Expert analysis
AI outsourcing: A strategic guide to managing third-party risks
In an era of artificial intelligence (AI) revolutionizing business practices, many companies are turning to third-party AI services for a competitive edge. However, this …
We can’t risk losing staff to alert fatigue
The oft-quoted Chinese military strategist Sun Tzu famously claimed: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Exchange …
February 2024 Patch Tuesday forecast: Zero days are back and a new server too
UPDATE: February 13, 14:55 ET – February 2024 Patch Tuesday is live. January 2024 Patch Tuesday is behind us. A relatively light release from Microsoft with 39 CVEs …
10 tips for creating your security hackathon playbook
For more than 12 years, I’ve been organizing and running hackathons with the goal of finding security vulnerabilities and fixing them before a product hits the market. These …
3 ways to achieve crypto agility in a post-quantum world
Working at the speed of digital business is a constant challenge. But in today’s increasingly automated operational environment, crypto agility—i.e., an organization’s ability …
Migrating to the cloud: An overview of process and strategy
Over the next few years, the number of organizations navigating to the cloud to advance their business goals is expected to grow exponentially. According to Gartner, more than …
Does CVSS 4.0 solve the exploitability problem?
The newest version of the vulnerability scoring system CVSS 4.0 is here! After a lengthy gap between version 3 (released in 2015), as of November 2023 version 4.0 is …
Great security or great UX? Both, please
A new user is signing up for a SaaS application. On the one hand, UX teams want that user to get into the app as quickly as possible. On the other hand, security teams want …
The effect of omission bias on vulnerability management
Whether we’d like to admit it to ourselves or not, all humans harbor subconscious biases that powerfully influence our behavior. One of these is the omission bias, which has …
Why cyberattacks mustn’t be kept secret
No company is immune to cyberattacks, but when the inevitable happens, too many companies still try to maintain a wall of silence. In fact, over half of security professionals …
Without clear guidance, SEC’s new rule on incident reporting may be detrimental
The SEC has instituted a set of guidelines “requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material …
Out with the old and in with the improved: MFA needs a revamp
From AI to ZTA (zero-trust architecture), the technology responsible for protecting your company’s data has evolved immensely. Despite the advances, cybercriminals repeatedly …