elasticity and flexibility it provides. Logging and monitoring provides an easy way to get insights into your ever changing […]
Security Guidance for 5G Cloud Infrastructures from NSA & CISA
The 5G revolution is making waves and headway. 5G promises ultrafast speeds and reduced lag time (latency) along with massive bandwidth and ability to connect lot more devices. Cloudification is key for the success of 5G. What is Cloudification? Cloudification is enabling network operators to innovate new and enhanced services and respond to market demands with the scalability […]
Learnings from CISA Ransomware Guide
CISA released Ransomware Guide last year. I found it to be very informative and hence thought of sharing the gist of learnings from the CISA Ransomware Guide. Before I dive into the learnings from the guide, I want to highlight CISA tag line: Defend Today, Secure Tomorrow This makes perfect sense with focus on “proactive cybersecurity for […]
Is Security factored in your Digital Transformation journey?
Around 3 years back, many companies embarked on their digital transformation journey. Others were forced into it later with the pandemic. Pandemic pushed companies to move ahead on their digital transformation journey at breakneck speed. Many organizations jumped on the digital transformation bandwagon without much thought about how to bring security in the picture. How […]
Beyond risk-based cybersecurity…
A 2019 article from McKinsey titled “The Risk-based Approach to Cybersecurity” talked about the need for organizations to move from a “maturity-based” to a “risk-based” approach to cybersecurity. First let us get clarity on some definitions from that article here. Cyber risk is just another kind of operational risk and cyber risk is not the same as cyber threat. […]
How cyber insurance can incentivize cyber security?
In the previous article, we saw how taking a Proactive Approach to Cyber Security is key and how it relates to Cyber Insurance. In this article we will see how cyber insurance can incentivize better cyber security practices amongst policy holders. RUSI (Royal United Services Institute) for Defense and Security Studies published a paper titled “Cyber Insurance […]
Guidance on preventing or limiting the impact of ransomware attacks.
In view of two major ransomware attacks, the Colonial pipeline and JBS, it’s time to refocus on proactive cyber security as time and again reactive security controls have failed to prevent large scale and targeted ransomeware attacks. Here is a glimpse of the state of things when it comes to ransomware attacks: (Courtesy: Combating Ransomware – Ransomware Task Force […]