GDPR compliance checklist
The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data...
View ArticlePenetration testing methodologies and standards
The online space continues to grow rapidly, opening more opportunities for cyberattacks to occur within a computer system, network, or web application. To mitigate and prepare for such risks,...
View ArticleHow is DNSSEC different from encryption?
It’s a question we often hear: “Isn’t DNSSEC the same as encrypted DNS?” Not really. While DNSSEC protects networks against man-in-the-middle attacks, it does so through public key cryptography,...
View ArticleNot every DNS traffic spike is a DDoS attack
You’re a network administrator going about your normal business. Suddenly, you’re seeing a huge spike in inbound traffic to your website, your application or your web service. You immediately shift...
View ArticleWhat are breach and attack simulations?
Breach and Attack Simulation (BAS) is an automated and continuous software-based approach to offensive security. Similar to other forms of security validation such as red teaming and penetration...
View ArticleHow to implement the General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Yet many organizations still struggle to meet compliance requirements, and EU data...
View ArticleHow to prevent prompt injection attacks
Large language models (LLMs) may be the biggest technological breakthrough of the decade. They are also vulnerable to prompt injections, a significant security flaw with no apparent fix. As generative...
View ArticleData privacy examples
An online retailer always gets users’ explicit consent before sharing customer data with its partners. A navigation app anonymizes activity data before analyzing it for travel trends. A school asks...
View ArticleWhat you need to know about the CCPA draft rules on AI and automated...
In November 2023, the California Privacy Protection Agency (CPPA) released a set of draft regulations on the use of artificial intelligence (AI) and automated decision-making technology (ADMT). The...
View ArticleData protection strategy: Key components and best practices
Virtually every organization recognizes the power of data to enhance customer and employee experiences and drive better business decisions. Yet, as data becomes more valuable, it’s also becoming...
View ArticleWhat is AI risk management?
AI risk management is the process of systematically identifying, mitigating and addressing the potential risks associated with AI technologies. It involves a combination of tools, practices and...
View ArticleIntesa Sanpaolo and IBM secure digital transactions with fully homomorphic...
This blog was made possible thanks to contributions from Nicola Bertoli, Sandra Grazia Tedesco, Alessio Di Michelangeli, Omri Soceanu, Akram Bitar, Allon Adir, Salvatore Sollami and Liam Chambers....
View ArticleAuthentication vs. authorization: What’s the difference?
Authentication and authorization are related but distinct processes in an organization’s identity and access management (IAM) system. Authentication verifies a user’s identity. Authorization gives the...
View ArticleBuilding cyber resiliency for your data with IBM FlashSystem
In today’s digital age, the threat landscape continues to evolve and organizations are increasingly vulnerable to cyberattacks. To combat these ever-growing risks, the concept of cyber resiliency has...
View ArticleGDPR compliance checklist
The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data...
View ArticleHidden risk of shadow data and shadow AI leads to higher breach costs
Security leaders are used to thinking about defense-in-depth and ensuring their security stack and overall architecture provide resilience and protection. While this paradigm holds true today, it may...
View ArticleWhat is the vulnerability management process?
Modern enterprise networks are vast systems of remote and on-premises endpoints, locally installed software, cloud apps, and third-party services. Every one of these assets plays a vital role in...
View ArticleData breach prevention: 5 ways attack surface management helps mitigate the...
Organizations are wrestling with a pressing concern: the speed at which they respond to and contain data breaches falls short of the escalating security threats they face. An effective attack surface...
View ArticleDelivering security and scalability in today’s business landscape requires...
A cybersecurity strategy is not solely about managing risk across a business’ IT infrastructure. The stakes are especially high for organizations in highly regulated industries because they can be...
View ArticleProtect sensitive data in Azure and Microsoft Office while keeping control...
The average cost of a data breach is USD 4.35 million, and 83% of organizations have had more than one breach (of which 45% occur in the cloud). With these increases in the frequency and costs data...
View Article