Resources

5 Cybersecurity Steps You Should Already Be Taking
Blog
Blog

Artificial Intelligence, a new chapter for Cybersecurity?

By Tripwire Guest Authors on Thu, 11/10/2022
Artificial Intelligence (AI) is a trending topic for many industries now. A variety of organizations currently employ AI mechanisms to support their operational functions. Automated tasks, natural language processing, deep learning, and problem-solving; such AI characteristics have made business tasks much easier. The factor of security in AI is largely overlooked, and with the increasing number...
Cybersecurity
WEF Report Details Best Practices for Zero Trust Deployment
Blog
Blog

WEF Report Details Best Practices for Zero Trust Deployment

By Tripwire Guest Authors on Wed, 11/09/2022
Cybersecurity, like broader technological disciplines, is an ever-changing landscape that industry professionals must adapt to. The zero-trust model of cybersecurity has grown recently as organizations update their security practices to keep pace with, and stay ahead of evolving threats. Zero Trust Network Access (ZTNA) increased by 230% from 2019 to 2020, and more than 80% of C-suite leaders cite...
Vulnerability & Risk Management
Cybersecurity
Developing an Effective Change Management Program
Blog
Blog

Developing an Effective Change Management Program

By John Salmi on Tue, 11/08/2022
Change detection is easy. What is not so easy, is reconciling change. Change reconciliation is where most organizations stumble. What was the change? When was it made? Who made it? Was it authorized? The ability to answer these questions are the elements that comprise change management. Historically, the haste of accomplishing a task consisted of a sysadmin moving full-speed ahead to satisfy the...
Vulnerability & Risk Management
Cybersecurity
Security Configuration Management
Getting started with Zero Trust: What you need to consider
Blog
Blog

Getting started with Zero Trust: What you need to consider

By David Bruce on Mon, 11/07/2022
Have you ever walked up to an ATM after another person finished with the machine only to find they left it on a prompt screen asking, “Do you want to perform another transaction?” I have. Of course, I did the right thing and closed out their session before beginning my own transaction. That was a mistake an individual made by careless error which could have cost them hundreds of their own currency...
Cybersecurity
Compliance
NIST
Security Configuration Management
Why DevSecOps must be embraced in healthcare organizations
Blog
Blog

Why DevSecOps must be embraced in healthcare organizations

By Tripwire Guest Authors on Mon, 11/07/2022
As the healthcare industry becomes more digitally inclined, there’s a need for systems to be put in place to avoid breaches in the security of data records. Most healthcare organizations are already embracing the DevOps (Development and Operations) model, but unfortunately, security seems to be neglected, resulting in data breaches and numerous cyber attacks on software and mobile applications...
Cybersecurity
Privacy Updates in Q2 2022: Major Developments Across the Globe
Blog
Blog

Privacy Updates in Q3 2022: Major Developments Across the Globe

By Tripwire Guest Authors on Fri, 11/04/2022
The third quarter saw some major developments across the privacy space. In the U.S., we saw a federal bill for comprehensive privacy achieve more than ever before, children’s privacy proved to remain a top concern, and the Federal Trade Commission formally began its heavily criticized “Magnuson-Moss rulemaking” process. Not to be outdone, the international community saw marked progress as well...
Cybersecurity
File Integrity & Change Monitoring
Incident Detection & Investigation
Verified Phishing
Blog
Blog

Verified users beware! Scammers are exploiting Twitter turmoil caused by Elon Musk's takeover

By Graham Cluley on Thu, 11/03/2022
As everyone has surely heard by now, Elon Musk has bought Twitter . The controversial tech maverick's takeover of the site has caused some consternation for the site's users , employees , and advertisers - and has also proven a golden opportunity for scammers . Numerous verified Twitter users have reported receiving phishing emails from fraudsters, purporting to be a legitimate message from the...
Cybersecurity
5 Myths About Online Privacy
Blog
Blog

5 Myths About Online Privacy

By Tripwire Guest Authors on Thu, 11/03/2022
Every year has been an unfortunate year for online privacy for the past few years. Data breaches and social engineering attacks are at an all-time high, and the concept of online data privacy is challenged to its core, with millions of users being affected every month. IBM’s Cost of a Data Breach Report highlighted that the average data breach cost increased 2.6%, from USD 4.24 million in 2021 to...
Vulnerability & Risk Management
Cybersecurity
Brace yourself – ISO27001 changes are coming
Blog
Blog

Brace yourself – ISO27001 changes are coming

By Tripwire Guest Authors on Wed, 11/02/2022
If you’re not aware already, then be prepared for change, because a new version of ISO27001 was published in October 2022 ! It’s all very exciting! The last change to the standard was in 2017. The changes made back then were fundamentally cosmetic, with a few minor tweaks to wording. The changes barely caused a ripple and, even today, organisations are still certified to ISO27001:2013, meaning...
Cybersecurity
Compliance
Keeping threat actors away from your supply chain
Blog
Blog

Keeping threat actors away from your supply chain

By Tripwire Guest Authors on Wed, 11/02/2022
The supply chain is a complex environment that goes deep inside a business and involves the majority of its infrastructure, operations, personnel, and outer relations: vendors, partners, and customers. To protect that matrix is extremely difficult, as there are numerous sensitive nodes, lines, and processes that a security team has to take care of: software and hardware resources, cloud , hybrid...
Vulnerability & Risk Management
Cybersecurity
New Canadian Cyberattack Data Says 80% of SMBs Are Vulnerable
Blog
Blog

New Canadian Cyberattack Data Says 80% of SMBs Are Vulnerable

By Tripwire Guest Authors on Tue, 10/25/2022
If you were to take a look at the cybersecurity news cycle, you’d be forgiven for thinking that it’s only large enterprises with expansive customer bases and budgets that are the most vulnerable to attacks. But that’s not entirely true. Even if it’s at a much smaller scale, small- and medium-sized businesses (SMBs) still have stores of sensitive information that’s appealing to bad actors — and...
Cybersecurity
File Integrity & Change Monitoring
Incident Detection & Investigation
Top trends in Application Security in 2022
Blog
Blog

Shifting Left with SAST, DAST, and SCA: Advanced Best Practices

By Tripwire Guest Authors on Thu, 10/20/2022
In the past, teams incorporated security testing far after the development stage of the Software Development Lifecycle (SDLC) . Security testing would influence whether the application would to proceed to production, or get passed back to the developers for remediation. This process caused delays while teams worked on remediation or, worse yet, it increased security risks when teams released...
Cybersecurity
Compliance
CIS Controls
An Introduction to the State and Local Cybersecurity Grant Program
Blog
Blog

An Introduction to the State and Local Cybersecurity Grant Program (SLCGP)

By David Henderson on Wed, 10/19/2022
Cybersecurity funding in corporate environments has always been a source of anxiety for those who seek to keep organizations safe. When we examine the cybersecurity readiness of many state, local, and territorial governments, this funding struggle is taken to new heights of scarcity. Fortunately, a new program has been created by the Department of Homeland Security (DHS) to improve this shortfall...
Cybersecurity
Compliance
Stop blaming employees for cybersecurity breaches
Blog
Blog

Stop blaming employees for cybersecurity breaches

By Tripwire Guest Authors on Tue, 10/18/2022
When companies drive a wedge between their workforce and their security culture , not only do they reduce best practices, but they also increase stress and jeopardise secure behaviours. We need to stop blaming employees for cybersecurity breaches and look at the real reasons that data is compromised. Furthermore, as long as there are humans at work, there will be human error at work. It is natural...
Cybersecurity
Vulnerability Scanning vs. Penetration Testing
Blog
Blog

Vulnerability Scanning vs. Penetration Testing

By Babar Mahmood on Tue, 10/18/2022
One of the most important parts of a solid security program involves testing to see where your weaknesses lie. Continual improvement cannot be achieved without continual review. However, many people confuse the importance of vulnerability scanning with penetration testing. As a means of protecting an enterprise, one can never take precedence over, or replace the other. Both are equally important...
Vulnerability & Risk Management
Cybersecurity
Guide
Guide

A Tripwire Zero Trust Reference Architecture

The concept of Zero Trust Architecture is fairly straightforward. Networks and systems have been traditionally designed with the assumption that everybody inside a defined perimeter can be trusted and that everybody outside that perimeter is hostile. With that assumption, the idea of building an impenetrable wall around that perimeter makes perfect sense. Over time, and as technology has advanced...
Cybersecurity
Guide
Guide

Understanding Your Attack Surface: The First Step in Risk-based Security Intelligence

As chief information security officer (CISO), it’s now a job requirement to effectively communicate with your non-technical C-suite and board of directors—preferably not just after there’s been a breach. This is the first in a series of executive white papers designed to share strategies for reducing your attack surface risk as well as how to clearly and objectively communicate your overall security posture to non-technical executives. Download this white paper and learn about: The definition of “attack surface” — and risks associated Design goals of attack surface analytics What non-technical C-suite executives and board members want
Cybersecurity