Security teams today are contending with an ever-increasing attack surface and an exponentially growing volume of vulnerabilities. Yet most teams are still equipped with the cybersec equivalent of a bucket to shovel out an ocean of CVEs. Buying them another shiny new bucket pales in comparison to plugging the actual leak in your ship (or enterprise).

Vulnerabilities can’t all be patched, so prioritizing these based on business risk is the most grounded approach. While leading security teams have begun to implement more advanced vulnerability management (VM) programs, others are struggling with outdated, manually intensive and less effective ways of managing vulnerabilities without context or insights on the true risk they pose. This can only work for so long, as it requires the continuous process of monitoring, discovering, analyzing, and remediating vulnerabilities across all potential attack vectors. Even then, good old human error sneaks its way in.

Hybrid cloud and hybrid work have changed where and how we access systems, challenging organizations to find ways to secure the enterprise while delivering the best user experience.

While cloud-delivered Zero Trust Network Access (ZTNA) solutions are now widely adopted to secure remote work, they don't deliver the application performance and inline policy enforcement needed for workers at the office.

While email remains the most common path to target an organization, we're increasingly using other tools like Slack, Teams and Zoom too, so cybercriminals are steadily shifting their tactics and targeting these additional entry points across the enterprise.

AI-based email security platform Abnormal Security is launching a range of new additions to its product focused on expanding security detection for these collaboration tools.

According to a new study, 86 percent of software developers and AppSec managers surveyed have or know someone who has knowingly deployed vulnerable code.

What's more the study from Checkmarx shows 88 percent of AppSec managers surveyed have experienced at least one breach in the last year as a direct result of vulnerable application code.

Insider attacks including fraud, sabotage, and data theft, plague nearly three quarters (71 percent) of US businesses, according to Capterra's 2023 Insider Threats Survey.

Perhaps unsurprisingly companies that allow excessive data access are much more likely to report falling victim to insider attacks. However, only 57 percent of companies limit data appropriately while 31 percent allow employees access to more data than necessary and 12 percent allow employees access to all company data.

In today's complex cybersecurity landscape, keeping track of all the processes and workflows involved can be a difficult task.

Today sees Torq launch an enterprise-grade security 'hyperautomation' platform that is capable of automating the most complex security infrastructures. It also offers a GPT AI-based analytics capability for auto-analyzing cybersecurity incidents, making strategic responses, and informing immediate and long-term defensive measures.

Business and technology leaders are finally coming together not just to understand the new edge computing ecosystem, but to make more predictable, data-informed business decisions.

A new report from AT&T Cybersecurity finds that collaboration among leaders, as well as external partners in the ecosystem, will be critical for the edge journey ahead. But while the report finds organization's silos are beginning to erode and converge, more progress needs to be made.

As a report last year showed, the change to working habits over the last few years has gone hand-in-hand with a rise in the theft of data.

We spoke to Cyberhaven CSO, Chris Hodson, to find out how enterprise CISOs can meet this challenge and keep their data safe.

Many security professionals have been misled into believing in the overhyped promise of agentless security. But it looks like the long-lasting 'agentless vs. agent' debate is finally over and the result is finally in -- if you want great cloud workload security, you need an agent.

This noteworthy outcome arose when two of the leading agentless-only vendors finally gave in and announced partnerships with agent-based runtime security and CWPP (cloud workload protection platform) vendors. This is big news, because both of these companies had previously, and persistently proclaimed, that agents are 'old school' and that 'agent-based security is dead'.

'Graymail' refers to those emails that aren't quite spam but which aren't necessarily all that helpful either. Think things like newsletters, announcements, or advertisements that you may have opted into in the past but which have outlived their usefulness.

It presents a headache for security teams as it can be hard to distinguish from malicious content like reconnaissance attacks. Armorblox is launching a new product aimed at cutting the time security teams spend managing graymail and mitigating the security risks from malicious recon attacks.

New research reveals that CISOs are finding it increasingly difficult to keep their software secure as hybrid and multicloud environments become more complex, and teams continue to rely on manual processes that make it easier for vulnerabilities to slip into production.

The study from Dynatrace shows 68 percent of CISOs say vulnerability management is more difficult because the complexity of their software supply chain and cloud ecosystem has increased.

A new report based on publicly available resources finds a 25 percent increase in ransomware victims from Q4 2022 and a 27 percent increase compared to Q1 of the same year.

The study from GuidePoint Security's Research and Intelligence Team (GRIT) tracked 849 total publicly posted ransomware victims claimed by 29 different threat groups in the first quarter of this year.

Cybercriminals are incessantly coming up with new ways to compromise online systems and wreak havoc, creating an ever-growing need for cybersecurity practitioners in every organization across the globe who understand international security standards, such as the ISO27k family of standards.

If you’re looking to ensure that your company's data conforms to these standards, Cybersecurity and Privacy Law Handbook has got you covered.

A record 26,448 software security flaws were reported by CISA last year, with the number of critical vulnerabilities (CVEs) up 59 percent from 2021 at 4,135.

The 2023 Annual Threat Intelligence Report, from the Deepwatch Adversary Tactics and Intelligence (ATI) team, also shows that the conflict between Ukraine and Russia has unleashed a flurry of amateur and state-sponsored attacks and breaches on organizations and critical infrastructure.

Thanks to increased cloud and container use there's a growing demand for machine identities, but delivering and managing those identities can present problems.

Machine ID specialist Venafi is launching a new tool called Firefly that enables security teams to easily and securely meet developer-driven machine identity management requirements for cloud native workloads by issuing machine identities, such as TLS and SPIFFE, locally and quickly across any environment.