KuppingerCole Blog

Blog

Martin Kuppinger's Must Watch Sessions

CSLS (Cybersecurity Leadership Summit) 2022, a fully hybrid event taking place Nov 8th to 10th in Berlin, is approaching quickly. Being asked to pick few must watch sessions, I had the challenge of selecting only a few, instead of a long list of sessions worthwhile to attend or stream. Here are my five favorites.  Frank Fischer, CISO of the Deutsche Bahn, will talk about the role a Software Bill of Materials (SBOM) can potentially play in increasing cyber resilience. Just a hype or the one thing we need to tackle Cybersecurity Supply Chain Security?  With...

Blog

Training Non-techies on Cybersecurity Awareness

Most users are just a bit techie. Some more, some less. But as we all know, real cybersecurity experts are rare. Thus, it is best to assume that the ones you want to educate on cybersecurity awareness and response are no technical, nor cybersecurity experts.  However, with everyone of us being a user of devices in personal life, and everyone being in danger of cyber-attacks, cybersecurity awareness training has become way easier. The approach I take for several years now is to focus on what this means on the own device, in the personal life, and then to transfer to the business...

Navigator

CIAM a Way of Managing and Getting Value from Consumer Data

As interactions between organizations and consumers of goods and services increasingly happen online, the collection, protection, and management of consumer information has become increasingly important and challenging. In response, we have seen the emergence of Consumer Identity and Access Management solutions as organizations seek greater efficiencies and capabilities in dealing with customer information to deliver innovative services, engage with consumers, and build brand loyalty, while ensuring they operate within the confines of data protection regulations. CIAM has developed...

Blog

Countering State-Sponsored Cyber Attacks

  What makes Nation State Actors so special compared to other threat actors? I think it's important to understand the differences between the different threat actor groups, I think is super important for a CISO. Those are usually seen as the following. We have the insiders, on the one hand, the attack comes from the inside. So it's an employee which intentionally, accidentally or abused from the outside helps on an attack. We've seen this in the Ukraine situation. So latest since then, this is a concern. The second group that CISOs are concerned about is the...

Navigator

State-sponsored Cyber Attacks

Leading organizations have long factored state-sponsored cyber-attacks into their risk-based cyber defense planning, but the need to do so has been highlighted in recent months due to an increase in this type of attack associated with the conflict in Ukraine. The primary goal of these state-sponsored attackers is to identify and exploit the national infrastructure vulnerabilities, gather intelligence, and exploit systems, which can easily impact the business operations of both public and private sector organizations. According to the UK’s National Cyber Security Centre (NCSC),...

Blog

The HeatWave is Spreading

Just over a month ago, I wrote about the partnership between Oracle Cloud and Microsoft Azure that has finally enabled their customers to create “properly multi-cloud” applications without any hidden costs or limitations of earlier architectures. Well, unfortunately, announcements like that aren’t heard often, simply because the very idea of such partnerships goes against cloud service providers’ traditional business interests. This obviously has worked remarkably well for Oracle and Microsoft, but at least to a certain extent because there is no rivalry between...

Blog

Cyber Hygiene: Common Problems & Best Practices

To maintain their health and well-being, people are practicing personal hygiene routines on a regular basis. These routines are continuous and never completed. By taking proactive measures, people aim to protect their health against potential diseases and disorders. Analogically, organizations must also define a routine of proactive cybersecurity practices to identify and eliminate critical vulnerabilities and protect sensitive data. Cyber hygiene is a set of regular practices that intend to keep systems, networks, sensitive data, and users secure against cyberattacks, data breaches,...

Blog

Ransomware: The Invisible Enemy of Organizations

The cost of cyber-attacks to the global economy has risen to more than 400 billion US dollars per year. Cyber-attacks affect every business, from small companies to enterprises and governments. Recovering from attacks is expensive and time-consuming. So, how to make an organization more resilient to cyber-attacks in today’s digital world?   Digital transformation has changed the business and delivered new opportunities to organizations. However, going digital also increased the risk of becoming a victim of a cyber-crime. Fighting cyber-attacks are an unfair battle...

Blog

Raising User Awareness to Increase Cyber Resilience

With the common use of heuristics and especially the advance of Artificial Intelligence (AI) in automated cyber threat mitigation, why do we still need to focus on user cybersecurity awareness?  In cybersecurity, there never was just one solution to reduce risk or fix mitigations. But you always need multiple layers of security. So each layer consists of additional aspects. Software and hardware measures are excellent at catching mass and known threats, with the advance in AI and also the detection of new threats based on known issues. But we can never neglect the...