Most Companies Suffered a Cloud Data Breach in the Past 18 Months

Hello All. Interesting post from Help Net Security. Here is an excerpt:

Nearly 80% of the companies had experienced at least one cloud data breach in the past 18 months, and 43% reported 10 or more breaches, a new Ermetic survey reveals.

cloud data breach

According to the 300 CISOs that participated in the survey, security misconfiguration (67%), lack of adequate visibility into access settings and activities (64%) and identity and access management (IAM) permission errors (61%) were their top concerns associated with cloud production environments.

Meanwhile, 80% reported they are unable to identify excessive access to sensitive data in IaaS/PaaS environments. Only hacking ranked higher than misconfiguration errors as a source of data breaches.

Full article can be found at:

Virtual Conference Presentations

Hello All. I am thrilled to learn that even though a number of conferences that I was scheduled to speak at that were canceled have decided to go virtual and asked me to present. So it looks like I will be presenting my talk on preparing security teams for threat hunting at ISACA CACS North America. I am still waiting on the confirmed dates for this.

It also looks like I may be presenting on using NIST CSF to assess the maturity of your cybersecurity program for the ISACA Los Angeles chapter. Dates are TBD.

Home Isolation – Day 11

Hello All. Another one bites the dust due to COVID-19. The FIRST Annual Conference in Montreal, QC that was to be held in June of this year has been cancelled. I should have been prepared for this – I guess in the back of my mind, I was hoping for the best. I am beyond heartbroken given I am a member of FIRST and have spoken in the past at their events and they are wonderful.

The cancellation is due to the event scheduled for June 21-26, 2020 and the Canadian government having extended its ban on foreign nationals traveling to Canada through June 30, 2020.

Anyhow, will wait to see if they reschedule it or do something virtual. If they don’t, I may try to do my workshop on Sysmon via Zoom or WebEx. Stay tuned.