5 considerations for building a zero trust IT environment

Zero trust isn’t a product or service, and it’s certainly not just a buzzword. Rather, it’s a particular approach to cybersecurity. It means exactly what it says – not “verify, then trust” but “never trust and always verify.” Essentially, zero trust is about protecting data by limiting access to it. An organization will not automatically…

Over 40% of privacy compliance technology will rely on artificial intelligence (AI) by 2023, up from 5% today, according to Gartner. The research was conducted online among 698 respondents in Brazil, Germany, India, the U.S. and the U.K. “Privacy laws, such as General Data Protection Regulation (GDPR), presented a compelling business case for privacy compliance…

RSA CONFERENCE 2020 – San Francisco – A recently spotted targeted attack employed a rootkit to sneak malicious traffic through the victim organization’s AWS firewall and drop a remote access Trojan onto its cloud-based servers. Researchers at Sophos discovered the attack while inspecting infected Linux and Windows EC2-based cloud infrastructure servers running in Amazon Web…

Modern malware is increasingly leveraging evasive behaviors, a new report by VMware Carbon Black released at RSA Conference 2020 has revealed. The report uncovers the top attack tactics, techniques, and procedures (TTPs) seen over the last year and provides specific guidance on ransomware, commodity malware, wipers, access mining and destructive attacks. Among some of the…

For the third time in a year, Google has fixed a Chrome zero-day (CVE-2020-6418) that is being actively exploited by attackers in the wild. About CVE-2020-6418 No details have been shared about the attacks and about the flaw itself, apart from the short description that says it’s a type confusion flaw in V8, the JavaScript…

Zscaler released their second annual IoT report, compiled after analyzing their customers’ IoT transactions in the Zscaler cloud for two weeks. The company found 553 different IoT devices across 21 categories from 212 manufacturers. Organizations around the world are observing this Shadow IoT phenomenon, where employees are bringing unauthorized devices into the enterprise. With this…

Cybersecurity teams continue to struggle with hiring and retention, and very little improvement has been achieved in these areas since last year, according to ISACA. Understaffed and lacking diversity ISACA’s 2020 State of Cybersecurity survey report, unveiled at RSA Conference 2020, finds that enterprises are short-staffed, have difficulty identifying enough qualified talent and don’t believe…

Organizations are detecting and containing attacks faster as the global median dwell time, defined as the duration between the start of a cyber intrusion and it being identified, was 56 days. This is 28% lower than the 78-day median observed in the previous year, according to FireEye. Consultants attribute this trend to organizations improving their…