New year = New content from Nightfall
The Nightfall blog is a resource for cybersecurity professionals to learn more about the challenges we face in the industry. Every week Nightfall publishes news and insights from the world of cloud security, and success stories of how modern organizations across different industries are protecting their data.
In December, Nightfall AI launched our CISO Insider podcast, where we host CISOs across different industries to learn about their pathways to the role, challenges they face, and other insights that can help anyone starting out in information security. The first season kicked off with a two-part episode featuring a discussion with Sisense’s Chief Security & Trust Officer, Ty Sbano. On the Nightfall blog, we examine some key security vulnerabilities within Google Drive and how to prevent them, plus lessons from the biggest GitHub security incidents of 2020.
We want to share our best wishes with you for a safe and prosperous 2021. Happy New Year, and thanks for keeping up with Nightfall!
CISO Insider S1E1 – “Cybersecurity is a mindset” with Ty Sbano, Part 1
CISO Insider is a podcast interview series that features CISOs and security executives with a broad set of backgrounds, from hyper-growth startups to established enterprises. Through these interviews, we’ll learn how industry experts overcame obstacles, navigated their infosec careers, and created an impact in their organizations.
We’re excited to kick off season 1 with Sisense’s Chief Security & Trust Officer, Ty Sbano, as our very first guest. In part 1 of our chat, Ty discusses his path to the CISO role: his early beginnings, his learnings on the job, and how to find the right balance while building a career.
Listen to the podcast premiere episode and read the transcript on our blog here. For questions, feedback, and suggestions about CISO Insider, including suggestions for CISOs you’d like to hear from, please email us at support@nightfall.ai.
CISO Insider S1E2 – “You have unlimited questions left” with Ty Sbano, Part 2
In part 2 of our chat with Sisense’s Chief Security & Trust Officer, Ty Sbano, he shares thoughts on finding community within the infosec industry, plus some must-listen security podcasts, and things for early career professionals to look out for as COVID-19 extends into 2021.
Subscribe to the podcast at CISOInsider.com to get the latest episodes delivered to your inbox. Stay tuned for the rest of our season 1 lineup launching this month, with guests like Compass CISO J.J. Agha and Everlaw VP of Security and Compliance Lisa Hawke.
Listen to part 2 of our interview with Ty on CISO Insider and read the transcript on our blog here.
3 Critical Lessons from 2020’s Largest GitHub Leaks
2020 has been a very challenging year for teams and organizations across the world. This year a lot of focus has been placed on the adoption of new cloud tools like Zoom, Slack, and the many other platforms that were critical for enabling remote work widely across organizations.
However, as a result, problems that have been plaguing organizations for years — like data leakage from cloud platforms such as Git-based codebases — have flown somewhat under the radar this year. This problem has been illustrated by a number of high profile news stories about companies exposing data within code repositories.
Read lessons from last year’s biggest GitHub leaks and what developers and security teams should know.
Why Third-Party Risk on Google Drive Should Be a #1 Concern
Sharing Google Workspace files with clients and partners feels like a normal part of doing business – especially as so many companies move to remote work. However, each time you share a file with someone outside of your organization, you increase what’s known as third-party risk.
Third-party risk can open your business up to all types of internet security breaches, including IP theft, phishing attacks, malware, and data exfiltration. Google Drive is one of the more vulnerable content service platforms to third-party risks.
Read what users need to know about third-party risk on Google Drive, as well as some tactics to help you maintain strict governance on this platform.
Threat Alert: Protect Your Files from New Google Drive Security Risks
Earlier this year, the news broke of a new method that attackers were using to infiltrate Google Drive. Although the vulnerability has since been widely publicized, few people realize that Google Drive is a favorite vector for hackers.
Phishing is one of the most common – and effective – types of cyber threats, and this particular example targeted users who were uploading and managing different versions of a file. Spear-phishing is a more targeted form of attack, in which emails or Google Drive links containing malware are sent to well-researched victims.
Read how to tighten your security on Google Drive to prevent spear-phishing and other vulnerabilities common on this platform.