As part of the Executive Order on Improving the Nation’s Cybersecurity (EO 14028), NIST is required to do several things. among those are guides and standards for improving supply chain security and they have already released a number of draft documents related to their tasks. IF you sell to the executive branch, these will become […]
Continue reading → [DISPLAY_ACURAX_ICONS]Hackers are targeting the cloud. Why? To paraphrase Willie Sutton, because that is where the data is. Historically, penetration testers gain access to network devices through the “perimeter defense” and then they move around (the so-called east-west movement) trying to get access to data, wherever it lives inside the network perimeter. But in the cloud, […]
Continue reading → [DISPLAY_ACURAX_ICONS]Vendor risk must be a core part of every company’s cybersecurity program, but it is hard. Especially when the company is a tech company, developing software that you use. The term Minimum Viable Product or MVP is a term marketing folks have used for years to describe creating a version 1 product that has the […]
Continue reading → [DISPLAY_ACURAX_ICONS]This is probably not a surprise to anyone who is past elementary school – and probably not to many who are still in elementary school, but the group that was behind last year’s SolarWinds attack is still at it. Just like with SolarWinds, they are going after the global supply chain. 140 managed service providers […]
Continue reading → [DISPLAY_ACURAX_ICONS]59% of cybersecurity executives at large and medium organizations say that they have LOST business due to product security concerns for connected and embedded devices. 45% say that customers want detailed information about what is in their devices, but only 11% of companies have high confidence that they can do that, even if they want […]
Continue reading → [DISPLAY_ACURAX_ICONS]Just ask Twitch. The livestreaming service for video gamers, esports, music and other content fell to hackers. It was acquired by Amazon in 2014 for almost a billion dollars. Hackers broke in and stole 135 gigabytes of data. This includes all of the source code to the platform, transaction data, userids, passwords and other information. […]
Continue reading → [DISPLAY_ACURAX_ICONS]