MetaCompliance Publishes the Definitive Playbook to Create a Culture of Cybersecurity Awareness

  • Global Cyber Security specialist, MetaCompliance, has announced the publication of a new book, Cyber Security Awareness For Dummies.

  • The book aims to act as an indispensable resource for implementing behavioural change and creating a culture of cyber awareness in organisations.

  • It will also help to provide employees with insight about their role in mitigating risk and help to secure valuable 'buy-in' within organisations.


Global Cyber Security specialist, MetaCompliance, has announced the publication of a new book, titled Cyber Security Awareness For Dummies.nAs cybercrime becomes more organised and sophisticated than ever before, the book aims to act as an indispensable resource for implementing behavioural change and creating a culture of cyber awareness in organisations. According to recent studies, the total annual cost of cybercrime for a company has jumped from $11.7 million in 2017 to a record high of $13 million.


It is estimated that almost 90% of all cyber attacks are caused by human error. Such statistics highlight the prevalence of security threats that organisations face today and the need to ensure Cyber Security awareness at all levels. Written by MetaCompliance CEO, Robert O'Brien and published in partnership with Wiley, Cyber Security Awareness For Dummies provides organisations with a best practice approach to implementing a Cyber Security awareness program. It has also been well documented that employee negligence has been responsible for some of the worst cyber breaches in history.



Read more: CISA RELEASES FIRST OF ITS SERIES OF SIX CYBERSECURITY ESSENTIALS TOOLKITS

We have noticed a significant shift in the Cyber Security landscape in recent years. Organisations of every size and in every industry have become potential targets for cybercriminals and new threats are continually emerging. It is critical that staff are aware of these cyber threats.

~ Robert O'Brien, Cyber Security thought leader


Robert O'Brien, award-winning Cyber Security thought leader and Cyber Security Awareness For Dummies Author, said "We have noticed a significant shift in the Cyber Security landscape in recent years. Organisations of every size and in every industry have become potential targets for cybercriminals and new threats are continually emerging. It is critical that staff are aware of these cyber threats. "Over the past 12 years, MetaCompliance has developed a wealth of experience helping our clients develop and implement staff Cyber Security awareness programs that work.


Organisations recognise the need to implement a cyber awareness plan, but it can be difficult to know where to start. We knew that there was a real need to create a definitive playbook for changing Cyber Security culture. Cyber Security Awareness For Dummies seeks to support organisations to truly change Cyber Security behaviours, create a culture around Cyber Security awareness, and educate employees about the important role they play in safeguarding their organisation.


Cyber Security Awareness For Dummies seeks to support organisations to truly change Cyber Security behaviours, create a culture around Cyber Security awareness, and educate employees about the important role they play in safeguarding their organisation.


Published in the well-known " for Dummies" style, the format is exactly what you would expect from a Dummies Guide, with step-by-step directions, tips, and advice all laid out according to Wiley's guidelines that have helped make the format so successful. Not only will the Dummies Guide be invaluable for those responsible for implementing Cyber Security awareness programs, but it will also help to provide employees with insight about their role in mitigating risk and help to secure valuable 'buy-in' within organisations.


MetaCompliance is a leading Cyber Security and compliance specialist dedicated to helping businesses keep their staff safe online, secure their digital assets, and protect their reputation and brand. With over 12 years' experience, MetaCompliance has developed a world leading SaaS platform that provides a one-stop-shop management solution to engage users, provide defence against cyber threats, and deliver regulator reporting. MetaPhish is a module of our cloud based Integrated User Awareness Management solution that delivers high quality, multilingual training experiences should the user click on the simulated phishing email. The system comes prepopulated with relevant and high quality content and provides extensive reporting to allow remediation of identified problem areas.


Read more: GOOGLE TOP CHOICE FOR CYBERCRIMINALS FOR BRAND-IMPERSONATION SPEAR-PHISHING CAMPAIGNS

Spotlight

Other News
Software Security

SCYTHE Latest Version 4.1 Introduces Enhanced Deployment Flexibility and AI-Driven Productivity Boost

Business Wire | November 02, 2023

SCYTHE, a leading provider of cybersecurity solutions, announces the release of SCYTHE 4.1, the latest evolution in its cutting-edge cyber resilience offering. This release brings new and enhanced features to empower organizations in their continuous efforts to strengthen their cybersecurity posture. SaaS Offering for Unparalleled Flexibility SCYTHE 4.1 introduces its initial Software as a Service (SaaS) offering, providing organizations with newfound deployment flexibility. This SaaS option offers the same robust capabilities as the on-premises version, ensuring that teams can choose the deployment model that best suits their needs without pricing changes. SCYTHE's commitment to flexibility ensures that organizations can secure their infrastructure on their terms. Advanced Agent Support with Scheduling for Continuous Testing To unlock even greater control over security testing, SCYTHE 4.1 introduces advanced agent support with scheduling. This feature allows organizations to perform continuous testing by automating the deployment and execution of security assessments at specified intervals. With the power of scheduling, teams can proactively identify threats, assess controls, and evaluate their readiness to respond to cyber threats. SCYTHE empowers organizations to maintain the highest level of cyber resilience without manual intervention. Cloppy - Your AI-Powered Security Analyst In a significant leap forward, SCYTHE unveils the early access beta release of "Cloppy," its supervised machine learning (ML)-based AI analyst chatbot. Cloppy enhances team productivity, job satisfaction, and cybersecurity capabilities by delivering instant insights and recommendations. This AI-driven assistant will leverage private knowledge base instances, ensuring sensitive information stays secure. Cloppy is poised to become a trusted companion for security professionals, providing real-time guidance and augmenting their decision-making processes. As cyber threats continue to evolve, so must our approach to cybersecurity. SCYTHE 4.1 represents our commitment to innovation and empowering organizations to stay ahead of cyber adversaries, said Marc Brown, Head of Product at SCYTHE. With our SaaS offering, advanced agent support, and the introduction of Cloppy, we're equipping organizations with the tools they need to enhance their cyber resilience while simplifying offensive security. SCYTHE 4.1 Platform is now available for both new and existing customers. For more information on SCYTHE's comprehensive cyber resilience solutions, please visit https://scythe.io. About SCYTHE SCYTHE represents a paradigm shift in cybersecurity risk management, empowering organizations to Attack, Detect, and Respond efficiently. The SCYTHE platform enables collaboration between red, blue, and purple teams to build and emulate real-world adversarial campaigns. SCYTHE's innovative dual-deployment options and comprehensive features ensure a proactive cybersecurity approach. Headquartered in Arlington, VA, SCYTHE is privately funded by distinguished partners dedicated to shaping a more resilient cybersecurity landscape.

Read More

Cloud Security

Checkmarx Introduces AI-Powered Checkmarx One Platform’s 3.0 Version

Checkmarx | October 12, 2023

Checkmarx, a leading provider of cloud-native application security solutions, has launched version 3.0 of its AI-powered Checkmarx One enterprise AppSec platform. Specifically developed for enterprise cloud development, Checkmarx One 3.0 enhances the developer experience significantly. It extends the AI-driven security features of the platform's CheckAI Plug-in, augments its reporting and analytics capabilities, and bolsters its Supply Chain Security solution, ensuring robust and efficient application security for enterprises. Sandeep Johri, CEO at Checkmarx, stated, Checkmarx One is the AI-driven application security (AppSec)platform for today and for the future. Enterprise CISOs now see the strength of their AppSec as critical to their overall security postures. Johri mentioned the importance of harnessing AI to safeguard intricate enterprise applications. They highlighted the need for the platform to be user-friendly for developers while providing a strong defense against software supply chain attacks. Checkmarx One Version 3.0 offers: AI-Powered Application Security Seamless Developer Experience Expanded Supply Chain Security Capabilities Advanced API Security Consolidated, Simplified AppSec Advanced Reporting and Analytics Amit Daniel, Chief Marketing Officer at Checkmarx, said, Checkmarx One offers tremendous and measurable benefits for our customers, improving both developer experience and application security for a more seamless faster time-to-market and AppSec experience. Daniel mentioned that a Fortune 500 customer tailored their AppSec solution, enhanced their AppSec skills through secure code training, and established a security champions program to connect development and AppSec teams. As a result, there was a 1600x increase in the number of vulnerabilities remediated, significantly enhancing enterprise security. About Checkmarx Checkmarx, a leader in enterprise application security, offers Checkmarx One, a cloud-native AppSec platform promoting DevSecTrust in enterprises. Informed by insights from their renowned AppSec security research team and powered by AI-driven technology, the platform empowers AppSec, CISOs, and development leaders to focus on key business impact areas. It secures every development phase for all applications, from initial coding to production, harmonizing the evolving needs of security and development teams. Going beyond traditional paradigms, Checkmarx ensures security permeates every aspect. The company serves 1,800+ customers, including 60% of Fortune 100 organizations, and is committed to its customers' safety and the security of applications shaping daily lives.

Read More

API Security

Data Theorem Introduces Industry’s First CNAPP Workflow Optimizations for Attack Path Analysis and Protection of APIs and Software Supply Chains

Business Wire | October 25, 2023

Data Theorem, Inc., a leading provider of modern application security, today introduced an industry-first attack path analysis of APIs and software supply chain exploits to its Cloud-Native Application Protection Platform (CNAPP) called Cloud Secure. The new release includes machine learning (ML)-based hacker toolkits and improved visualizations that boost discovery of potential data breaches in first-party APIs and third-party software supply chain assets hosted in multi-cloud environments. As a result of today’s launch, organizations can now leverage an advanced ML-based CNAPP solution to best secure their cloud-native apps and discover weaknesses which could lead to data breaches. Previously, organizations had to rely on cloud security posture management (CSPM) and agent-based cloud workload protection platforms (CWPP) that lack the ability to accurately detect attack surfaces such as first- and third-party APIs that lead to the critical path hackers utilize to successfully exploit vulnerabilities and extract sensitive data. Data Theorem’s new release of Cloud Secure now delivers Cloud Hacker Toolkits powered by a new set of visualization features and ML enhancements for exploit prioritization, helping organizations focus on the most critical vulnerabilities that hackers can take advantage of for a cyberattack to extract data from cloud-native apps. In addition, Cloud Secure now offers ML-powered optimized Cloud Assets inventory with new visualizations for organizations to better understand the relationships between applications (mobile and web), APIs (first and third party), and the myriad of cloud resources. As a result, organizations for the first time can have an accurate inventory of their cloud-native and cloud-hosted applications, and visualize the growing attack surfaces including APIs they develop themselves and APIs that come from leveraging open-source software, third-party software development kits (SDKs), and public cloud services within their software supply chains. As we have seen, machine learning, and particularly generative language learning model (LLM), offers a new set of innovations and creativity for both security practitioners and attackers, said Doug Dooley, Data Theorem COO. Data Theorem is pleased to offer the industry’s first CNAPP solution which leverages some of the more useful elements of machine learning combined with run-time analysis, observability, and active protection. Cloud Secure continues to lead the industry as the most application-centric CNAPP offering helping organizations uncover new attack vectors in cloud-native applications and APIs that ultimately prevent large-scale data breaches. ML-powered Hacker Tool Kits and Optimized Cloud Assets, in addition to Cloud Secure’s other advancements in this new release, uniquely protect organizations’ cloud applications in multi-cloud environments. Cloud Secure now also offers a new UI design that improves the end-to-end CNAPP workflow for organizations with new dashboard, inventory, security testing, and cloud-native protection sections. For example, the Cloud-Native Protection visualization graph with Cloud Abuse highlights priority events, actors, and attack path analysis that uniquely helps organizations diagnose near real-time data breaches and attempts at exfiltration attacks. In addition, Cloud Secure’s Enhanced Compliance Summary section with status and on-demand reporting downloads automates the audit processes to help organizations prove compliance. Cloud Secure, powered by Data Theorem’s award-winning Analyzer Engine, helps organizations secure their cloud-native applications and address regulatory compliance for cloud monitoring and reporting. It is the industry’s first solution delivering full-stack attack path analysis for cloud-native applications that starts at the client layer (mobile and web), protects the network layer (APIs), and extends down through the underlying infrastructure (cloud services). Its combination of attack path analysis and run-time active protections enables both offensive and defensive security capabilities to best prevent data breaches of cloud-native applications, embedded APIs, and serverless cloud functions. Data Theorem’s broad AppSec portfolio protects organizations from data breaches with application security testing and protection for modern web frameworks, API-driven microservices and cloud resources. Its solutions are powered by its award-winning Analyzer Engine which leverages a new type of dynamic and runtime analysis that is fully integrated into the CI/CD process, and enables organizations to conduct continuous, automated security inspection and remediation. Data Theorem is one of the first vendors to provide a full stack application security analyzer that connects attack surfaces of applications starting at the client layers found in mobile and web, the network layers found in APIs, and the infrastructure layers found in cloud services. About Data Theorem Data Theorem is a leading provider of modern application security, helping customers prevent AppSec data breaches. Its products focus on API security, cloud (serverless apps, CSPM, CWPP, CNAPP), mobile apps (iOS and Android), and web apps (single-page apps). Its core mission is to analyze and secure any modern application anytime, anywhere. The award-winning Data Theorem Analyzer Engine continuously analyzes APIs, Web, Mobile, and Cloud applications in search of security flaws and data privacy gaps. The company has detected more than 5 billion application incidents and currently secures more than 25,000 modern applications for its enterprise customers around the world. Data Theorem is headquartered in Palo Alto, Calif., with offices in New York and Paris. For more information visit www.datatheorem.com.

Read More

Data Security

Canadian Federal Government Choose Netskope as Preferred Vendor

Netskope | September 11, 2023

Netskope, an industry-leading secure access service edge (SASE) provider, has announced that it has been chosen as the preferred cloud access security broker vendor for the Canadian Federal Government under the cybersecurity procurement vehicle (CSPV) of Shared Services Canada (SSC). The objective of the SSC cloud access security broker CSPV is to provide government users with secure access to cloud-based applications, including all software-as-a-service (SaaS) applications, regardless of their location. The Government of Canada (GC) selected Netskope after a competitive bidding process for a commercially available cloud access security broker service to fulfill its business requirements across various government organizations and agencies. The cloud access security broker service aims to facilitate the continued adoption, utilization, and delivery of SaaS cloud services by GC departments. The cloud access security broker service will improve the security posture of GC applications, services, and data as they are migrated to public cloud environments, permitting complete visibility and monitoring of GC cloud environments to detect, prevent, and respond rapidly to cyber threats; and ensuring the privacy, confidentiality, and protection of GC data in accordance with GC policies. As an integral part of Netskope Intelligent Security Service Edge (SSE), Netskope's market-leading cloud access security broker enables agencies to detect and manage the usage of cloud applications rapidly, irrespective of whether they are managed or unmanaged, and safeguard sensitive data from being stolen by malicious cybercriminals or risky insiders who have compromised the technology environment. A cloud access security broker is a cloud-based or on-premises security policy enforcement point situated between cloud service providers and consumers to combine and insert enterprise security policies when cloud-based resources are accessed. With a cloud access security broker solution, agencies can manage the unintentional or unauthorized transfer of sensitive data between cloud application instances while expediting security workflows with simple policy controls and incident response management. Paul Tanasi, Federal Regional Manager, Netskope, said, With the hybrid workforce becoming the new normal, Canadian government departments and agencies are relying more and more on giving their users direct-to-cloud access to SaaS applications and to web applications in general. [Source – Cision PR Newswire] Paul Tanasi further mentioned that there is a requirement to ensure these users' security and regain some of the visibility and control they were accustomed to when everyone worked from the office. A solution is required to tackle risks associated with cloud services, enforce security policies, and adhere to regulations, mainly when dealing with cloud services that are located outside their network perimeter and beyond their direct control. Netskope's CASB solution would offer the capability to adopt cloud applications and services confidently without compromising security or performance. About Netskope Netskope, an industry leader in SASE, assists organizations in implementing zero trust principles and AI/ML innovations to safeguard data and defend against cyber threats. The company's platform offers optimized access and real-time security for devices, people, and data, regardless of their location. Netskope assists customers in mitigating risk, accelerating application performance, and gaining unparalleled visibility into cloud, web, and private application activity. Thousands of clients rely on Netskope and its robust NewEdge network to combat evolving threats, technology shifts, new risks, organizational and network changes, and others.

Read More