Katrina Thompson

Health-related staff management firm Logezy was recently discovered by ethical hacker Jeremiah Fowler to have left nearly 8 million of its records exposed in a database with neither password protection nor encryption. The files contained both structured and unstructured data, from PDF files of work authorization documents to images of drivers’ licenses. Logezy is a software company that facilitates employee data management, dealing with such things as compliance and payroll. As such, it frequently ingests sensitive documentation, and the contents of the database ran the gamut: national insurance numbers, electronic signatures, timesheets, photographs of employees, government-issued ID documents, and various…

For long-time cybersecurity industry veterans, we’re in an age that once we never thought possible; cybersecurity has moved from a backroom, “IT-only” relegation to a top-of-mind business objective. Right where we always thought it should be. However, this new era of cybersecurity accountability and regulation has yet to be fully disseminated throughout corporate culture and the broader public consciousness. Despite laudable industry efforts, strengthened government requirements, and a good deal more C-suite visibility, the message has yet to hit home everywhere: cybersecurity is everyone’s responsibility. We Sink or Swim Together In today’s vastly connected digital world, we are all connected…

The Data Security Posture Management (DSPM) market is on a meteoric rise, and CISOs are taking note. Gartner predicts that by 2026, one in five organizations will have invested in the technology (up from only 1% in 2022). But in a market still in its early stages, the cement has yet to harden on what exactly a DSPM tool is (and isn’t) and what CISOs need to look for before investing. 1. Does it cover all our data services? A good DSPM solution needs to be able to find data across any of the varied services found in a modern-day…

We all know CISA as the governing agency for federal cybersecurity and the national operating hub for critical infrastructure security. But what are the free critical cyber hygiene services provided by the Cybersecurity and Infrastructure Security Agency (CISA), and how can you take advantage of them in your organization? What is CISA? CISA defines itself as “the Nation’s risk advisor” and explains how it is integral to mobilizing a collective defense to best manage risk to critical infrastructure. Despite being a federal agency, they work with both the public and private sectors, leveraging resources wherever they can find them: the…

The need for robust cybersecurity measures has never been greater in a time when cyber threats are evolving rapidly, and breaches have become an inevitability for businesses in every sector. Managing this complex threat landscape requires advanced solutions and skilled experts who understand modern threats and the malefactors behind them. However, despite the growing awareness of cyber risks, businesses struggle with a desperate shortage of cybersecurity skills. This is a significant problem, as internal security teams cannot keep up with the growing complexity, number, and sophistication of cyber threats. A Shallow Talent Pool In the face of the persistent cybersecurity skills shortage,…

Data Security Posture Management (DSPM) is a rising star in the cybersecurity world, and for good reason. With so many diverse environments, complex pipelines, and random repositories, important data often ends up in the wrong places, or worse – lost in the cloud without anybody knowing it. This “shadow data” can undermine an organization’s security posture entirely, leaving countless “ticking time bombs” for attackers to find and detonate. In their report, Innovation Insight: Data Security Posture Management, Gartner reviews the timeliness of DSPM and what it can do for hard-to-reach data that other tools leave behind. Three major takeaways: 1. …

It’s no secret that human error accounts for a disproportionate number of data breaches. Last year, it accounted for 74%; this year, the Verizon 2024 Data Breach Investigations Report noted that it rose to 76% per the same criteria. States the report, “The percentage of breaches caused by Error actions is rising…as opposed to external actors who are exploiting weak credentials through credential stuffing or brute force attacks.” And yet, catching people in the act of making a mistake is an incredibly difficult task. Almost insurmountable. So, how do you bring down errors? A better question might be: How do…

As we strive to “Secure Our World” this Cybersecurity Awareness Month, a few irrepressible haunts keep rearing their ugly heads. Here are some of the most malicious monsters hiding under our proverbial cybersecurity beds and what we need to know to stay safe this season. AI-generated misinformation From a fake social media Tom Cruise (old news) to a more recent – and serious – slew of political spoofs, visual fakes are being weaponized by anyone with access to cheap Artificial Intelligence (AI). Here are some real-life frights: AI-generated misinformation is so alarming because AI regulation is still nascent, and there…

Any company that employs APIs can tell you that they’re the glue that holds all things together, the hub that simplifies and scales digital growth. However, not all can tell you how to protect them. And that’s a problem. Thankfully, the OWASP (Open Web Application Security Project) API Security Top 10 can. A list defining the ten most nefarious, most relevant cyber threats to APIs each year, it is something that needs to be understood and studied by (at least) the security departments of any company that uses APIs, from startups to multinationals. Here’s why. Now, APIs are Everywhere Since…

Approximately 2.38 million customers worldwide use Amazon Web Services (AWS) to host and power their cloud-based business assets, per a recent market report. If you’re reading this, you’re probably one of them. With officially over half (50.1%) of the market share among the top ten cloud providers, it has a huge responsibility to ensure the safety of its customers. As part of its Shared Responsibility Model, it utilizes multiple high-powered security solutions to do the job, and AWS GuardDuty is one of its most common. However, no tool is perfect. The other half of the Shared Responsibilty Model – the…