IAM, Cyber Attacks, Modern Compliance, & C-Level Insights

Stay informed with the CSA Roundup, your trusted bimonthly source for cutting-edge cloud security expertise. This edition dives into critical topics like Identity and Access Management, emerging threats and cyber attacks, the evolving compliance landscape, and strategic advice for cybersecurity leaders. Explore the insights from our expert community, and don’t forget to subscribe to stay ahead of the curve!

Identity and Access Management in the Spotlight

Top Threat #2 - Identity Crisis: Staying Ahead of IAM Risks

In an ongoing blog series, we’re reviewing the 11 top threats identified in CSA's Top Threats to Cloud Computing 2024 report. Learn all about one of the most prevalent threats to cloud computing: Identity and Access Management risks.

Zero Standing Privileges: The Essentials

Zero standing privileges (ZSP) should be the default mechanism for implementing privilege controls. Why? ZSP has a clear goal and end state. Explore the most common questions about ZSP to better understand its importance and how to implement it.

Non-Human Identity Management Program: Guide Step-by-Step

What does the deployment of an effective Non-Human Identity Management program look like in practice? Walk through the key steps to transform your objectives into a strategic, actionable roadmap.

Modernization Strategies for Identity and Access Management

As modernization becomes a priority for organizations hoping to stay relevant in a competitive technological landscape, security and access management must follow suit. One of the most challenging identity security concerns is privileged access management (PAM). Understand the requirements of a modern PAM approach.

Threats and Cyber Attacks to Be Aware Of

Identity Breaches in 2024 – An Ounce of Hygiene is Worth a Pound of Technology

The Verizon 2024 Data Breach Investigations Report states that “over the past 10 years, stolen credentials have appeared in almost one-third (31%) of breaches.” So where are all these passwords being obtained? Find the answer by considering how an attacker behaves.

ConfusedPilot: UT Austin & Symmetry Systems Uncover Novel Attack on RAG-based AI Systems

Researchers at the Spark Research Lab (University of Texas at Austin), under the supervision of Symmetry Systems CEO Mohit Tiwari, uncovered a novel attack method, dubbed ConfusedPilot, which targets widely used RAG-based AI systems such as Microsoft 365 Copilot. Understand the potential impact of these attacks.

Threat Report: BEC and VEC Attacks Continue to Surge, Outpacing Legacy Solutions

Abnormal Security found that business email compromise (BEC) attacks grew by more than 50% between H2 2023 and H1 2024, and an average of 41% of their customers were targeted by VEC attacks every week between January and June 2024. Learn more insights from Abnormal’s latest report on the email threat landscape.

Modern Compliance Considerations

5 Big Cybersecurity Laws You Need to Know About Ahead of 2025

Looking toward the horizon and 2025, many new laws will be coming into full effect. Review five big cybersecurity regulations that are upping the ante as of 2025, along with several other niche laws.

The Future of Compliance: Adapting to Digital Acceleration and Ephemeral Technologies

Organizations are facing an increasingly evolving digital environment. To thrive in this landscape, businesses are starting to embrace innovative governance, risk, and compliance (GRC) solutions. Learn what’s been causing these rapid changes in compliance and risk management.

How Cloud-Native Architectures Reshape Security: SOC2 and Secrets Management

The rapid expansion of microservices, containers, and serverless functions has increased the number of secrets, making their protection a pressing concern. Understand how SOC2 can help you show your dedication to high secrets security standards, building trust with clients and partners.

Insights for Cybersecurity Business Leaders

5 Behaviors for Transforming Your Cybersecurity Leadership

As an enterprise cybersecurity leader, you must navigate certain pitfalls that can hinder your impact and erode the trust of your team. Discover the top five things to avoid and what to do instead to be recognized as a transformational leader.

It’s Time to Split the CISO Role if We Are to Save It

The Chief Information Security Officer role carries with it huge responsibility. Today's CISOs have to manage a 24/7 cybersecurity operation, stay ahead of cybercriminals, and comply with an ever-growing body of legislation. Understand why we need to reevaluate this traditional model of a singular CISO.

5 Best Practices for Executive Reporting

Effective executive reporting is not just about sharing information; it's about using the insights to take action and demonstrating the value of your compliance and security efforts. Uncover five essential practices to help you refine your reporting skills and ensure your insights resonate with key stakeholders.

Check out more CSA blogs.