As the cost of data breaches rises year over year, many organizations look to cyber insurance to protect themselves from potential losses. Even in supplier contracts, more companies are now making cyber insurance a prerequisite to do business.  However, cyber insurance is costly. Five years ago, obtaining coverage was easy and relatively cheap. But, today’s […]

Microsoft has revealed that Russian state-sponsored threat actors successfully breached its corporate email system, stealing sensitive email attachments and messages from the senior leadership team.  This was not a sophisticated attack based on zero days or vulnerability exploits. The attackers leveraged simple cloud misconfigurations and poor password management practices to breach the company.  All companies […]

The boardroom conversations have begun. Your company’s CEO is eager to put generative AI into action. They know it’s vital to improving efficiency and productivity as well as maintaining competitiveness. But, they’ve also heard about the risks. Namely, hallucinations, data leakage and cyber-attacks.  So, they turn to you: the company’s CISO. You, yourself, know that […]

In a recent security lapse, Mercedes-Benz inadvertently exposed a wealth of internal data when a private key, providing “unrestricted access” to the company’s source code, was found in a public GitHub repository.  Details about the Mercedes-Benz data exposure During an internet scan in January 2024, a threat hunter at RedHunt Labs stumbled upon a Mercedes […]

Data loss prevention (DLP) tools have long been a cause of frustration in the security operations center (SOC). Known for generating an overwhelming amount of false positives and being manually intensive to configure, many security teams see DLP as more of a burden than an asset.  But it’s not DLP, in itself, that’s the problem. […]

Authors: Yasir Ali & Armando Pauker As we start 2024, the enterprise realm is witnessing a transformative wave with the escalating adoption of artificial intelligence (AI). This surge in AI integration, stretching across many industries, brings with it a critical focus area: heightened data security risks and the looming threats of data breaches. As businesses […]

Houston, we have a problem. NASA may have put men on the moon, but its privacy program is in need of some rocket fuel.  That’s according to the aerospace agency’s Office of Inspector General (OIG), who recently reviewed NASA’s privacy program and found its data loss prevention (DLP) approach to be astronomically lacking.  In an […]

This week, thousands of schools across the US became embroiled in a mass data leak, after the school safety software company—Raptor Technologies—accidentally left troves of sensitive data exposed on the internet.  What happened with the Raptor Technologies data breach?  On January 11, a cybersecurity researcher unearthed a concerning discovery: an unprotected database housing an estimated […]

According to the analyst firm Forrester, this year is going to be a major one for generative AI (GenAI) data breaches and compliance fines. It’s easy to see why. While the accidental insider threat has long been a leading cause of cybersecurity incidents in the enterprise, the rise of applications like ChatGPT and Bard mean […]

As a savvy developer, you know that generative AI is a must to boost your productivity, speed and efficiency.  But, you’re also cautious.  You read about the Samsung data breach (where employees unwittingly input confidential source code into ChatGPT and faced disciplinary action as a result), and you don’t quite know how to reap the […]

It’s been 20 years since the National Institute of Standards and Technology (NIST) released its guidance on building enterprise security awareness and training programs. A lot has changed since then.  With new attack types, the advent of cloud applications, the work-from-anywhere era, and generative AI, NIST has realized that their previous idea of effective training […]