Security Boulevard

Robust AI governance and threat detection with Mend AI Premium.

The post Introducing Mend AI Premium appeared first on Security Boulevard.

Veriti Research has identified a growing trend – attackers leveraging cloud infrastructure to facilitate malware distribution and command-and-control (C2) operations. This evolving tactic not only makes detection more challenging but also exposes organizations to significant security risks.  Malware Hosted on Cloud Services  One of the most alarming findings from our research is that over 40% […]

The post Veriti Research Uncovers Malware Exploiting Cloud Services  appeared first on VERITI.

The post Veriti Research Uncovers Malware Exploiting Cloud Services  appeared first on Security Boulevard.

By dismantling silos and enabling continuous visibility, organizations can strengthen their cybersecurity posture and align risk management with long-term business success. 

The post Juggling Cyber Risk Without Dropping the Ball: Five Tips for Risk Committees to Regain Control of Threats appeared first on Security Boulevard.

Nisos
DPRK IT Fraud Network Uses GitHub to Target Global Companies

Nisos is tracking a network of likely North Korean (DPRK)-affiliated IT workers posing as Vietnamese, Japanese, and Singaporean nationals with the goal of obtaining employment in remote engineering...

The post DPRK IT Fraud Network Uses GitHub to Target Global Companies appeared first on Nisos by Nisos

The post DPRK IT Fraud Network Uses GitHub to Target Global Companies appeared first on Security Boulevard.

Key Takeaways from the CSA Understanding Data Security Risk Survey
madhav
Tue, 03/04/2025 - 04:32

As hybrid and multi-cloud environments become increasingly popular, identifying, prioritizing, and mitigating data security risks becomes increasingly complex. How can we tackle this complexity? By gaining insight into how organizations handle risk. That’s the goal of the latest Cloud Security Alliance (CSA) Understanding Data Security Risk survey, which Thales is a proud sponsor of.

The survey report shares critical insights into the challenges organizations face when managing data security risk and offers actionable steps they can take to secure their most sensitive assets. So, let’s examine some of the key takeaways.

Limited Risk Understanding, Limited Risk Management

Perhaps the most notable revelation from the CSA report is that organizations have gaps in their ability to identify and prioritize vulnerabilities, creating significant challenges in managing data risks.

Statistics from the report drive home the scale of the issue: 31% of respondents say they lack tools to identify their riskiest data sources, while 12% don’t even know if they have such tools. This lack of adequate tooling, among other factors, resulted in 80% of respondents saying they don’t feel highly confident in their ability to identify high-risk data sources.

Other contributing factors include the complexity of hybrid and multi-cloud environments. Over half of the respondents reported operating in hybrid environments, while 27% use multi-cloud setups. The fragmented risk profiles and data distribution inherent in these cloud platforms make it harder to locate and prioritize vulnerabilities and can result in inconsistent management practices.

Organizations can remediate these issues by implementing Thales Data Risk Intelligence capabilities. It unites Thales CipherTrust and Imperva Data Security Fabric platforms to provide a risk score and actionable recommendations for proactively identifying and mitigating risks.

Misaligned Teams, Elevated Risk, Compromised Compliance

The report also reveals that management's strategic priorities aren’t compatible with staff's operational realities. For example, 10% of staff reported being “not at all confident” in identifying high-risk data sources, compared to 3% of management.

Moreover, many executives (41%), perhaps unsurprisingly, want to align security efforts with broader business objectives, all while operational teams are struggling to keep their heads above water, facing resource constraints and relying heavily on manual (22%) or semi-automated (54%) processes.

Clearly, organizations would do well to automate more processes and free up time for operational teams to align their efforts with broader business objectives.

New Risks, New Data-Centric Focus

Despite the wide range of compliance, risk, and security management tools on the market, organizations are struggling to meet the demands of modern data risk management. The problem is that many of these tools aren’t keeping pace with evolving risk management requirements, forcing many (54%) organizations to use four or more tools to manage data risks.

This patchwork approach to risk management results in inefficiencies and conflicting information that can hinder effective decision-making. Thales, however, offers an integrated, holistic approach to risk management and data security. We help organizations move past siloed data protection solutions, providing a centralized and uniform deployment that prepares your organization for the security challenges to come.

Compliance is Important, But Not Sufficient for Proactive Data Security

Regulations and compliance requirements, while the driving force behind most organizations’ (59%) risk reduction strategies are leaving organizations unable to address emerging and evolving risks.

Only 11% of respondents said they prioritize identifying risk behavior, while just 12% focus on adapting to the changing attack surface. Most organizations take a reactive approach to data security that will not be sufficient to protect them from evolving threats.

Therefore, organizations need to partner with security vendors who provide AI-driven innovations and risk-based automations that can help organizations transition to proactive cybersecurity. With Data Risk Intelligence, IT and security teams can quickly discover, classify, and prioritize data based on sensitivity, vulnerability, and risk profiles while proactively protecting at-risk data using encryption and access controls.

A Risk-Based Approach is the Way Forward

More encouraging, however, is organizations’ burgeoning recognition of the limitations of compliance-driven strategies and their steady shift to risk-based approaches: respondents ranked identifying vulnerabilities and prioritizing vulnerabilities as their two highest policies, far outpacing activities such as changing policies and controls. Similarly, respondents reported valuing key performance indicators like vulnerability patch rate (36%) and security violations (35%) over compliance violations (29%), further highlighting their commitment to risk-based strategies rather than compliance-driven ones.

Thales has all the solutions you need to switch to a proactive, risk-focused approach to data security. Our advanced data activity monitoring, data risk analytics, risk posture management, data encryption, key management, network encryption, hardware security module, and data protection on-demand solutions enable customers to protect and remain in control of their data wherever it resides – across cloud, on-premises, and hybrid IT environments.

Get your copy here of the CSA Understanding Data Security Risk report.
Want to find out more about what we can do for your organization? Contact us today.

Together, these actions provide a clear roadmap for navigating today’s complex risk landscape and protecting critical data assets.

Data Security Compliance Regulation and compliance Encryption

Lynne Murray | Director of Product Marketing for Data Security
More About This Author > Schema {
"@context": "https://schema.org",
"@type": "BlogPosting",
"headline": "Key Takeaways from the CSA Understanding Data Security Risk Survey",
"description": "Discover key insights from the latest CSA Understanding Data Security Risk Survey, sponsored by Thales. Learn about the biggest challenges in managing data security risks and the steps organizations can take to secure their most sensitive assets.",
"datePublished": "2025-03-04",
"dateModified": "2025-03-04",
"author": {
"@type": "Person",
"name": "Lynne Murray",
"url": "https://cpl.thalesgroup.com/blog/author/lmurray",
"sameAs": "https://www.linkedin.com/in/lymurray/"
},
"publisher": {
"@type": "Organization",
"name": "Thales Group",
"description": "The world relies on Thales to protect and secure access to your most sensitive data and software wherever it is created, shared, or stored. Whether building an encryption strategy, licensing software, providing trusted access to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.",
"url": "https://cpl.thalesgroup.com",
"logo": "https://cpl.thalesgroup.com/sites/default/files/content/footer/thaleslogo-white.png",
"sameAs": [
"https://www.facebook.com/ThalesCloudSec",
"https://www.x.com/ThalesCyberSec",
"https://www.linkedin.com/company/thalescloudsec",
"https://www.youtube.com/ThalesCloudSec"
]
},
"mainEntityOfPage": {
"@type": "WebPage",
"@id": "https://cpl.thalesgroup.com/blog/data-security/csa-data-security-risk-survey"
}
}

basic

The post Key Takeaways from the CSA Understanding Data Security Risk Survey appeared first on Security Boulevard.

With the wide application of large language models (LLM) in various fields, their potential risks and threats have gradually become prominent. “Content security” caused by inaccurate or misleading information is becoming a security concern that cannot be ignored. Unfairness and bias, adversarial attacks, malicious code generation, and exploitation of security vulnerabilities continue to raise risk […]

The post LLMs Are Posing a Threat to Content Security appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post LLMs Are Posing a Threat to Content Security appeared first on Security Boulevard.

San Francisco, Calif., Mar. 3, 2025, CyberNewswire — With the growing importance of security compliance for startups, more companies are seeking to achieve and maintain compliance with frameworks like SOC 2, ISO 27001 & GDPR.

Bubba AI, Inc. is building … (more…)

The post News alert: Bubba AI launches Comp AI to help 100,000 startups get SOC 2 compliant by 2032 first appeared on The Last Watchdog.

The post News alert: Bubba AI launches Comp AI to help 100,000 startups get SOC 2 compliant by 2032 appeared first on Security Boulevard.

6 min readNon-human identity security isn’t one-size-fits-all. Where does your organization stand on the path to eliminating secrets and securing workload access?

The post 7 Stages of Non-Human Identity Security Maturity appeared first on Aembit.

The post 7 Stages of Non-Human Identity Security Maturity appeared first on Security Boulevard.

Relieve the headache of data breaches by adopting NHI security best practices. How Integral is Non-Human Identities Management to Your Organization’s Cybersecurity? Picture this: Your organization’s cybersecurity is a bustling airport with countless incoming and outgoing flights. Non-Human Identities (NHIs) are the passengers traversing this airport, with their secrets acting as the unique passports providing […]

The post What are the best practices for securing NHIs at an executive level? appeared first on Entro.

The post What are the best practices for securing NHIs at an executive level? appeared first on Security Boulevard.

Are Your Cloud-Native Applications Secure? In your quest to build secure, scalable, and innovative applications, have you considered the potential risks with respect to Non-human Identities (NHIs) and Secrets management? Herein, lies the crucial aspect to ensuring cyber safety in the cloud. Understanding the Role of Non-Human Identities If you perceive cybersecurity as a sphere, […]

The post How Safe Are Your Cloud-Native Applications? appeared first on Entro.

The post How Safe Are Your Cloud-Native Applications? appeared first on Security Boulevard.

Are You Effectively Mitigating NHI Risks in Your Enterprise Security Framework? Modern businesses are increasingly applying technology to streamline operations and create value. With this technology surge comes an explosion in the use of machine identities, often referred to as Non-Human Identities (NHIs). However, as NHIs become commonplace, the potential for security risks escalates rapidly. […]

The post How can I mitigate NHI risks in our enterprise security framework? appeared first on Entro.

The post How can I mitigate NHI risks in our enterprise security framework? appeared first on Security Boulevard.

San Francisco, California, 3rd March 2025, CyberNewsWire

The post Bubba AI, Inc. is launching Comp AI to help 100,000 startups get SOC 2 compliant by 2032. appeared first on Security Boulevard.

Author/Presenter: Rachel Cummings

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – Differential Privacy Beyond Algorithm: Challenges For Deployment appeared first on Security Boulevard.

Strong credentials safeguard your digital resources, but common mistakes like weak passwords, credential reuse, and exposed secrets give attackers an easy path to unauthorized access.

The post What Is Credential Management? Best Practices and Examples appeared first on Security Boulevard.

Identifying security flaws early in the software development lifecycle (SDLC) prevents vulnerabilities from reaching production, where they become more complex and expensive to fix. Integrating automated code scanning into development workflows allows you to catch issues as they arise, providing a more secure and stable codebase.

The post What Is Code Scanning? Approaches and Best Practices appeared first on Security Boulevard.

Secret scanning tools identify and protect sensitive information that may be exposed within software assets. Developers often embed secrets like API keys, database credentials, and encryption keys in source code—but if left unprotected, these can serve as direct entry points for attackers. 

The post 6 Effective Secret Scanning Tools appeared first on Security Boulevard.

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Giants’ appeared first on Security Boulevard.

The Trump Administration's orders to the DoD and CISA to halt cyber operations and investigations against Russia is a gift to the United States' longtime foreign adversary and makes the country less safe, according to cybersecurity professionals.

The post Security Pros Push Back as Trump Orders Halt to Cyber Ops vs. Russia appeared first on Security Boulevard.

Author/Presenter: Avi McGrady

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – Cybersecurity Schoolhouse Rock appeared first on Security Boulevard.

Have you silenced WAF alerts in your SIEM or just stopped sending them altogether? You're not alone. Many SOCs find themselves overwhelmed by the sheer volume of noise generated by traditional WAFs, forcing them to choose between alert fatigue or a critical visibility gap on the application layer.

The post Enhancing Application Security | Contrast ADR and Splunk | Contrast Security appeared first on Security Boulevard.