KuppingerCole Blog

  What are your top 3 cybersecurity priorities? And have they changed much in recent years? So, my top three cybersecurity priorities haven't actually really changed over the years. They actually changed in content and severity but not over all. So, a major concern, of course, are we seeing enough, do we know whether we are somehow compromised or not? The second question, of course, are we protected enough to actually avoid this happening in the first place, and as a regulated entity our third thought is already around regulatory compliance because security and...

Last week, I had an opportunity to visit Oracle CloudWorld, the company’s new flagship conference for customers and partners, which is also the reincarnation of the familiar OpenWorld after the three-year break caused by the Covid pandemic. With the new title and location - the event has moved from San Francisco to Las Vegas - everything I felt after stepping into the venue was somehow different and yet the same. On the one hand, I was glad to meet the same crowd and fellow analysts, as well as see many Oracle employees in person after years of just Zoom sessions. On the other...

Some attacks on decentralized finance (DeFi) platforms are financial in nature – the manipulation of token prices in the Mango Market attack for example. However, many other attacks are much more mundane but with an important lesson – best practices in cybersecurity are always relevant. Code Vulnerabilities The widespread use of open-source code is a potential vulnerability of decentralized crypto exchanges. Open-source code libraries, and their potential vulnerabilities, are visible to anyone who chooses to investigate. Malicious or not. The Wormhole hack in...

Passwords have not been fit for purpose for a long time. They are too easy to guess, crack, discover, and steal. Passwords are also costly and time consuming to manage, and password reuse is a major problem. However, after talking about getting rid of passwords for years, it is beginning to happen at last, thanks to advances in technology and standards that are finally making passwordless authentication a real option that is practical and scalable. Given that the Passwordless Authentication market is dynamic, exciting, and competitive means that organizations no longer have any excuse...

It looks like we are halfway through the Cybersecurity Awareness Month of October already, and I thought it might be the appropriate time to talk about VPNs. Again. Haven’t we talked about them enough, you might ask? Every time KuppingerCole analysts bring up the topic of Zero Trust ,  we feel obliged to mention how VPNs have long outlived their purpose, and how organizations have to finally get rid of them and move to more modern solutions . I’m fairly certain, there will even be a bunch of sessions at the upcoming Cybersecurity Leadership Summit talking about them....

Every business has a supply chain upon which it relies. Any disruption to that a supply chain has a knock-on effect on all the businesses that depend on it. Most organizations are well versed in securing physical supply chains, but the world has changed, and now there is a cyber component to just about every supply chain.  Supply chains are no longer purely analog. Many now are entirely digital, and virtually all the rest are hybrid. Even if goods and services are physical, the planning, design, sorting, logistics and transport systems around them rely on IT software and services...

Complete the following sentence: “Cybersecurity is... / is not...” Cybersecurity is... Cybersecurity is really hard. One of the things that I think we should never forget, we exist in an imperfect world. Security controls are varied and complex, and we face every day a dynamic and relentless adversary. So I always tell people cybersecurity is really, really hard and it needs us all to work together to make it a little bit easier for some of us. What prompted you to work in cybersecurity? I think I was first prompted to work in cybersecurity many, many years...

Unfortunately, every organization is vulnerable to a cyberattack. We have seen in the last years a considerable increase in cybercrime and the negative impact that it causes on businesses. The obvious consequences are financial, but that is just the tip of the iceberg. There are several other aspects to consider, such as intellectual property loss, reputation damage, or data privacy breaches. It is undeniable that there is no way to be totally safe, but it is always good to work on a plan to mitigate disasters and cyber-crisis. Disaster plan vs Cyber recovery plan Although a disaster...

The digital age has dawned, and organizations are adopting digital processes and services as quickly as they can to remain competitive in an unpredictable commercial environment affected by rapid social change and technological innovation. Without a doubt, it is essential for modern organizations to have a digital transformation strategy or risk losing market share to others who are adapting to the demands and opportunities of the digital era, driven by commercial necessity and the demand for convenience. Consumers and citizens are demanding easy, convenient, and engaging ways of...

The pandemic changed our lives in many ways, some good and some bad. However, one impact has been that that cyber-attacks are more prevalent than ever before.  Every organization across all industry sectors is now a target of cyber-crime. It seems like every day another cyber-security incident is reported in the press. Phishing emails, triplets, ransomware, SMS with embedded malware are now threatening organizations daily. These threats have put the spotlight on cyber-insurance. Having a cyber insurance policy in place is now a must for a wide range of organizations, but there are...