Light Dark
April 28, 2021 By Megan Crouse 3 min read
Security Services
Zero Trust
CISO

The COVID-19 supply chain finds itself under fire in this month’s cybersecurity intelligence news. Learn about how another type of supply chain — the cloud through which we download a lot of our software — can also be a risk. And, how could your business make meaningful changes to your cybersecurity posture? Start on your journey to make the whole organization safer in just a month.

Sometimes, setting up a security team is like preparing for a big game. You need the right training, the right tools and the right people, and having all three makes all three better. So, another question we wanted to address this month is: how do you coordinate all of that at once? Check out our top advice and news from April.

Quick briefs: Top insights from April

3-Minute Read 🕒

How vulnerability management can stop a data breach

Today’s attack surface is always growing, with more applications and personal devices connecting to business networks. See how to turn the attack surface from a football field to a narrow swim lane with vulnerability management. And just like in sports, that means drafting the right people for the team. Experts in both offense and defense can take advantage of organized vulnerability management.

2-Minute Read 🕒

Over half of malware delivered via cloud applications

More than half of malware attacks in 2020 were delivered via cloud applications, a study from Netskope shows. That isn’t a surprise, since cloud adoption is becoming so common, but it can be a good heads-up. These attacks don’t have to be complicated — 58% of the attacks the survey found were just infected Microsoft Office documents. Is your organization managing employees’ access to cloud apps safely? This way, you can shut doors like this in front of attackers.

4-Minute Read 🕒

Clean sweep: A 30-day guide to a new cybersecurity plan

Take a broom to your dusty cybersecurity plan with this quick spring cleaning. Our 30-day plan presents practical steps for business leaders to make decisions about where their organizations stand when it comes to digital safety. Have a specific use case that you’re not sure how to handle? The plan is versatile enough to meet individual needs while staying within a standard schedule. By the end you’ll know how to build your cybersecurity needs in and solve some problems with automated systems.

Worth your while: In-depth coverage to sharpen your skills & tighten security

6-Minute Read 🕒

AI security: How human bias limits artificial intelligence

Human bias sneaks into the way we program artificial intelligence, too. Facial recognition and other image processing are always becoming more sophisticated. We need to be careful not to pass on assumptions to the technology we make. What if information may be harmful to one group and harmless to another? Julie Carpenter of California Polytechnic State University teaches the tech world about how to be sure our AI doesn’t just repeat our mistakes.

5-Minute Read 🕒

An update: The COVID-19 vaccine’s global cold chain continues to be a target

Attackers are using spear-phishing — personalized spam emails that use real contact information to trick executives into giving away personal or business information — to break into the physical COVID-19 vaccine cold chain. Threat actors are getting smarter. They’re neatening up the lure on phishing emails. Common signs of fakes, like misspellings or incorrect logos, aren’t always present anymore. Executives should be careful of emails impersonating legitimate business contacts.

5-Minute Read 🕒

3 reasons cyberattacks are increasing (and how zero trust can help)

With more and more people working at home, the problem of unknown devices is just getting bigger. It’s like how bugs sometimes emerge into the house in the spring. Attacks can come from gaps so small we don’t usually think about them. Our solution is zero trust, with which you can check access every time to keep out unexpected and unwanted intrusions. Take a look at the most common causes of cyberattacks today and how zero trust can close those gaps.

April’s expert insight: Threat actors’ most targeted industries in 2020

Where does your industry fall? See the full list of the most targeted industries and why attackers see them as the best pickings in this article.

Want to keep up with today’s cybersecurity news and best practices? Watch this space for the Security Intelligence newsletter.

 |  |  | 
Megan Crouse
Freelance Writer and Editor

More from Security Services
October 12, 2023

How I got started: Attack surface management

4 min read - As the threat landscape multiplies in sophistication and complexity, new roles in cybersecurity are presenting themselves more frequently than ever before. For example, attack surface management. These cybersecurity professionals are responsible for identifying, mapping and securing all external digital assets an organization owns or is connected to. This includes servers, domains, cloud assets and any other digital points that could be exploited by cyber criminals. Their role involves continuously monitoring these assets for vulnerabilities, misconfigurations or other potential security risks…

October 6, 2023

X-Force uncovers global NetScaler Gateway credential harvesting campaign

6 min read - This post was made possible through the contributions of Bastien Lardy, Sebastiano Marinaccio and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related…

October 5, 2023

Does your security program suffer from piecemeal detection and response?

4 min read - Piecemeal Detection and Response (PDR) can manifest in various ways. The most common symptoms of PDR include: Multiple security information and event management (SIEM) tools (e.g., one on-premise and one in the cloud) Spending too much time or energy on integrating detection systems An underperforming security orchestration, automation and response (SOAR) system Only capable of taking automated responses on the endpoint Anomaly detection in silos (e.g., network separate from identity) If any of these symptoms resonate with your organization, it's…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature