Cybersecurity threats are no longer a matter of "if" but "when." While companies invest heavily in technical defenses, one important aspect often gets overlooked — communication.How an organization communicates during a cybersecurity incident determines the speed and effectiveness of its response, as well as the level of trust it maintains with stakeholders.Here, we’ll walk through the...

Over the past few years, many countries have made considerable efforts to bolster cybersecurity preparedness. These efforts are understandable when put into a geopolitical context: global relationships in the past five years have been among the most tumultuous in decades, cybersecurity threats are more sophisticated than ever, and the world is increasingly reliant on digital technologies.However,...

Federal Desktop Core Configuration (FDCC) was mandated by the US Office of Management and Budget (OMB) in 2007 and provides a set of security standards that must be adhered to by all federal workstations and laptops running Windows XP or Vista.FDCC evolved into the United States Government Configuration Baseline (USGCB) starting in 2010, although some agencies and contracts may still be under...

At a time when cyber threats seem to escalate daily, security teams are always on the lookout for new ways to protect their sensitive data and systems. For some, Privileged Access Workstations (PAWs) are being viewed as one solution to keep privileged accounts and critical systems safe from compromise. These are specialized workstations built for administrators and users who manage highly...

Protecting individual privacy is paramount, given the proliferation of Personally Identifiable Information (PII) and other sensitive data collected by enterprises across all industries. One way to protect sensitive data is through PII masking e.g., consistently changing names or including only the last four digits of a credit card or Social Security Number.What is data masking?Data masking...

The Monetary Authority of Singapore (MAS) is both the central bank and chief financial regulator of Singapore. As such, they publish best practices (“Guidelines”) and legally binding regulations (“Notices”) regarding technology risk management and cyber hygiene. Mandatory requirements include:Notice on Technology Risk Management (FSM N21)Notice on Cyber Hygiene (FSM N22)Notice on Management of...

It is a significant benefit that the world is connected the way it is, with the potential for even greater interconnectivity. However, this has come at huge costs, too, considering the rise in the direct involvement of state actors engaged in cyber warfare. Against this background, nations have a more acute awareness of digital vulnerabilities, which has radiated into regulatory frameworks...

Protecting sensitive patient information is more critical than ever. With technologies evolving at a breakneck pace and the number of cyber threats targeting healthcare entities in the United States skyrocketing, healthcare organizations must have robust policies and guardrails in place to ensure patients' confidential information doesn't fall into the wrong hands.One of the essential frameworks...

IntroductionIn a report published by Statista, cybercrime cost the world over $9 trillion in 2024 and is predicted to rise to nearly $14 trillion by 2028. These figures are a deep source of worry for governments and private businesses about what’s next in the cyber threat landscape.The problem is that cyber threats are rising in both volume and scale. More so, the major threats are directed at...

The Verizon 2023 Data Breach Investigations Report made a startling revelation: Basic Web Application Attacks accounted for nearly one-fourth of the entire breach data set. Although not the most sophisticated threats, common web attacks like credential stuffing and SQL injection continue to wreak havoc on the cybersecurity landscape—just like phishing and emerging AI-based attacks—and for good...

If your website is targeting multiple states or countries, by default, you face a double-pronged challenge: adapting to regional regulatory demands while defending against sophisticated cyber threats. Tackling this requires localization. But what does the term actually entail?Localization isn’t just about tailoring products, services, and infrastructure to meet local market requirements; it has...

Critical infrastructure organizations bear an enormous responsibility. The assets, systems, and networks they manage are crucial to the functioning of a healthy society. They provide water, energy, transportation, healthcare, telecommunications, and more—should they fail, they would bring entire countries to their knees.The vast importance of Critical National Infrastructure (CNI) makes it a prime...

What is it?The Tripwire Enterprise Critical Change Audit rules provide customers with the ability to monitor for critical events that could have a significant impact on a system. Monitoring for critical events can help administrators identify malicious and/or unexpected changes within their environment.Changes To CCAAdditional rules were added to the Critical Change Audit rule set. These rules...

Abu Dhabi is boosting its healthcare system with the introduction of the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS). This initiative, driven by the Department of Health—Abu Dhabi (DoH)—has been put in place to protect sensitive healthcare data, improve cybersecurity resilience, and keep healthcare services running smoothly.At a time when cyber threats are skyrocketing in...

The evolution of the cyber threat landscape highlights the need for organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Criminals often exploit known unpatched vulnerabilities to penetrate Industrial Control Systems (ICS) environments and disrupt critical operations. Although patch management seems like the obvious...

What is it?The Tripwire Enterprise Change Audit rules provide customers with the ability to monitor for change events that could have an impact on a system. Monitoring for change events can help administrators identify malicious and/or unexpected changes within their environment.Changes to CAAdditional rules were added to the Change Audit rule set. These rules provide customers the ability to...

Over 80% of businesses use at least one Software-as-a-Service (SaaS) application in their operations, per a report by SaaS Academy. It’s easy to see why SaaS applications are the fulcrum of many businesses today. From collaboration tools to CRMs, SaaS platforms enable flexibility, scalability, and operational efficiency. However, this convenience also comes with several security risks.According to...

The latest version of the CIS Controls was released in June 2024. The new version, 8.1, introduces some minor updates via design principles.ContextNew asset classes are updated to better match the specific parts of an enterprise’s infrastructure that each Safeguard applies to. New classes require new definitions, so CIS has also enhanced the descriptions of several Safeguards for greater detail,...

The manufacturing sector has long been a favorite target for ransomware actors. However, the true scale of the issue has only recently become apparent: research published in Infosecurity Magazine last December revealed that ransomware attacks on manufacturing companies have caused an estimated $17bn in downtime since 2018. But why is the manufacturing sector so vulnerable? And what can...

Late last year, Australia’s Cyber Security Act 2024 received Royal Assent and became Law. It was a huge moment for cybersecurity legislation in Australia, serving as the country’s first-ever standalone cybersecurity law, addressing key legislative gaps, and bringing the country in line with international best practices. But what’s included in the Act? And what does it mean for businesses? Keep...