Category: Cyber Defense Magazine

Complexity: The Silent Killer of Cybersecurity

The cybersecurity landscape is a complex and ever-evolving ecosystem. At its core lies a fundamental paradox: the more tools we deploy to protect our digital assets, the more complex and… The post Complexity: The Silent Killer of Cybersecurity appeared first…

Why EPSS is a Game-Changer for Cybersecurity Risk Management

Having served on the MITRE.org CVE (OVAL) advisory board, I have spent years analyzing vulnerabilities and how they impact global cybersecurity. The challenge has always been prioritization—how do we determine… The post Why EPSS is a Game-Changer for Cybersecurity Risk…

Maximizing Security Through Hardware

Organizations are continually balancing seamless user experiences and implementing robust defenses against evolving threats. Passwords, as the first line of defense, remain a primary vulnerability, often exploited due to poor… The post Maximizing Security Through Hardware appeared first on Cyber…

Publishers Spotlight: Flashpoint

In 2024, a new hybrid cold war is redefining the threat landscape. Cyber, physical, and geopolitical risks are converging, with nation-states, ransomware groups, and insider threats exploiting vulnerabilities to disrupt… The post Publishers Spotlight: Flashpoint appeared first on Cyber Defense…

Experience from GAP Assessment Audits for NIS2 Compliance

The NIS2 (Directive (EU) 2022/2555 of the European Parliament and of the Council) imposes cybersecurity and information security compliance obligations on many organizations that previously had no such requirements. Most… The post Experience from GAP Assessment Audits for NIS2 Compliance…

Deepfakes: How Deep Can They Go?

With the help of today’s technology, virtually anyone can create a passable deepfake—a manipulated image, video, or audio recording that seems real. All that is required is a consumer-grade computer… The post Deepfakes: How Deep Can They Go? appeared first…

How to Root Out Malicious Employees

Malicious employees and insider threats pose one of the biggest security risks to organizations, as these users have more access and permissions than cyber criminals attacking the organisation externally. It… The post How to Root Out Malicious Employees appeared first…

Cyber Security in Customer Engagement: The Triple Defence Strategy

As digital interactions dominate modern communication, the rapid evolution of cyber threats demands robust security measures in customer engagement as a critical imperative. Traditional security methods are no longer sufficient,… The post Cyber Security in Customer Engagement: The Triple Defence…

Can Your Security Measures Be Turned Against You?

Throughout history, the concept of defeating an opponent’s defenses has been central to warfare strategies. From ancient sieges using tunnels and siege engines to modern tactics aimed at neutralizing air… The post Can Your Security Measures Be Turned Against You?…

Bridging The Manufacturing Security “Air Gap”

In the world of manufacturing, one security measure has stood out above all others: the “air gap.” This technique, which isolates technology from the outside world, once provided a reasonable… The post Bridging The Manufacturing Security “Air Gap” appeared first…

The GenAI Scam Revolution

Introduction The intersection of cutting-edge artificial intelligence technologies and the extensive exposure of personal data has opened a Pandora’s box of potential misuse, including hyper-targeted scams. Large language models (LLMs),… The post The GenAI Scam Revolution appeared first on Cyber…

Navigating Advanced Threat Landscapes

In today’s era, marked by rapid digital transformations and an increase in sophisticated cyber threats, the role of Chief Information Security Officers is more crucial than ever. CISOs face the… The post Navigating Advanced Threat Landscapes appeared first on Cyber…

The Rise in Phishing Scams

As cybersecurity platforms have become more effective, cyber attackers have shifted their strategy. Rather than challenging defense applications to identify weaknesses, they are now increasingly focused on exploiting human behavior…. The post The Rise in Phishing Scams appeared first on…

The Age of Unseen Truths And Deceptive Lies

From the moment we’re born, we are surrounded by a mix of true and false information. In the past, distinguishing between them was relatively easy, but over time, it has… The post The Age of Unseen Truths And Deceptive Lies…

Tagged Files as a Road to Insider Threats

The insider threat is any individual within community who does something against such surrounding even being used for sabotage, diversion, espionage and the other purposes, so far. On the other… The post Tagged Files as a Road to Insider Threats…

Operational Security: The Backbone of Effective Police Communication

In the fast-paced and dynamic world of law enforcement, effective communication is essential for ensuring public safety and successful operations. However, amidst the ever-evolving landscape of technology and threats, maintaining… The post Operational Security: The Backbone of Effective Police Communication…

Passwords Are Out, Biometrics Are In

As more aspects of daily life move online—including financial transactions, government services like mobile driver’s licenses, and digital travel authentication—the weaknesses of traditional remote identity verification methods, such as passwords,… The post Passwords Are Out, Biometrics Are In appeared first…

Managing Sensitive Security Investigations in Remote Settings

Managing sensitive security investigations has become more complex and challenging in today’s increasingly prevalent remote work environment. As a result, ensuring that these investigations are conducted effectively and securely requires… The post Managing Sensitive Security Investigations in Remote Settings appeared…

Is Unified Access Control Zero Trust’s Silver Bullet?

With the advent of Zero Trust architecture, where the principle of “never trust, always verify” prevails, the importance of comprehensive access control has never been more pronounced. As cyber threats… The post Is Unified Access Control Zero Trust’s Silver Bullet?…

HTTP 1.1 Vs. HTTP 2: What Are the Differences?

According to this recent report by McKinsey, 87% of consumers say they won’t do business with your company if they have concerns about your security practices. So if you’re serious about protecting… The post HTTP 1.1 Vs. HTTP 2: What Are the…

How to Use AI in Cyber Deception

For years, cyber deception has been an excellent tool against would-be cybercriminals. However, the cybersecurity landscape is constantly evolving — and many conventional techniques are no longer as effective. Is… The post How to Use AI in Cyber Deception appeared…

How To Privacy-Proof the Coming AI Wave

Everyone has noticed that we have entered the AI era. AI is everywhere: to improve customer experience, reduce costs, generate stunning and surreal images. The size of the Artificial Intelligence… The post How To Privacy-Proof the Coming AI Wave appeared…

Exploring the Vishing Threat Landscape

Voice phishing, also known as vishing, represents a growing threat to organizations worldwide. Keepnet’s 2024 Vishing Response Report illuminates the alarming statistic that 70% of companies are prone to voice… The post Exploring the Vishing Threat Landscape appeared first on…

Cybersecurity: How to Involve People in Risk Mitigation

Cybersecurity: how to involve people in risk mitigation Cefriel presented the white paper “Cyber Security and the Human Element”, an in-depth look at how to analyze and understand the connections… The post Cybersecurity: How to Involve People in Risk Mitigation…

Publisher’s Spotlight: Merlin Group

Bridging the Gap Between Cyber Innovation and Regulated Markets Addressing the Challenge of Innovation Access in Regulated Markets In an era where the need for technological innovation is more critical… The post Publisher’s Spotlight: Merlin Group appeared first on Cyber…

Air Gap

In August 2024, the FBI issued a notice that an Iranian backed team was attempting to hack American political parties’ campaign information. (Miller & Balsamo, 2024). In that same month,… The post Air Gap appeared first on Cyber Defense Magazine.…

Protecting Your Organization Against Advanced, Multi-Stage Cyber Attacks

Threat actors are continuously enhancing their techniques and increasing sophistication to evade cyber defenses. Consequently, multi-stage ransomware and malware attacks, characterized by heavy obfuscation are becoming increasingly prevalent. The Europol Threat… The post Protecting Your Organization Against Advanced, Multi-Stage Cyber Attacks…

The Cyber Defense Emergency Room

In cybersecurity like in the emergency room, every moment is critical. Much like an emergency room, where nurses must quickly assess and prioritize patients based on the severity of their… The post The Cyber Defense Emergency Room appeared first on…

Guardians Of the Grid

The surge in cyberattacks and the emerging role of Generative AI The importance of cyber security tools in protecting sensitive information, sustaining organization’s resilience and enabling business continuity during hostile… The post Guardians Of the Grid appeared first on Cyber…

Exploring CVSS 4.0’s Impact on Vulnerability and Threat Management

The Common Vulnerability Scoring System (CVSS) offers a standardized framework for characterizing and scoring vulnerabilities, helping the effort for vulnerability risk assessment. The release of CVSS 4.0 in November 2023 marked a… The post Exploring CVSS 4.0’s Impact on Vulnerability and Threat…

Fortifying The Links

In today’s hyper-connected world, supply chains are the lifeblood of industries, spanning across continents and involving numerous third-party vendors. While this interconnectedness brings unparalleled efficiency and opportunities for growth, it… The post Fortifying The Links appeared first on Cyber Defense…

The Key to AI-Enabled Multi-Coalition Warfare

In February, the top artificial intelligence (AI) official at the Department of Defense (DoD) laid out his vision for AI-enabled warfare. “Imagine a world where combatant commanders can see everything they… The post The Key to AI-Enabled Multi-Coalition Warfare appeared first…

The Role of AI in Evolving Cybersecurity Attacks

In the ever-expanding digital landscape, cybersecurity remains a critical concern for individuals, businesses, and governments alike. As technology advances, so do the tactics of cybercriminals. One of the most significant… The post The Role of AI in Evolving Cybersecurity Attacks…

The Fundamental Components to Achieving Shift-Left Success

“Shift-left” is a familiar concept to CISOs and security practitioners across the globe. A term coined to promote the integration of security practices earlier in the software development lifecycle (SDLC)… The post The Fundamental Components to Achieving Shift-Left Success appeared…

Protect SAP Supply Chains by Preventing Cyber Attacks

Highly advanced and extremely dangerous cyberattacks are targeting SAP (from the company originally called “System Analysis Program” Development) software supply chains with an alarming increase in frequency. By taking advantage… The post Protect SAP Supply Chains by Preventing Cyber Attacks…

Is Platform Engineering a Step Towards Better Governed DevOps?

Since 2010, Puppet’s annual State of DevOps Report has tracked trends in IT, including security and, more recently, the growth of platform engineering. 2024’s edition, which includes the results of a survey… The post Is Platform Engineering a Step Towards Better Governed…

Best Practices for Effective Privileged Access Management (PAM)

Privileged accounts are highly coveted targets for malicious attackers due to the extensive access they provide. According to the 2024 Verizon Data Breach Investigation Report, nearly 40% of data breaches… The post Best Practices for Effective Privileged Access Management (PAM)…

Securing the OT Stage: NIS2, CRA, and IEC62443 Take Center Spotlight

In the dynamic landscape of Operational Technology (OT), robust cybersecurity measures are paramount. As the digital transformation accelerates, protecting critical infrastructure becomes more challenging. Fortunately, three key standards—NIS2, CRA, and… The post Securing the OT Stage: NIS2, CRA, and IEC62443…

The Urgent Need for Data Minimization Standards

A central principle in many data protection laws around the globe is data minimization. But we are currently facing a serious issue: we don’t have legal clarity on what exactly… The post The Urgent Need for Data Minimization Standards appeared…

Is There a DDoS Attack Ceiling?

Today, it’s rare for a month to pass without reports of new distributed denial-of-service (DDoS) attacks. Lately, geopolitical instability and hacktivist groups (e.g., Anonymous Sudan and NoName057(16)) have driven attacks, and these types of attacks… The post Is There a DDoS Attack Ceiling? appeared first…

Innovator Spotlight: Fortra

by Dan K. Anderson CEO, CISO, and vCISO As cyber threats grow more sophisticated and frequent, organizations face immense pressure to simplify their security stacks and improve operational efficiency. According… The post Innovator Spotlight: Fortra appeared first on Cyber Defense…

Protect SAP Supply Chains by Preventing Cyber Attacks

Highly advanced and extremely dangerous cyberattacks are targeting SAP (from the company originally called “System Analysis Program” Development) software supply chains with an alarming increase in frequency. By taking advantage… The post Protect SAP Supply Chains by Preventing Cyber Attacks…

Beyond Encryption: Advancing Data-in-Use Protection

In the ever-evolving landscape of cryptography, traditional encryption methods safeguarding data at rest and in transit remain foundational to cybersecurity strategies. However, the security of decrypted data actively used within… The post Beyond Encryption: Advancing Data-in-Use Protection appeared first on…

Benefits of Network Monitoring Systems

Maintaining a resilient, secure, and efficient network infrastructure is more important than ever. Network monitoring systems, which encompass both hardware and software tools, play a pivotal role in achieving this… The post Benefits of Network Monitoring Systems appeared first on…

Autonomous, Deterministic Security for Mission-Critical IOT Systems

Mission-Critical Iot Systems: Cybersecurity Principles In creating an effective cybersecurity strategy for IoT systems, software architects examine obstacles that limit the security options for their target systems. To deliver a… The post Autonomous, Deterministic Security for Mission-Critical IOT Systems appeared…

The Unsolvable Problem: XZ and Modern Infrastructure

The ongoing prevalence (and rise) of software supply chain attacks is enough to keep any software developer or security analyst up at night. The recent XZ backdoor attack is finally… The post The Unsolvable Problem: XZ and Modern Infrastructure appeared…

A Cloud Reality Check for Federal Agencies

The move to cloud is not slowing down – spending by Federal civilian agencies on cloud computing could reach $8.3 billion in Fiscal Year (FY) 2025. But despite years of guidance (from… The post A Cloud Reality Check for Federal Agencies appeared…