Tag Archive for: shift

Rubrik urges shift from data backup to cyber resilience

/in


As World Backup Day approaches on March 31st, data security figure Anneka Gupta, Chief Product Officer at Rubrik, emphasises the rising importance of cyber resilience in aiding organisations to fortify themselves against cyber threats.

According to Gupta, relying solely on World Backup Day is insufficient in our fluid cybersecurity threat landscape. Instead, it is crucial we usher in “the era of cyber resilience, where the combination of cyber posture and cyber recovery will help to create a cyber resilient future and prepare organisations for any threat, at any stage of an attack.”

This declaration comes in the wake of evidence from a Rubrik Zero Labs State of Data Security report last year, which identified that not only had 93% of external organisations experienced attempts by malicious actors to disrupt data backups during a cyberattack, but 73% reported that these attempts were at least partially successful.

Gupta also examined the role of data recovery and backup systems, frequently referred to as an organisation’s last line of defence. In her perspective, “traditional solutions are no longer cutting it.” The questionable reliability of these solutions raises severe doubts about security, pivoting the critical question for organisations from ‘What backup solution do we have?’ to ‘Do I trust the solution and strategy I have in place?’

According to Gupta, the path to a cyber-resilient future requires organisations to execute three key strategies. Firstly, ensuring that data has suitable authentication and access controls can prevent cybercriminals from exploiting system vulnerabilities.

Secondly, possessing an ability to oversee vulnerable data and those affected when systems are compromised empowers IT and security teams to evaluate risks effectively and respond swiftly to threats.

Lastly, regular simulation and testing of recovery strategies are recommended. This ensures that organisations are prepared to restore critical data and systems with confidence in the event of an actual attack and without reintroducing malware.

While World Backup Day still retains significance, Gupta urges a transformation in our understanding of cyber security and a shift from mere…

Source…

How A Company’s Philosophy To ‘Shift Left’ Is Making Headway In The Data Privacy World.

/in


While data privacy continues to propagate daily headlines from breaches to new laws, many in the business world are wrestling with how to design a vigorous and thoughtful privacy program without bogging down the necessary speed of the software development life cycle.

Additionally, enterprises are learning firsthand the bottom-line value of maintaining and increasing overall customer trust and privacy is at the center of the conversation. According to a recent report from Forrester, post-pandemic, reduced tech dependency will combine with trust and privacy issues — including an inability to protect users from emerging risks and a lack of effective ethical measures in digital environments — to progressively erode consumers’ trust. We predict that by the end of 2023, consumers’ trust in tech companies will shrink 15%.

I recently had a chance to sit down with data privacy expert and TerraTrue co-founder and CEO, Jad Boutros, to discuss why he started the company, the changing privacy landscape, and where it’s headed next.

Gary Drenik: Tell me about your background and what motivated you to start TerraTrue.

Jad Boutros: I am a computer engineer by profession and entered the application security domain early in my career. I joined Google in 2004 as one of the first ten security engineers and had the rare opportunity to co-found, lead, and grow the Information Security Team. At Google, I gained a tremendous appreciation for the security field, and in particular, how hard it is to protect web and mobile applications from an ever-growing list of security threats. Developers and security teams need to work together inseparably to accomplish this feat, and towards that goal, I helped implement a world-class security review process and conducted security reviews across Google’s myriad products.

In 2014, when Snap (formerly Snapchat) had a security issue that became very public, they recognized the need to start a security team and reached out to me. I was immediately intrigued by the challenges they were facing, including a Federal Trade Commission consent decree for privacy, and decided to leave Google and join as their first security hire….

Source…

As Businesses Shift To Cloud, Ceos Need To Prioritise Cybersecurity: Pwc

/in


PwC’s 2022 Digital Trust Insights Survey indicates that Indian business leaders believe avoidable and unnecessary organisational complexity poses ‘concerning’ cyber and privacy risks.

As companies step towards a digital approach while navigating a hybrid work model and moving their entire process into the cloud, the threats and risks also seem to be shifting. While most CEOs in PwC’s 26th Annual Global CEO Survey identified inflation and macroeconomic risks as the biggest threats to their businesses in the year, mature economies such as Australia and Japan are worried more about cyber risk.

According to Check Point Research, Global cyberattacks increased by 38 percent in 2022 compared to 2021. Africa experienced the highest volume of attacks with 1,875 weekly attacks per organisation, followed by APAC with 1,691 weekly attacks per organisation, which would justify their concerns.


Research and consultancy firm Gartner predicted in one of its reports that by 2025, almost 95 percent of all workload will be deployed on the cloud. This means that companies are still in the process or are at are least thinking about it. Hence, almost 50 percent of all participating CEOs would rather be prepared by increasing investments in cybersecurity and data privacy even if they do not see it as an immediate threat.

PwC also suggested in its report that business leaders must stay ahead of cyber challenges by having a dedicated leadership group that understands the significance of cyber security and treats it as a priority.

PwC’s 2022 Digital Trust Insights Survey indicates that Indian business leaders believe avoidable and unnecessary organisational complexity poses ‘concerning’ cyber and privacy risks. A security focus that cuts across the entire business — from top leadership to every department and across all employees — is key to instilling a culture of cyber security, managing cyber risks, enhancing communication between boards and management, and aligning cyber and business strategy.

India was also one of the most targeted counties by cybercriminals, according to Indusface, a Tata Capital-funded software-as-a-service (SaaS) security firm. The firm said among the 829 million…

Source…

Implementing Shift Left Security in the Cloud

/in


While ransomware has been the leading concern for enterprise security teams over the few past years, software vulnerabilities are nipping at its heels. The boom in cloud-based apps and services and increased digitization of work have been a boon for hackers, who are taking advantage of developers’ and DevOps teams’ attempts to work faster and smarter to keep up with demand. One estimate says that four out of 10 zero-day attacks carried out in the last decade happened in 2021 alone.

Many things account for this increase. Developers are stretched and are reusing code, which allows for misconfigurations and vulnerabilities to reappear unexpectedly in different programs, and the use of multiple cloud services fragments security measures and reduces visibility into the code running many enterprise functions. This is why developers and security professionals alike are paying more attention to security throughout the software development life cycle (SDLC), particularly in the early stages.

Shift Left Security Principles and Challenges

The zero-day surge has led to an increased interest in shift left practices as a way to make security a priority in the development process. Shift left culture brings security into the equation much earlier in the software life cycle, before the software is deployed, rather than patch bugs after users report them. This preemptive approach helps head off vulnerabilities that can affect an application’s security posture unbeknown to its defenders.

Shift left principles can also enhance security when developers build applications for cloud platforms—such as Amazon Web Services, Microsoft’s Azure or Google Cloud—where visibility into the proprietary code and security tools of the platform can be limited. In a shift left culture, DevOps embeds least privilege policies as part of the daily work on cloud workloads, to protect network infrastructure and avoid granting excess permissions on those workflows.

For example, setting up role-based access control (RBAC) on Kubernetes containers enforces a least privilege model on those clusters and avoids excessive permissions that can lead to a breach, while removing admin credentials from continuous…

Source…