Topic: Industry and Business Best Practices

From the Winter 2023 Issue

Level-up API Protection with Identity and Centralized Trust

Author(s):

Gary Archer, Product Marketing Engineer, Curity

Level-up-API

Introduction API security has matured over the years, and the best practice has moved away from older security methods such as API keys. Token-based authentication is the norm, but too often, a significant concern is overlooked: identity. An identity focus is critical for modern APIs to mitigate risk and prevent cyber-attacks. In this article, we … Read more

From the Fall 2022 Issue

Through the Lens of a CISO

Author(s):

Andres Andreu, CISO, 2U, Inc.

Through the Lens of a CISO

A modern-day cybersecurity leader, typically a Chief Information Security Officer (CISO), needs to look at the world, its events, its meta-data, its features and its people in a very specific way in order to be successful. While some of this may sound borderline paranoid to outsiders, a good CISO develops a healthy respect for opposing … Read more

Is the Cyber Kill Chain Model the Ultimate Solution to Rising Ransomware Attacks?

Author(s):

Waqas S, Cybersecurity Journalist, DontSpoof

Cyber Kill Chain Model

Ransomware attacks have long since been on a steady rise, wreaking havoc and destruction within the cybersecurity industry. Since the coronavirus pandemic in 2020, there has been a 148% rise in ransomware attacks.  The situation in 2021 was alarming as the number of attacks continued increasing. The year 2021 saw some of the worst ransomware … Read more

3 Mistakes to Avoid When Deploying DMARC in Your Organization

Author(s):

Harry Wilson, Head of Digital Marketing Department, Globex Outreach

Deploying DMARC

Currently, most organizations understand the importance of deploying Domain-Based Message Authentication Reporting and Conformance (DMARC) to stay safe from the rising email fraud cases. DMARC protects your business’ trusted domains from endless email spoofing and cybersecurity attacks. Deploying this email authentication protocol prevents spoofers and phishers from exploring vulnerabilities in your email domain, which helps … Read more

Purple Teaming: A Key Solution in Addressing Evolving Threats

Author(s):

MK Akram, Project Manager, Globex IT Solutions

Purple Teaming - USCYBERCOM

From the SolarWinds attack to the attempt to poison Florida city’s water supply and the Colonial Pipeline shutdown due to ransomware, recent months have demonstrated how aggressive cybercriminals have become—which raises the question: are modern cybersecurity solutions really that ineffective? With one major attack after another, the expectation is that organizations would have already undertaken … Read more

Bots: to Block or Not to Block? Effective Bot Management Strategy

Author(s):

Emma Yulini, Outreach Manager, Rise Digital

Bot Management - Good Bots - Malicious Bots

A significant portion of users visiting your site are not human. In 2017, more than 50% of internet traffic came from bots, and while there have been some improvements in recent years, today it’s estimated that more than 40% of all internet traffic comes from bots, and around 25% comes from malicious, bad bots. Malicious bots … Read more

From the Spring 2021 Issue

How Much is Too Much When Paying Out a Reward for a Vulnerability?

Author(s):

Alex Haynes, CISO , IBS Software

how-much-is-too-much-when-paying-out-a-reward-for-a-vulnerability

There has been a lot of publicity surrounding ‘bug bounty’ programs that pay out seemingly large rewards for finding vulnerabilities in web applications. This trend has increased over the years as crowdsourced security programs have matured since their inception almost 10 years ago and their adoption has become mainstream. Should we pay out large sums … Read more

From the Spring 2021 Issue

Human Psychology Toward Cybersecurity Can Build Value as a Business Enabler

Author(s):

Glenn Axelrod, M.S, CISA, CISM, CRISC, HKA Technology Solutions, L.L.C.

human-psychology-toward-cybersecurity-can-build-value-as-a-business-enabler

Cybersecurity human engagement is not always apparent. Attack victims are particularly vulnerable; therefore, cybercriminals utilize pre-defined destructive motivations. Nevertheless, users worldwide continue to hand over confidential information unintentionally, or merely because of curiosity. Cyber adversary actions are usually the subject of research (i.e., what we do and what we could have done to prevent the … Read more

From the Spring 2021 Issue

Five Best Practices for Cloud Security

Author(s):

Alex Jones, Information Security Manager, Cobalt.io

5-best-practices-for-cloud-storage

Companies of all sizes are rapidly moving to cloud-based technology to enable a remote workforce and support critical business functions in the challenging pandemic environment. While the expansion of cloud services has exponentially accelerated through COVID-19, the truth is they have been growing rapidly even before the pandemic. These shifts increase companies’ attack surface and … Read more

From the Spring 2021 Issue

Cybersecurity: The Danger of Comfort Zones

Author(s):

Dr. Rebecca Wynn, Global CISO & Chief Privacy Officer ,

cybersecurity-the-danger-of-comfort-zones

The biggest danger of any organization is comfort zones. These comfort zones are seen in silos and in the culture of “we have always done things this way.” Cybersecurity, compliance, privacy, governance, and IT departments are no exception to having this danger. The emergence of new devices and software products designed to unite employees has … Read more