Blog

Blog

Japan Passes Active Cyber Defense Bill

Over the past few years, many countries have made considerable efforts to bolster cybersecurity preparedness. These efforts are understandable when put into a geopolitical context: global relationships in the past five years have been among the most tumultuous in decades, cybersecurity threats are more sophisticated than ever, and the world is increasingly reliant on digital technologies.However,...
Blog

Federal Desktop Core Configuration (FDCC/USGCB) Compliance

Federal Desktop Core Configuration (FDCC) was mandated by the US Office of Management and Budget (OMB) in 2007 and provides a set of security standards that must be adhered to by all federal workstations and laptops running Windows XP or Vista.FDCC evolved into the United States Government Configuration Baseline (USGCB) starting in 2010, although some agencies and contracts may still be under...
Blog

Implementing Privileged Access Workstations: A Step-by-Step Guide

At a time when cyber threats seem to escalate daily, security teams are always on the lookout for new ways to protect their sensitive data and systems. For some, Privileged Access Workstations (PAWs) are being viewed as one solution to keep privileged accounts and critical systems safe from compromise. These are specialized workstations built for administrators and users who manage highly...
Blog

An Introduction to Data Masking in Privacy Engineering

Protecting individual privacy is paramount, given the proliferation of Personally Identifiable Information (PII) and other sensitive data collected by enterprises across all industries. One way to protect sensitive data is through PII masking e.g., consistently changing names or including only the last four digits of a credit card or Social Security Number.What is data masking?Data masking...
Blog

MAS Compliance 101: Key Regulations for Financial Institutions in Singapore

The Monetary Authority of Singapore (MAS) is both the central bank and chief financial regulator of Singapore. As such, they publish best practices (“Guidelines”) and legally binding regulations (“Notices”) regarding technology risk management and cyber hygiene. Mandatory requirements include:Notice on Technology Risk Management (FSM N21)Notice on Cyber Hygiene (FSM N22)Notice on Management of...
Blog

Cross-Border Data Compliance: Navigating Public Security Regulations in a Connected World

It is a significant benefit that the world is connected the way it is, with the potential for even greater interconnectivity. However, this has come at huge costs, too, considering the rise in the direct involvement of state actors engaged in cyber warfare. Against this background, nations have a more acute awareness of digital vulnerabilities, which has radiated into regulatory frameworks...
Blog

CMS ARS: A Blueprint for US Healthcare Data Security and Compliance

Protecting sensitive patient information is more critical than ever. With technologies evolving at a breakneck pace and the number of cyber threats targeting healthcare entities in the United States skyrocketing, healthcare organizations must have robust policies and guardrails in place to ensure patients' confidential information doesn't fall into the wrong hands.One of the essential frameworks...
Blog

The Intersection of Public Policy and Cybersecurity: Building a Framework for 2025 and Beyond

IntroductionIn a report published by Statista, cybercrime cost the world over $9 trillion in 2024 and is predicted to rise to nearly $14 trillion by 2028. These figures are a deep source of worry for governments and private businesses about what’s next in the cyber threat landscape.The problem is that cyber threats are rising in both volume and scale. More so, the major threats are directed at...
Blog

The 10 Most Common Website Security Attacks (and How to Protect Yourself)

The Verizon 2023 Data Breach Investigations Report made a startling revelation: Basic Web Application Attacks accounted for nearly one-fourth of the entire breach data set. Although not the most sophisticated threats, common web attacks like credential stuffing and SQL injection continue to wreak havoc on the cybersecurity landscape—just like phishing and emerging AI-based attacks—and for good...
Blog

The Role of Localization in Cybersecurity Threat Mitigation

If your website is targeting multiple states or countries, by default, you face a double-pronged challenge: adapting to regional regulatory demands while defending against sophisticated cyber threats. Tackling this requires localization. But what does the term actually entail?Localization isn’t just about tailoring products, services, and infrastructure to meet local market requirements; it has...
Blog

Strengthening Critical Infrastructure with the NCSC CAF

Critical infrastructure organizations bear an enormous responsibility. The assets, systems, and networks they manage are crucial to the functioning of a healthy society. They provide water, energy, transportation, healthcare, telecommunications, and more—should they fail, they would bring entire countries to their knees.The vast importance of Critical National Infrastructure (CNI) makes it a prime...
Blog

Tripwire Enterprise Critical Change Audit: March 2025 Updates

What is it?The Tripwire Enterprise Critical Change Audit rules provide customers with the ability to monitor for critical events that could have a significant impact on a system. Monitoring for critical events can help administrators identify malicious and/or unexpected changes within their environment.Changes To CCAAdditional rules were added to the Critical Change Audit rule set. These rules...
Blog

Understanding the Abu Dhabi Healthcare Information and Cyber Security Standard

Abu Dhabi is boosting its healthcare system with the introduction of the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS). This initiative, driven by the Department of Health—Abu Dhabi (DoH)—has been put in place to protect sensitive healthcare data, improve cybersecurity resilience, and keep healthcare services running smoothly.At a time when cyber threats are skyrocketing in...
Blog

ICS Environments and Patch Management: What to Do If You Can’t Patch

The evolution of the cyber threat landscape highlights the need for organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Criminals often exploit known unpatched vulnerabilities to penetrate Industrial Control Systems (ICS) environments and disrupt critical operations. Although patch management seems like the obvious...
Blog

Enhancing Security Monitoring with Tripwire's Change Audit: New Rules for Firewalls, WFP, and Microsoft Store Applications

What is it?The Tripwire Enterprise Change Audit rules provide customers with the ability to monitor for change events that could have an impact on a system. Monitoring for change events can help administrators identify malicious and/or unexpected changes within their environment.Changes to CAAdditional rules were added to the Change Audit rule set. These rules provide customers the ability to...
Blog

What is SaaS Security Posture Management (SSPM)?

Over 80% of businesses use at least one Software-as-a-Service (SaaS) application in their operations, per a report by SaaS Academy. It’s easy to see why SaaS applications are the fulcrum of many businesses today. From collaboration tools to CRMs, SaaS platforms enable flexibility, scalability, and operational efficiency. However, this convenience also comes with several security risks.According to...
Blog

CIS Controls Version 8.1: What you need to know

The latest version of the CIS Controls was released in June 2024. The new version, 8.1, introduces some minor updates via design principles.ContextNew asset classes are updated to better match the specific parts of an enterprise’s infrastructure that each Safeguard applies to. New classes require new definitions, so CIS has also enhanced the descriptions of several Safeguards for greater detail,...
Blog

Protecting the Manufacturing Sector from Ransomware

The manufacturing sector has long been a favorite target for ransomware actors. However, the true scale of the issue has only recently become apparent: research published in Infosecurity Magazine last December revealed that ransomware attacks on manufacturing companies have caused an estimated $17bn in downtime since 2018. But why is the manufacturing sector so vulnerable? And what can...
Blog

Making Sense of Australia’s New Cybersecurity Legislation

Late last year, Australia’s Cyber Security Act 2024 received Royal Assent and became Law. It was a huge moment for cybersecurity legislation in Australia, serving as the country’s first-ever standalone cybersecurity law, addressing key legislative gaps, and bringing the country in line with international best practices. But what’s included in the Act? And what does it mean for businesses? Keep...
Blog

Cybersecurity for Electricity Distribution [2025 Update]

Electricity transmission and distribution are popular topics at the moment, especially as they pertain to utilities infrastructure security. These essential pillars of modern society are undergoing rapid digital transformation, with increased connectivity and technological sophistication harboring large-scale cybersecurity challenges.Electrical critical infrastructure is prone to a plethora of...