Search results for Security | Breaking Cybersecurity News | The Hacker News

Security teams typically have great visibility over most areas, for example, the corporate network, endpoints, servers, and cloud infrastructure. They use this visibility to enforce the necessary security and compliance requirements. However, this is not the case when it comes to sensitive data sitting in production or analytic databases, data warehouses or data lakes. Security teams have to rely on data teams to locate sensitive data and enforce access controls and security policies. This is a huge headache for both the security and data teams. It weakens the business's security and compliance putting it at risk of exposing sensitive data, large fines, reputational damages, and more. Also, in many cases, it slows down the business's ability to scale up data operations.  This article examines how Satori, a data security platform, gives control of the sensitive data in databases, data warehouses and data lakes to the security teams. Satori's  automated data security plat...

As cloud applications are built, tested and updated, they wind their way through an ever-complex series of different tools and teams. Across hundreds or even thousands of technologies that make up the patchwork quilt of development and cloud environments, security processes are all too often applied in only the final phases of software development.  Placing security at the very end of the production pipeline puts both devs and security on the back foot. Developers want to build and ship secure apps; security teams want to support this process by strengthening application security. However, today's security processes are legacy approaches that once worked brilliantly for the tight constraints of on-prem production, but struggle in ever-shifting cloud environments. As a result, security is an afterthought, and any attempt to squeeze siloed security into agile SDLC can  swell the cost of patching by 600% . A new cloud security operating model is long overdue. Shift-left is an ...

In the modern enterprise, data security is often discussed using a complex lexicon of acronyms—DLP, DDR, DSPM, and many others. While these acronyms represent critical frameworks, architectures, and tools for protecting sensitive information, they can also overwhelm those trying to piece together an effective security strategy. This article aims to demystify some of the most important acronyms in data security today and offer practical guidance to help businesses navigate the data security landscape and protect their most valuable assets with confidence. What's driving data security? In today's ever-evolving digital landscape, data security has become a top priority for businesses of all sizes. As data continues to be the most valuable asset for organizations, the need to protect it from breaches, unauthorized access, and other security threats grows. But what exactly is driving businesses to prioritize data security? From compliance with regulations to safeguarding intellectual pr...

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...

Organizations have been worrying about cyber security since the advent of the technological age. Today, digital transformation coupled with the rise of remote work has made the need for security awareness all the more critical. Cyber security professionals are continuously thinking about how to prevent cyber security breaches from happening, with employees and contractors often proving to be the most significant risk factor for causing cyber security incidents. Proactive cyber security professionals will find that an effective security awareness training program can significantly reduce their risk of getting exposed to a cyber incident. For a security awareness training program to be successful, it must be measurable and yield positive, actionable results over time.  The following looks at what good security awareness looks like and how vital  phishing simulations and awareness training  is in devising effective  cyber security programs.  The essentials of ...

Assessing the performance of your security team is critical to both knowing your current posture, as well as planning ahead. ' The Ultimate 2019 Security Team Assessment Template ' is the first attempt to capture all the main KPIs of the security team main pillars, saving CIOs and CISOs the time and effort of creating such an assessment from scratch and providing them with a simple and easy-to-use tool to measure how their teams are operated in 2019, while setting up performance targets for 2020. Building such a template is challenging because security teams vary greatly in size and internal responsibility distribution. Additionally, there is little consistency in the terms used to designate the various positions across the industry – security analyst, for example, could have one meaning in a certain company and different one in another. The same goes for architects, managers, and directors. The Security Team Assessment Template ( download here ) addresses this chall...

On the surface, Salesforce seems like a classic Software-as-a-Service (SaaS) platform. Someone might even argue that Salesforce invented the SaaS market. However, the more people work with the full offering of Salesforce, the more they realize that it goes beyond a traditional SaaS platform's capabilities. For example, few people talk about managing the security aspects of  Salesforce Release Updates.  By understanding what Release Updates are, why they pose a security risk, and how security teams can mitigate risk, Salesforce customers can better protect sensitive information. How to ensure the right configurations for your Salesforce security What are Salesforce Release Updates? Since Salesforce does not automatically update its platform, it does not follow the traditional SaaS model. For example, most SaaS platforms have two types of releases, security, and product improvements. Urgent security updates are released as soon as a security vulnerability is known, and prod...

Due to the rapid evolution of technology, the Internet of Things (IoT) is changing the way business is conducted around the world. This advancement and the power of the IoT have been nothing short of transformational in making data-driven decisions, accelerating efficiencies, and streamlining operations to meet the demands of a competitive global marketplace. IoT At a Crossroads IoT, in its most basic terms, is the intersection of the physical and digital world with distinct applications and purposes. It is devices, sensors, and systems of all kinds harnessing the power of interconnectivity through the internet to provide seamless experiences for business. Up until today, we, as security professionals, have been very good at writing about the numerous and varying IoT applications and uses and have agreed upon the fact that the security of the IoT is important. However, have we really understood the big picture? And that is for IoT to really reach its full potential as a fully inter...

Zero Trust security changes how organizations handle security by doing away with implicit trust while continuously analyzing and validating access requests. Contrary to perimeter-based security, users within an environment are not automatically trusted upon gaining access. Zero Trust security encourages continuous monitoring of every device and user, which ensures sustained protection after successful user authentication. Why companies adopt Zero Trust security Companies adopt Zero Trust security to protect against complex and increasingly sophisticated cyber threats. This addresses the limitations of traditional, perimeter-based security models, which include no east-west traffic security, the implicit trust of insiders, and lack of adequate visibility.  Traditional vs. Zero Trust security Zero Trust security upgrades an organization's security posture by offering: Improved security posture : Organizations can improve their security posture by continuously gathering data on...