Multi-Factor Authentication (MFA)
MFA enhances security by requiring multiple verification methods for access, combining something known (password), something owned (token), or biometrics. Reduces risk of unauthorized access.
Will 2025 See a Rise of NHI Attacks?
2024 saw a surge in non-human identity (NHI) attacks, raising concerns for 2025. Significant breaches included Cloudflare's access token failure, compromised GitHub credentials resulting in data leaks at the New York Times, and attacks on Adobe Commerce affecting online stores. Other incidents involved exposed AWS and Microsoft Azure keys compromising user data, Schneider Electric's data theft through Jira credentials, and exploits via a critical vulnerability in Palo Alto Networks tools. NHI threats are expected to escalate, necessitating proactive measures from security teams.
https://www.darkreading.com/vulnerabilities-threats/will-2025-see-rise-nhi-attacks
ENISA: Embedding Resilience in Critical Infrastructure
ENISA, led by Marnix Dekker, focuses on enhancing cybersecurity for critical infrastructure in the EU, emphasizing support for smaller suppliers against supply chain attacks. Compliance with the new NIS2 regulations is key to maintaining operational resilience. ENISA aims for harmonized security practices across member states to avoid fragmented approaches that could hurt collective cybersecurity. Dekker's team works on implementing NIS directives and fostering collaboration to aid less-secure sectors.
https://www.databreachtoday.com/enisa-embedding-resilience-in-critical-infrastructure-a-27351
TR-92 – Unused Domain Names and the Risks of Missing DNS SPF Records
Unused domains pose security risks due to missing DNS SPF records, enabling phishing and malware attacks. Organizations should inventory domains, implement SPF, DKIM, and DMARC records, regularly audit DNS configurations, and educate staff on cybersecurity. Addressing these vulnerabilities is essential for protecting the organization’s reputation.
Sema4.ai
Sema4.ai offers an Enterprise AI Agent Platform to enhance productivity, automate complex tasks, and improve efficiency for businesses. The platform allows users to build and manage intelligent AI agents capable of handling high-value work, from invoice reconciliation to regulatory compliance. Sema4.ai agents operate continuously, integrating easily with existing systems, and utilize enterprise-approved LLMs and data for optimal performance.
Deforestation Regulation (EUDR)
EUDR aims to curb deforestation by imposing strict regulations on European imports linked to deforestation. It requires businesses to ensure products are sourced sustainably, enhancing traceability and compliance. Non-compliance leads to penalties, promoting global reforestation efforts and sustainable land management.
Corporate Sustainability Reporting Directive (CSRD)
CSRD: EU directive mandating companies report on sustainability efforts, aiming for transparency, accountability, and alignment with climate goals. Enhances disclosure standards, promotes sustainable finance, and supports EU Green Deal.
Network and Information Systems (NIS2)
NIS2 Directive: EU cybersecurity legislation enhancing network information security for critical sectors, expanding scope, improving risk management, and increasing penalties for non-compliance.
Software Bill of Materials (SBOM)
SBOM: List of software components in a product. Enhances transparency, security, and compliance. Supports vulnerability management and risk assessment. Essential for supply chain safety and regulatory requirements.
Data Cleansing
Data Cleansing: Process of identifying and correcting errors in data to improve quality. Involves removing duplicates, fixing inconsistencies, validating accuracy, and standardizing formats. Essential for reliable analysis and decision-making.