I'm a cybersecurity marketer with expertise writing about endpoint, cloud, zero trust, ASM, red teaming, threat intel, and third party risk management.
Security Posture Boost: 5 Steps to Effective Static Source Code Analysis
Source Code Analysis, also known as Static Application Security Testing (SAST), is a form of application testing that involves scanning an application’s source code at rest. It’s distinct from Dynamic Application Security Testing, or DAST, in that SAST doesn’t require executing the source code to scan for security vulnerabilities.
The main goal of a static source code analysis is to identify potential security vulnerabilities and flaws that could lead to a security breach in an application’s ...
Leveraging AI to Enhance Static Code Analysis (SAST)
Static application security testing (SAST) is a powerful tool to find and catch security vulnerabilities early in the application development lifecycle. Scanning static code for weaknesses prior to delivering a finished product enables software developers to deliver stronger, more secure applications to their customers and reduce the risk of cybercriminals exploiting known issues.
SAST does have its limitations. Scans rely on the underlying rules and patterns being accurate and comprehensive ...
Healthcare Cybersecurity Challenges in 2024: Thin Margins, Skills Shortage and Rising Cyberattacks
Healthcare remains one of the most commonly targeted industries for threat actors. The lower average spend on protecting critical information compared to other industries – healthcare organizations tend to allocate only around 6% of their IT budget to cybersecurity – plus minimal staff able to dedicate time to security creates a perfect storm of cyberattack risk.
Threat actors have taken notice of the limited staff and light focus on security controls. Data from the U.S. Department of Health ...
Cencora Data Breach Demonstrates the Risks Facing Pharmaceutical Companies
Data breaches against pharmaceutical companies are slightly less common than many other industries. This infrequency, especially related to retail, healthcare, and financial services, does not make successful attacks any less damaging. In fact, pharmaceutical data breaches may be less common but they are on average far more costly than many other industries. The average cost of a data breach in pharmaceuticals was $4.82 million in 2023, according to IBM’s Cost of a Data Breach report. This ma...
Securing the Collaborative Landscape: A Brief Guide to SharePoint Data Security
SharePoint is used by more than 200 million people across the globe. It’s a powerhouse of collaboration and document management within the Microsoft 365 ecosystem, ensuring that companies of all sizes can securely share information internally at the speed of business.
Companies often store their sensitive information in SharePoint, especially business-critical documents that organizations need for their day to day operations. The flexibility of SharePoint as an online storage method means tha...
Accurate Utilization Data Improves Hospital Revenue, Captial Planning and the Patient Experience
Hospitals strive to achieve two goals: maximize patient outcomes and perform care as efficiently as possible. Optimized utilization of connected medical devices, or the Internet of Medical Things (IoMT), empowers hospitals with better patient outcomes. This is true because of the data-sharing capabilities of connected equipment within the hospital, like CT scanners, MRIs, and infusion pumps.
Connected medical equipment needs to be used at a high level for the greatest efficiency. Unfortunatel...
Cyber Risk Quantification to Improve Security Effectiveness
Getting budget for cybersecurity tools is one of the most significant challenges many CISOs face. Adding defenses is difficult at best when many other senior leaders view cybersecurity as a cost center and checkbox exercise. If they’ve never experienced a cyber attack, it’s easy for financial leaders and others to say that basic security like multi-factor authentication and firewalls are good enough. They question why it’s worth spending money to invest in a new tool, especially when it’s dif...
Global AI Regulations and Their Impact on Third-Party Risk Management
Regulation of artificial intelligence technology is underway around the world, including in the United States, the United Kingdom, the European Union, and Canada. Regulatory bodies in those countries have either proposed or finalized documents emphasizing outright restrictions, conscientious development, and approval processes. The different focuses across multiple geographies create a patchwork of regulatory complexity for third-party risk managers and cybersecurity professionals seeking to ...
Largest Transportation and Logistics Cyberattacks of 2023
Transportation and logistics is one of the industries most poised to benefit from expanding Internet of Things (IoT) usage. For decades, companies in this space – third-party logistics (3PL) providers, freight trains, container shippers, and more – have sought a way to reliably track and trace the flow of goods from point to point. Passenger transportation companies have also sought to improve route planning and monitor weather patterns to make more accurate decisions about transit times and ...
4 Noteworthy Cyberattacks that Shook Manufacturing in 2023
The Internet of Things (IoT) has started to transform manufacturing. Dubbed “Industry 4.0,” the digital evolution of the manufacturing ecosystem integrates IoT devices throughout industrial settings. A few of the more common ways to see IoT devices pulled into the factory setting include worker safety, inventory management, predictive maintenance, and quality control.
These are use cases outside of what’s sometimes called the Industrial Internet of Things (IIoT), which can refer to internet-e...
Top Utilities Cyberattacks of 2023 and Their Devastating Impact on Critical Infrastructure
The companies that underpin critical infrastructure often use tens or hundreds of thousands of Internet of Things (IoT) devices for several use cases. Water utilities use remote sensors to monitor water quality and reservoir levels. Power companies leverage connected equipment to monitor for outages and higher usage levels throughout the system. Oil and gas companies use connected devices to monitor miles of geographically distributed pipelines.
These industrial sectors use IoT devices for a ...
Navigating the Compliance Maze: Harnessing SAST for Regulatory Success
Static application security testing (SAST) has a vital role to play in compliance. Regulatory and industry frameworks have distinct requirements for what makes a program meet its standards. More importantly, the average application is several thousand lines of code long. It’s unreasonable to expect any single individual to check the code they write and ensure it complies with standards manually.
With so many applications being developed and delivered every day, software development and applic...
Casinos Face New IoT Security Threats
As IoT Devices Collect Vast Amounts of Data, Casinos Must Prioritize Data Protection, Privacy, and IoT Security
The Las Vegas Strip is an iconic landmark in the Nevada desert. A shimmering temple to entertainment, glitz, and the possibility of hitting it big on one of the many games of chance in a massive casino. That same Strip has long been a target for criminals in and out of fiction.
For decades the threat was physical. Casinos dealt with people who tried to “beat the house” through cheat...
New SEC Cyber Risk Disclosure Rules: Not Just for Public Orgs
Author: Rusty Feldman, SVP of Global Sales, Asimily
Incident response and reporting can be challenging at the best of times. Organizations struggle to understand the origination point of a security incident, and forensic analysis of the attack pathway can be difficult to untangle. When a company must report the impact to the market, it’s difficult for interested parties to understand the real impact in a timely manner. When you consider that companies report breaches differently, that can als...
Shadow IoT: How Unmanaged Devices Put Companies at Risk
Shadow IT is one of the most persistent cybersecurity challenges today. Already, researchers estimate that 53% of departments refuse to use IT-approved tools and 80% of workers admit to using SaaS applications at work without getting approval from the IT department. Then there’s the issue of shadow Internet of Things (IoT) usage complicating matters even more. As IoT device usage has exploded, it’s become increasingly difficult to track and monitor everything that employees allow onto the cor...