The COVID pandemic and The Great Resignation have led to extensive upheaval in workforces and workplaces. How best to achieve and maintain continuous SOC 2 compliance in the face of these seismic shifts?
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
Security researchers discovered 9,000 unsecured internet-facing VNC servers that threat actors could use to access internal networks, including critical infrastructure organizations.
The now-public whistleblower allegations that Twitter may have active foreign spies on its payroll are sure to raise concerns about insider threats at companies everywhere. But focusing only on potential spies is a mistake.
With roughly 70 percent of travelers unknowingly engaging in risky behaviors that could expose them - and their employers - to cyberattacks, travelers will need to add cybersecurity to their packing list in addition to sunscreen and passports.
Cloud infrastructure provider Digital Ocean severed ties with the marketing automation provider Mailchimp after a security breach exposed its customer email addresses.
A shocking whistleblower report from Peiter ‘Mudge’ Zatko, a well-known cybersecurity expert who served as Twitter's head of security from mid-2020 to early 2022, asserts that the company is "grossly negligent" in "several areas" of information security and privacy protections.
Online businesses must prioritize credential stuffing mitigations by detecting and preventing automation in credential stuffing, and identifying compromised credentials of legitimate users and forcing them to change password to disincentivize the attackers and break the attack lifecycle.
The shift to cloud-based collaboration platforms, the amount of sensitive data that is now stored and communicated on those platforms, and the level of trust that people put into communication on those platforms have an inevitable conclusion: we are going to see more attacks on those platforms.
The BlackByte ransomware gang's "2.0" reboot of their data leak site sports a new "feature" for its victims: a tiered payment system that allows for smaller payments to delay publication of sensitive data, or to simply download and recover it prior to having it dumped for public viewing.
UK water supplier, South Staffordshire PLC, suffered a Clop ransomware attack during one of the country’s worst droughts, with the gang mistakenly identifying another water utility as the victim.










