Businesses are investing substantial funds and efforts into migrating workloads from on-premises infrastructure to public clouds, in part motivated by the hypothesis that, once cloud-based, those workloads will be relatively easy to move from one cloud provider to another. Unfortunately, the reality is unlikely to be so simple. It’s been estimated that about half of…

As the cyber attack surface continues to rapidly expand, enterprises need a security solution that can help organizations to better understand, communicate, and mitigate cyber risk across their entire IT ecosystem. And with many offerings on the market, choosing the right product can be challenging. CISOs can make a more informed decision by leveraging the…

In my last article, I discussed the trade-offs we often make between complexity and capabilities when adopting new security tools and why there is often a point of diminishing returns in terms of the value derived from these tools as we layer on incremental functionality. In this article, I delve a bit deeper into the…

For many Chief Information Security Officers (CISOs), reporting to the board of directors has been handled as a reactionary, albeit very necessary task. After all, it’s the board of directors that sit atop the corporate governance model, so it is incumbent upon security professionals to keep them informed. But communicating about security incidents—like the Log4j…

Ransomware incidents have increased dramatically over the past few years. Complaints about ransomware attacks to the FBI’s Internet Crime Complaint Center surged 62% in the first half of 2021 compared to a similar time frame in 2020, according to the Cybersecurity and Infrastructure Security Agency. To blunt this growing threat, security professionals need to understand…

Are cybersecurity jobs a profession or a vocation? When we consider the current workforce shortage in cybersecurity, our existing assumptions about the nature of cybersecurity jobs may be exacerbating the shortfall. For this reason, we may need to consider new ways of thinking about jobs within the cybersecurity field and the appropriate institutional structures that…

What’s the key to effective security? How can we continue to defend against the ever-rising tide of cyberattacks amid a constantly evolving perimeter and the unprecedented acceleration of hybrid work? And let’s not forget about the proliferation of devices connecting to the network, and the mass movement of applications into the cloud. If we’ve learned…

The attacks target organizations across multiple sectors in Canada, the United States, Hong Kong, Europe, and more, and have seen low detection rates in Google’s VirusTotal scanning engine. Dubbed MirrorBlast, the campaign started in early September, following similar activity in April 2021, Morphisec’s security researchers reveal. The infection chain starts with a malicious document delivered…