Category: Business

This week, CyberSmart, a leading provider of cyber risk management for small businesses has launched its partnership with e92plus, the UK’s top independent cybersecurity Value Added Distributor (VAD).

e92plus has long been dedicated to protecting its partners and helping them accelerate business growth through its suite of channel-first security and cloud solutions. Indeed, e92plus has helped over 1,200 VARs, MSPs, SIs, CSPs and consultancies across the UK and Ireland.

CyberSmart offers an all-in-one cybersecurity monitoring, optimisation, training and insurance solution, proven to defend against the unexpected. Like e92plus, CyberSmart focuses on delivering its cybersecurity platform through the channel, making this an auspicious partnership.

The partnership will focus on delivering CyberSmart’s cyber risk management platform, including Cyber Essentials certification, products CyberSmart Active Protect and CyberSmart Vulnerability Manager, and cyber insurance to e92plus’ partners throughout the UK and Ireland.

While the partnership is launching primarily in the UK and Ireland, e92plus plans to launch alongside CyberSmart in the Netherlands and other EU markets in the coming years.

The joining of forces between CyberSmart and e92plus is timely. A recent survey from CyberSmart reveals that 65% of MSP customers now expect their provider to manage their cybersecurity infrastructure or their cybersecurity and IT infrastructure. This partnership will help deliver the tools MSPs and VARs need to meet customer demand.

We’re excited to be working with Cybersmart to bring their platform to our partner community,” explained Mukesh Gupta, CEO at e92plus. “We’re seeing strong demand in the SMB and mid-market sectors for more assistance around cybersecurity strategy, processes and compliance standards, and this addresses that growing marketing need. The requirements are so complex and diverse, and many businesses struggle to have the internal staff and expertise to manage their cybersecurity tools, let alone manage frameworks, address staff training and ensure an organisation has the right risk management and reporting in place. For our VARs and MSPs, this is a perfect way to build their services and consultancy offering without significant investment.

We’re delighted to be working with e92plus,” said Jamie Akhtar, CEO at CyberSmart. “Our businesses share a vision of what cybersecurity for SMBs should look like. The demand for solutions that can help smaller businesses get on top of their cybersecurity, compliance and risk management is only growing. And, this partnership addresses the demand, while giving MSPs and VARs a fast and simple route to building up their cybersecurity capabilities. We see this as another important step towards our mission of providing complete cyber confidence to every small business.” 

About CyberSmart

Cybercrime is projected to cost the world $10.5 trillion annually by the end of 2025, and 58% targets small businesses. Meanwhile, the cybersecurity gap between large enterprises with the resources to weather attacks and the SMEs who don’t is widening.

CyberSmart was created to fix this problem. Protecting a business from cyber threats shouldn’t require expert knowledge or deep pockets. So, as well as offering the fastest route to government-grade certification on the market, CyberSmart also provides simple, cost-effective technology, enabling SMEs to protect themselves without cyber expertise. This is paired with free cyber insurance, upon certification. Meanwhile, its Privacy Toolbox offering ensures customers stay on top of their data privacy obligations.

Find out more about CyberSmart at: https://cybersmart.co.uk/

The post CyberSmart and e92plus Announce Partnership to Deliver Cyber Risk Management in the UK and Ireland appeared first on IT Security Guru.

Achieving cyber resilience in the digital era is crucial for businesses to safeguard their operations and data integrity. Here’s how businesses can attain cyber resilience:

1. Comprehensive Risk Assessment: Begin with a thorough assessment of potential cyber risks and vulnerabilities. Identify critical assets, assess their value, and evaluate potential threats to prioritize defenses.

2. Strong Cybersecurity Policies and Controls: Implement robust cybersecurity policies that encompass data protection, access controls, encryption standards, and incident response protocols. Regularly update these policies to address evolving threats and compliance requirements.

3. Employee Training and Awareness: Educate employees on cybersecurity best practices, including recognizing phishing attempts, safe browsing habits, and the importance of strong passwords. Foster a culture of cybersecurity awareness throughout the organization.

4. Advanced Threat Detection and Prevention: Deploy advanced cybersecurity technologies such as intrusion detection systems (IDS), endpoint protection, and security information and event management (SIEM) solutions. These tools help detect and respond to threats in real-time.

5. Regular Security Audits and Assessments: Conduct regular security audits and assessments to identify vulnerabilities and gaps in your defenses. Address findings promptly to strengthen your cybersecurity posture.

6. Backup and Recovery Plans: Maintain regular backups of critical data and develop robust data recovery plans. Ensure backups are stored securely and can be accessed quickly in the event of a cyber incident or data breach.

7. Collaboration and Information Sharing: Engage with industry peers, cybersecurity experts, and government agencies to stay informed about emerging threats and best practices. Collaborate on threat intelligence sharing initiatives to enhance your defenses.

8. Continuous Monitoring and Response: Implement continuous monitoring of your IT infrastructure and networks for suspicious activities. Establish a rapid response team to investigate and mitigate security incidents promptly.

9. Compliance and Regulation Adherence: Stay compliant with relevant cybersecurity regulations and industry standards. Adhering to these frameworks not only ensures legal compliance but also enhances your cybersecurity resilience.

10. Cyber Insurance: Consider investing in cyber insurance to mitigate financial losses and liabilities associated with cyber incidents. Review policy coverage and exclusions to align with your organization’s risk profile.

By adopting a proactive approach to cybersecurity and integrating resilience into your business strategy, you can effectively mitigate cyber threats and maintain continuity in the digital era. Cyber resilience is not just about preventing attacks but also about preparing and recovering swiftly when incidents occur.

The post How a business can attain Cyber Resilience in digital era appeared first on Cybersecurity Insiders.

In today’s digital age, where email communication is integral to business operations, the threat of Business Email Compromise (BEC) looms large. BEC attacks are sophisticated schemes where cybercriminals manipulate email communication to deceive employees into transferring money or sensitive information. These attacks often result in significant financial losses and reputational damage. To safeguard your organization against BEC, implementing robust defenses and fostering a culture of cybersecurity awareness are crucial. Here’s a comprehensive guide on how to defend against BEC:

1. Educate Your Team:

Awareness Training: Conduct regular training sessions to educate employees about BEC tactics, such as phishing, spoofing, and social engineering.

Recognizing Red Flags: Teach employees to scrutinize email addresses, grammar errors, urgent re-quests, and unusual payment instructions.

2. Implement Technical Controls:

Email Authentication: Use technologies like SPF, DKIM, and DMARC to verify sender identity and detect spoofed emails.

Advanced Threat Protection: Deploy email security solutions that offer advanced threat detection, sand-boxing, and URL filtering to prevent malicious attachments and links.

3. Establish Secure Procedures:

Verification Protocols: Establish multi-factor authentication (MFA) for accessing sensitive systems or approving financial transactions.

Payment Verification: Implement a protocol requiring verbal confirmation or secondary approval for significant fund transfers or changes to payment details.

4. Enhance Email Security Practices:

Email Filtering: Use robust spam filters and email scanners to block suspicious emails before they reach employees’ inboxes.

Encryption: Encourage the use of email encryption for sensitive information to protect data in trans-it.

5. Monitor and Respond:

Incident Response Plan: Develop and regularly update an incident response plan specific to BEC incidents. Ensure all employees know their roles and responsibilities.

Continuous Monitoring: Implement monitoring tools to detect anomalies in email traffic and unusual behaviors indicating potential BEC attempts.

6. Cultivate a Security-Conscious Culture:

Leadership Support: Foster a culture where cybersecurity is prioritized from the top-down, with leadership actively promoting and participating in security initiatives.

Reporting Channels: Provide clear channels for reporting suspicious emails or incidents promptly, without fear of repercussion.

7. Regular Assessments and Updates:

Security Audits: Conduct regular security audits and vulnerability assessments to identify and mitigate potential weaknesses in your email systems and processes.

Stay Updated: Keep software, security patches, and email systems up to date to protect against known vulnerabilities.

8. Collaborate and Share Information:

Industry Collaboration: Engage with industry peers and share insights about emerging BEC tactics and threats to strengthen collective defenses.

Information Sharing: Participate in threat intelligence sharing platforms to stay informed about evolving BEC techniques and indicators of compromise.

By implementing these proactive measures, businesses can significantly reduce the risk of falling victim to Business Email Compromise attacks. Vigilance, education, and technological defenses work in tandem to create a resilient barrier against sophisticated cyber threats.

Remember, defending against BEC is an ongoing effort that requires continuous improvement and adaptation to stay ahead of cybercriminals’ evolving tactics.

The post Defending Against Business Email Compromise: A Comprehensive Guide appeared first on Cybersecurity Insiders.

Outpost24 has launched Outpost24 CORE, a unified exposure management solution that gives visibility and real-time insights into an organisation’s IT asset inventory. The solution can also provide analysis  into the threat exposure across the entire attack surface.

“Raising awareness in the C-suite and connecting cybersecurity with business outcome has never been more critical. No matter the size of the organisation or what industry, every board and C-level discussion of security initiatives is driven by business impact. We’ve developed Outpost24 CORE to provide unified asset inventory and exposure insights, so that CISOs and executive leaders can be confident they are deploying security resources in the best possible way to protect their organisation from the biggest risks,” said Brendan Hogan, Chief Strategy Officer, Outpost24.

With actionable insight provided by Outpost24 CORE, a business will have information on its asset exposure, comprising not only infrastructure but application and user risk. The solution consolidates siloed vulnerability and threat intelligence data from different assessment tools into a single view, with a quantitative risk grading to help security teams understand, monitor and report on the progress and efficacy of their risk mitigation activities based on the likelihood of exploitation and business criticality.

Outpost24 CORE also allows organisations to group their IT assets and focus on how risks are controlled and mitigated across different technologies and business units to inform security resource and investment decisions.

Outpost24 CORE combines five important features that are fundamental to a successful Continuous Threat Exposure Management (CTEM) program, identified by Gartner as a top cybersecurity trend for 2023:

  • Unified asset inventory for complete visibility
  • Consolidated vulnerability data and their threat exposure
  • Threat intelligence powered vulnerability prioritisation engine
  • Business impact analysis and logic mapping
  • External Attack Surface Management, following the recent acquisition of Sweepatic, for control and visibility over all assets exposed on the Internet

Outpost24 CORE is available now. For more information, please visit https://outpost24.com/

The post New Outpost24 CORE Solution Announced Bringing Visibility, Cyber Resilience & Threat Mitigation appeared first on IT Security Guru.

In today’s interconnected world, where cyber threats loom large, organizations must prioritize information security. One crucial step towards achieving robust cybersecurity is hiring a competent Chief Information Security Officer (CISO). The CISO plays a pivotal role in safeguarding an organization’s digital assets and ensuring data privacy. This article highlights the key considerations that organizations should keep in mind when seeking to hire a CISO.

Expertise and Experience: When hiring a CISO, it is vital to assess their expertise and experience in the field of information security. Look for candidates who possess a deep understanding of cybersecurity technologies, risk management frameworks, and regulatory compliance. Experience in managing security incidents, implementing security controls, and developing effective security strategies is also crucial.

Leadership and Communication Skills: A successful CISO not only possesses technical knowledge but also exhibits strong leadership and communication skills. The CISO must effectively communicate security risks and strategies to both technical and non-technical stakeholders. They should have the ability to inspire and motivate a team, drive security initiatives, and collaborate across departments to foster a culture of security within the organization.

Business Acumen: A CISO must understand the business landscape in which the organization operates. They should align security objectives with overall business goals and demonstrate a keen understanding of the organization’s risk appetite. A CISO with business acumen can effectively prioritize security investments, articulate the value of security measures to executive management, and build a security program that supports the organization’s strategic objectives.

Up-to-date Knowledge: The field of cybersecurity is ever-evolving, with new threats emerging regularly. It is crucial for a CISO to stay up-to-date with the latest trends, technologies, and best practices in information security. Look for candidates who demonstrate a commitment to continuous learning, involvement in industry forums, and participation in relevant certifications and conferences.

Collaboration and Relationship Building: A CISO cannot work in isolation. They need to collaborate with various stakeholders, including IT teams, executive management, legal and compliance departments, and external partners. A successful CISO should possess strong relationship-building skills, fostering partnerships that facilitate effective information sharing, incident response, and the implementation of security measures throughout the organization’s ecosystem.

Regulatory and Compliance Knowledge: Data privacy regulations, such as GDPR and CCPA, have placed additional responsibilities on organizations to protect customer data. A CISO should have a comprehensive understanding of relevant regulatory requirements and compliance frameworks. They should be able to ensure that the organization remains compliant with applicable laws and regulations, and that appropriate security controls are implemented to protect sensitive information.

Proactive Approach to Threats: Cyber threats are constantly evolving, and organizations need a CISO who takes a proactive stance against potential attacks. Look for candidates who have a track record of developing and implementing effective threat intelligence programs, conducting risk assessments, and establishing incident response plans. A proactive CISO will be vigilant in identifying vulnerabilities, implementing preventive measures, and continually improving the organization’s security posture.

Conclusion:

Hiring a capable Chief Information Security Officer is a critical step towards establishing a robust cybersecurity posture for any organization. By considering factors such as expertise, leadership skills, business acumen, up-to-date knowledge, collaboration abilities, regulatory compliance knowledge, and a proactive mindset, organizations can ensure they select the right CISO to protect their valuable digital assets. Remember, a competent CISO not only defends against current threats but also remains adaptable to future challenges in the ever-evolving landscape of cybersecurity.

The post Key Considerations When Hiring a Chief Information Security Officer appeared first on Cybersecurity Insiders.

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced the results of its Q1 2023 top-clicked phishing report. The results include the top email subjects clicked on in phishing tests and reflect the shift to IT and online service notifications such as laptop refresh or account suspension notifications that can affect end users’ daily work.

Phishing emails continue to be one of the most common methods to effectively perpetuate malicious attacks on organizations around the globe. Cybercriminals are always refining their strategies to stay one step ahead of end users and organizations by changing phishing email subjects to be more believable. They prey on emotions and aim to cause distress or confusion in order to entice someone to click. Phishing tactics are changing with the increasing trend of cybercriminals using email subjects related to IT and online services such as password change requirements, Zoom meeting invitations, security alerts and more. These are effective because they would impact an end users’ daily workday and subsequent tasks to be completed.

Holiday phishing email subjects were also utilized this quarter with incentives such as a change in schedule, gift card and spa package giveaway used as bait for unsuspecting end users. Tax-related email subjects became more popular as the U.S. prepared for tax season in Q1.

“Cybercriminals are constantly increasing the damage they cause to organizations by luring unsuspecting employees into clicking on malicious links or downloading fake attachments that seem realistic,” said Stu Sjouwerman, CEO, KnowBe4. “Emails that are disguised as coming from an internal source such as the IT department are especially dangerous because they appear to come from a more trusted, familiar place where an employee would not necessarily question it or be as skeptical. Building up an organization’s human firewall by fostering a strong security culture is essential to outsmart bad actors.”

To download a copy of the Q1 2023 KnowBe4 Phishing Report infographic, visit here.

The post KnowBe4 Q1 Phishing Report reveals IT and online services emails drive dangerous attack trend appeared first on IT Security Guru.

When you think of cybersecurity threats, what comes to mind? If you pictured faceless criminals (or a team of them) in a dimly-lit headquarters working tirelessly to steal your most precious digital assets, you’re not alone. Yet, cybercrime doesn’t always look like a scene from a Hollywood movie.

 

Sometimes, cyber threats are closer to home, making them all the more surprising (and frustrating) for many organizations. They’re called insider threats, and you need to pay special attention to ensure you – and your data – don’t fall victim.

The threat landscape

Organizations are wise to prioritize cybersecurity strategy and adequate budgeting to protect their networks and valuable private data. Cybercrime is predicted to reach an alarming $10.5 trillion by 2025, making it a lucrative business venture for opportunistic criminals worldwide.

 

DDoS, SQL injections, supply chain attacks, DNS tunneling – all pervasive attacks that can arrive on your doorstep anytime. But your strategy is incomplete if you only secure the perimeter and do not address internal risks.

 

Insider threats are on the rise, and they’re particularly risky as they’re less often reported. Estimates state that over 70% of insider attacks never reach the headlines. As such, organizations cannot learn from their peers’ mistakes or oversights.

 

What is an insider threat?

Indisputably one of the most underestimated risks to organizations, insider threats are defined by CISA as “the potential for an insider to use their authorized access or understanding of an organization to harm that organization.”

 

Insider threats are, at their most basic, those that come from within your organization. End users with privileged access present unique risks to your network and data. Insider threats are particularly challenging to protect against as users may have access controls and particular familiarity with internal processes and procedures that enable them to navigate without raising suspicions. As such, insider attacks often go undetected until long after the breach.

Types of insider threats to look out for

Insider threats amount to attacks via employee user accounts. But that doesn’t always mean that a disgruntled employee or opportunistic bad seed is infiltrating the system and reaping the rewards. Sometimes, even the employee may not realize they’ve been a pawn in someone’s scheme until it’s too late.

 

Remember that insiders include third-party vendors, consultants, business partners, and others outside the organization with access to systems and networks.

 

Here are the two types of insider threats to be aware of:

Acts of negligence

Insider threats as a result of negligence are incidental. Naive or careless employees pose a significant threat to security, as it only takes one wrong decision to deliver information into the wrong hands.

 

Particular attacks include:

 

Phishing and spear phishing attacks, in which criminals purport to be a trusted source and solicit information from their target. Spear phishing attacks are particularly hazardous as attackers take time, do their research, and approach employees with a particularly well-informed demand under the guise of an official request.

 

CEO fraud is similar to spear phishing but takes things one step further by first gaining control of an email account of a c-suite employee. These requests are typically directed toward accounting departments to make sizeable financial transfers or payments.

 

Negligent behavior may not begin as an attack from an outsider. Instead, this can include taking physical devices to insecure places where they could fall into the wrong hands. In 2022, burglars stole a hard drive from a US Military analyst, exposing the personal details of more than 26 million veterans.

Acts of malicious intent

Unfortunately, sometimes the attacks originate on the inside. Disgruntled employees or contractors have been known to take advantage of their privileged access to reap personal rewards.

 

Malicious insiders may steal financial information, intellectual property (IP), or personally identifiable information (PII) they intend to trade for their financial benefit or use for competitive advantage. For example, after leaving the company in 2020, a former Google employee was jailed for taking trade secrets to Uber, his new employer. In 2019, an engineer breached Capital One’s systems and stole 100 million customer records and hundreds of thousands of social security numbers and bank details.

Keys to prevention

As leading data protection vendor Cyberhaven states, “Organizations must be able to address the risks from malicious insiders who intentionally steal sensitive data for personal reasons as well as users who can accidentally expose information due to negligence or simple mistakes.”

 

The key to mitigating risk is a proactive approach and a risk-aware culture. Consider these elements when designing your security strategy:

 

  • Implement threat detection tools to detect non-standard behavior or access and risk assessments to identify areas of concern.
  • Threat detection can also come via peer reports and employee diligence. Your organization should have a straightforward procedure for whistleblowing if employees are concerned about their peers’ behavior.
  • User account administration is the best chance you stand against insider threats. Less privilege ensures employees have only the access required to perform their functions. Separation of duties guarantees no single user has access to all aspects of a system or process.
  • Designing a risk-aware culture, including user training and education, is a first line of defense for preventing threats. Ensure cybersecurity is part of your organization’s day-to-day lexicon so that users know what to look out for and where to report risks when they arise.

 

Should an insider threat arise, ensure you do more than address the end user themselves. Insider threats point to where you can strengthen your systems or policies, regardless of whether the attack succeeds. Truly secure organizations regularly update their security approach to stay ahead of risks.

About the Author: Having spent her career in various capacities and industries under the “high tech” umbrella, Stefanie Shank is passionate about the trends, challenges, solutions, and stories of existing and emerging technologies. A storyteller at heart, she considers herself one of the lucky ones: someone who gets to make a living doing what she loves. Stefanie is also a writer for Bora.

The post Should Your Organization Be Worried About Insider Threats? appeared first on IT Security Guru.

New research reveals that security is an afterthought for almost half of UK IT leaders (45%) when deploying new tools.

The research commissioned by IT infrastructure solutions provider CAE Technology Services Ltd (CAE) of 200 IT leaders and professionals working in the UK showed that just 7% of IT professionals believe that security is at the forefront of their organisation’s strategic thinking.

While 92% agreed that security risks have increased in the last five years, two-thirds (62%) of respondents have seen increased security risks and pressures from their employers.

Almost half (48%) feel that rapid/forced deployment of new tools as a result of hybrid working has caused them challenges around security.

With flexible and remote working becoming more prevalent, there is now a higher risk of security breaches and cyber-attacks than ever before, with 39% of UK businesses identifying a cyber attack within the past 12 months.

Dene Lewis, Head of Technical Strategy and Direction at CAE, said, “These statistics reflect a concerning trend within UK organisations. The threat of cyber attacks is a reality that many UK organisations are facing, so needs strategic focus from leaders.

Although there are many different factors at play, UK organisations must take preventative measures to protect themselves against outside threats.”

Lewis concludes, “To address these issues, businesses must invest in the necessary tools and resources to protect their IT systems.

This includes implementing zero trust architecture and processes, regular security assessments, and employee training programmes to raise awareness of security risks and best practices.”

The post Almost half of IT leaders consider security as an afterthought, research reveals appeared first on IT Security Guru.

Almost nine in 10 UK businesses turning over more than £5 million annually have experienced a cyberattack, according to new research from Forbes Advisor.

The study questioned senior decision makers across a range of UK small and medium-sized enterprises (SMEs), finding that more than half (57%) had suffered an online attack.

However, firms with an annual turnover in excess of £5 million were far more likely to experience cyber-crimes against their company (88%).

These attacks have led to serious consequences in many cases, with more than a fifth of cyber security breaches leading to businesses being forced to pay a ransom (22%).

Personal details are also under threat as these attacks compromised client and staff information in 26% and 23% of cases respectively.

Top examples of misusing company IT

Rank

Outcome

1

Use the company printer for personal use

2

Use up space on a company device to store personal files

3

Apply for other jobs using a company device

4

Access inappropriate websites via a work device

5

Gaming on a company device
Source: Forbes Advisor

Of those admitting to using company devices to spend time on inappropriate sites, common destinations include the dark web and sites containing pornographic material (both 17%).

Kevin Pratt, financial expert at Forbes Advisor, says: “The nature of the modern workplace means more online devices are being used than ever. This inevitably means that there are more ways that a business could suffer a digital attack. Our research shows that cyber security issues are incredibly common in this country, particularly among firms with a turnover of £5 million or more.

“We’ve also found that a significant proportion of British businesses are without any form of protection against online assaults, and it’s important to address this shortfall by highlighting the consequences of a cyber attack, such as financial losses and breaches of sensitive information.

“Companies can take a number of measures to protect against cyber-attacks, including anti-virus software, firewalls and VPNs. Prevention really is better than cure”

The post Nine In 10 £5m+ Businesses Hit By Cyber Attacks appeared first on IT Security Guru.

New cloud platform strengthens organizations’ cyber resilience

by making real-world threat simulation easier and more accessible

San Francisco, US, 9th November 2022 – Picus Security, the pioneer of Breach and Attack Simulation (BAS), today announced the availability of its next-generation security validation technology. The new Picus Complete Security Validation Platform levels up the company’s attack simulation capabilities to remove barriers of entry for security teams. It enables any size organization to automatically validate the performance of security controls, discover high-risk attack paths to critical assets and optimize SOC effectiveness.  

“Picus helped create the attack simulation market, and now we’re taking it to the next level,” said H. Alper Memis, Picus Security CEO and Co-Founder. “By pushing the boundaries of automated security validation and making it simpler to perform, our new platform enables organizations even without large in-house security teams to identify and address security gaps continuously.” 

The all-new-and-improved Picus platform extends Picus’s capabilities beyond security control validation to provide a more holistic view of security risks inside and outside corporate networks. It consists of three individually licensable products:

  • Security Control Validation – simulates ransomware and other real-world cyber threats to help measure and optimize the effectiveness of security controls to prevent and detect attacks.
  • Attack Path Validation – assesses an organization’s security posture from an ‘assume breach’ perspective by performing lateral movement and other evasive actions to identify high-risk attack paths to critical systems and users.
  • Detection Rule Validation – analyzes the health and performance of SIEM detection rules to ensure that SOC teams are reliably alerted to threats and can eliminate false positives. 

A global cybersecurity workforce gap of 3.4 million professionals means automated security validation is now essential to reduce manual workloads and help security teams respond to threats sooner. Recently, the US’s Cybersecurity and Infrastructure Security Agency (CISA) and UK’s National Cyber Security Centre (NCSC) published a joint advisory recommending organizations test their defenses continually and at scale against the latest techniques used by attackers.

“Insights from point-in-time testing are quickly outdated and do not give security teams a complete view of their security posture,” said Volkan Erturk, Picus Security CTO and Co-Founder. “With the Picus platform, security teams benefit from actionable insights to optimize security effectiveness whenever new threats arise, not once a quarter. With our new capabilities, these insights are now deeper and cover even more aspects of organizations’ controls and critical infrastructure.”

On 15th November 2022, Picus Security is hosting Picus reLoaded, a free virtual event for security professionals that want to learn more about its platform and how to leverage automated security validation. Register to attend and hear from thought leaders from Gartner, Frost & Sullivan, Mastercard, and more.

H. Alper Memis has also published a blog to announce the release to Picus customers.

About Picus Security

Picus Security is the pioneer of Breach and Attack Simulation (BAS). The Picus Complete Security Validation Platform is trusted by leading organizations worldwide to continuously validate security effectiveness and deliver actionable insights to strengthen resilience 24/7.

Picus has offices in North America, Europe and APAC and is supported by a global network of channel and alliance partners.

Picus has been named a ‘Cool Vendor’ by Gartner and is cited by Frost & Sullivan as one of the most innovative players in the BAS market. 

 For more information, visit www.picussecurity.com

∗The (ISC)² Cybersecurity Workforce Study 2022

The post Picus Security brings automated security validation to businesses of all sizes appeared first on Cybersecurity Insiders.