?? Start the Year Right with Data Breach Updates, Cybersecurity Reflections, and DORA Compliance – January Insights ??
Welcome to the new year and to the January edition of our monthly security and ops digest. January is a month of new beginnings, planning and creating visions. We hope that you smoothly achieve the goals you set for yourself and are satisfied with the results. In the meantime, check out the latest news in the security and operations world.
In this issue, you can read about data breaches in 2023 that were handled less than optimally, listen to a podcast reflecting on the cybersecurity industry in 2023, and watch our webinar about automating DISA STIG Compliance.
And what is important to keep in mind for 2024? If you are in the European Financial Services sector, you have less than one year to achieve compliance with DORA, so ensure that your organization is getting ready. This year is also significant for Runecast as we celebrate 10 years on the market, and we are happy to have you here with us!
Enjoy the first newsletter of 2024.
?? Threat Spotlight
TechCrunch’s “2023’s Badly Handled Data Breaches” Shows How Not to Deal with Incidents
How not to behave in the event of a data breach? Dive into the article to find out about incidents that companies like Samsung, Lyca Mobile or MGM Resorts had to deal with, and what went wrong. Highlights:
The Hacker News Analyzed 2.5 Million Vulnerabilities
The Hacker News analyzed 2.5 million vulnerabilities discovered among their readers’ assets. Let's check the results:
79% of the Findings were classified as ‘High’ or ‘Medium’, and 50.4% were considered ‘Critical’ or ‘High’. 78% of Findings rated ‘Critical’ or ‘High’ were 30 days or younger.?
Notably, 52% of serious vulnerabilities were related to Windows 10, although they may not necessarily be inherent to the OS, but could be linked to applications running on the asset.
The good news is that, in comparison to last year’s analysis, there is an overall improvement. The Hacker News acknowledges that their clients are responding effectively to their reports. Read more.
Google Responds to a $5 Billion Settlement with Incognito Mode Disclaimer Update
Google is revising the disclaimer for its incognito mode to provide a more accurate representation of its data collection practices, as part of a response to a $5 billion settlement. The settlement arose from allegations that Google misled users and tracked their online activities even when they were using “incognito” or “private” mode on a web browser. Learn more.
领英推荐
? 2024 Highlights: Meet DORA Compliance Deadlines and Join the Celebration of Runecast’s First Decade
A Decade of Success: Runecasts Celebrates 10 Years in the Market and Becomes a Part of Dynatrace
Year 2024 is significant for Runecast. Founded in 2014 by a team of virtualization experts with a clear objective to help IT System Admins gain and maintain control of their environments, we couldn’t be prouder to witness Runecast’s achievements in its first 10 years. After a successful decade, Runecast is becoming a part of Dynatrace, the leader in unified observability and security. Runecast will contribute its expertise in delivering automated, real-time vulnerability assessments, security compliance checks, configuration drift management, and continuous compliance monitoring capabilities for hybrid and multi-cloud environments. In 2023 alone, Runecast released agentless OS scanning for vSphere, agentless vulnerability scanning for AWS, CVSS Score for vulnerabilities, Capacity Management for vSphere, new compliance profiles like TISAX, BSI C5 and DORA, plus big UX improvements. Additionally, Runecast won computing's Security Excellence Award 2023, in the Enterprise Threat Detection category, and Frost & Sullivan's 2023 European New Product Innovation Award in the CNAPP industry. Thank you for being on this journey with us!
DORA Compliance Timeline: 2024 Update
The Digital Operational Resilience Act (DORA) is a security standard that aims to improve the digital resilience within the EU via a set of security regulations for financial institutions. They now have less than one year to get compliant to avoid any potential noncompliance penalties. What is the DORA timeline?
???? January Must-Watch & Must-Listen
Podcast ???Cybersecurity Where You Are, Episode 73: A YIR for Our 2023 Cybersecurity Predictions
In this podcast, co-host Sean Atkinson and Tony Sager discuss their 2023 cybersecurity predictions, and how the industry changed last year. Listen to their reflections on AI, zero trust and other trends.
Webinar ?? Automating DISA STIG Compliance for VMware Workloads
This month we organized a webinar focused on DISA STIG Compliance for VMWare Workloads. Watch the recording and get a deep-dive into automating continuous DISA STIG compliance monitoring, reporting, and remediation. Our Senior Global Account Manager Bryan Hutchinson, together with our System Engineer Wade Carlsen, share everything you need to know. Watch the recording now on demand.
?? Engage with Us
We value your feedback. Share relevant articles, podcasts, or webinars that have caught your attention. Drop your suggestions in the comments, and if you haven't already, subscribe for monthly updates.
Stay Safe and Informed! ???
Until next time,
Your Runecast Team