Organizations have struggled to understand why APIs are so strategic even though they're an intrinsic way businesses interface with their software, according to Checkmarx CEO Emmanuel Benzaquen. He says API abuse is slated to become one of the most common types of web application data breaches.
U.S. federal authorities are establishing a new office to tackle supply chain security issues and help industry partners put federal guidance and policies into practice. Former GSA administrator Shon Lyublanovits says she is spearheading the launch of the new organization.
The nearly $200 million it raised in December will allow Snyk to consolidate the developer security market through organic investment and M&A, says CEO Peter McKay. Snyk has focused on bringing open-source security, container security, infrastructure- as-code security and cloud security together.
The guardrails organizations use to protect employee identities are often ineffective for contractors, business partners or vendors since they bring their own devices. Many businesses struggle to implement identity safeguards in a setting that's more heterogeneous and offers fewer controls.
The impact of a breach is rising which makes cybersecurity as a critical concern, and the CISOs are looking for a way to manage risk across millions of diverse, dynamic and distributed assets.
Unfortunately, most CISOs lack the tools to perform effective risk assessment and remediation. This forces CISOs to stitch...
Optiv has gone beyond examining log data and classic managed security services work to pursue threats across a broader swath of structured and unstructured data. The company has focused on finding threats outside of a log environment by examining system-to-system interfaces and transactional data.
BlueVoyant has strengthened its ability to monitor the remediation of supply chain issues and integrate that with questionnaire activity, CEO Jim Rosenthal says. Existing supply chain tools tend to generate lots of risk information but then put the burden on the client to interact with suppliers.
Security ratings provide a strong indication of potential risk, but boards increasingly want to drill into the underlying risk factors, says CEO Steve Harvey. BitSight has invested in both workflows around third-party risk and research and identification of CVEs on behalf of government agencies.
Hackers are going downstream in their attacks on healthcare sector entities and their third-party business associates because in many cases, these cybercriminals have already hit up the larger players, says Michael Hamilton, CISO of security firm Critical Insight.
Hacking and third-party business associate incidents were the crux of the largest health data breaches reported to federal regulators in 2022, foreshadowing the top risks and threats that will likely plague healthcare entities and their vendors in the new year, as well.
Many of the major health data breaches being reported to regulators reflect a variety of poor practices by business associates, including retaining sensitive patient information for much longer than necessary, says Kate Borten, president of The Marblehead Group.
Hundreds of U.S. counties continue to work with pen and paper after a cyberattack on their digital records management vendor last week disrupted methods to view, add and edit government records. The attack slowed the processing of birth certificates, marriage licenses and real estate transactions.
In the latest update, four ISMG editors discuss important issues of 2022, including: CISO Marene Allison's unique career path; Ukrainian government cybersecurity official Victor Zhora on lessons learned from countering cyberattacks; and insights from CEO Nikesh Arora of Palo Alto Networks.
Phishing and other socially-engineered schemes are going to get bolder, the attack surface is only going to get bigger, and enterprises everywhere are going to have to focus more on building cyber resilience. These are among the New Year's predictions from Zoom's new CISO, Michael Adams.
Hospitals must not only prepare in advance for ransomware and other debilitating attacks on their organizations, but also for responding to the effect of cyber incidents at neighboring facilities, says Dr. Christian Dameff of the University of California San Diego.