If your organization is like many others, its cyber exposure continues to grow over time. During the pandemic, as attackers sought to exploit unprecedented changes in work environments, 35% of cyberattacks used previously unseen malware or methods, up from the norm of 20%. And with the average enterprise using well over 1,000 cloud services, it can be very difficult to get a handle on potential vulnerabilities or to know when risks will pop up.

Backdoor attacks are on the rise. In 2022, this relatively little known cyberattack vector overtook ransomware as the top action deployed by cybercriminals. According to the IBM Security X-Force Threat Intelligence Index 2023, nearly a quarter of cyber incidents involved backdoor attacks. But what is a backdoor attack and how can you protect your organization from becoming a victim? Let’s explore this stealthy threat.

The financial services sector is one of the highest performing in terms of cybersecurity. One factor that contributes to this performance is regulation. Laws such as FFIEC IT, the Gramm-Leach-Bliley Act, NYDFS, GDPR, and SOC2 have placed pressure on financial services companies to build and enforce some of the strongest cyber risk management programs across any industry. You should consider another factor, which is money.

On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) voted to adopt new cybersecurity requirements for publicly traded companies, creating new obligations for reporting “material” cybersecurity incidents and requiring more detailed disclosure of cybersecurity risk management, expertise, and governance. Companies will be required to disclose risks in their annual reports beginning on December 15, 2023.

The recent discovery of a critical vulnerability in the MOVEit file transfer software is the latest driver in a series of high-profile software supply chain incidents. On May 31st 2023, Progress – the developer of MOVEit – published an advisory alerting the community to a critical vulnerability in its MOVEit Transfer product. The vulnerability, now tracked as CVE-2023-34362, allows an attacker to gain access to MOVEit’s database to steal and/or alter the contents.

Today, Bitsight and Diligent launched an extension of our partnership focused on correlated, independent, and comparable cyber ratings from Bitsight within Diligent’s Board Reporting for IT Risk. Streamlined data collection and standardized dashboards enable CISOs to deliver clear and consistent insights to the board leveraging Bitsight and Diligent solutions.

Cybersecurity leaders are always working to make smarter investments to improve their programs. Not only do they look to reduce risk from the expanding attack surface and manage supply chain risk, they’re also juggling external pressures from regulators, insurers, and shareholders. As leaders look to technology solutions to help, many look at data analytics to reduce their organization’s risk, manage exposure, and improve overall program performance.

As your organization's attack surface expands—spanning across the cloud, remote locations, and interconnected digital supply chains—the potential for cyber risk exposure grows. Implementing a proactive cybersecurity exposure management program can enhance your understanding of your organization's cyber risk posture and facilitate informed decision-making about how to best allocate investments and resources.

Cyberattacks are on the rise. In 2022, there was a 38 percent increase in global attacks compared to the previous year—and security teams are struggling to keep up. It now takes an average of 277 days for teams to identify and contain a breach. With so many alerts being received by the Security Operations Centers (SOCs) each day, how do teams decide which issues to address first?

As cyber security threats proliferate, cyber risk conversations are no longer limited to the Security Operations Center (SOC); they command the attention of the C-suite and the boardroom. Ultimately, cyber-crime is a significant and prominent issue. The average cost of a data breach in the U.S. has soared to nearly $9.44 million this year. Since 2018, cyber insurance carriers report that incident-related claims increased by an astonishing 486%, the majority being ransomware-related.

Utilizing a continuous security monitoring strategy for the purposes of cybersecurity can give your security team higher visibility into your threat landscape. To get the most value when investing in continuous security monitoring you first need to understand how data can be compromised. The three main ways are: In the current security landscape, it is imperative to engage in ongoing security monitoring. Doing so in to actively prevent the occurrence of the aforementioned situations.

Cyber insurers regularly get requests for new business and increased limits. How can they determine which organizations will be a risk worth taking? In my previous blog, I discussed how understanding an applicant’s cyber hygiene is the best indicator of whether they may experience a successful ransomware or other cyber attack. In this blog, I’ll walk through how to measure an applicant's cyber hygiene and which metrics are categorically proven to stand out.

Cybersecurity is not an easy task. New threats are constantly emerging—in your IT infrastructure and that of your vendors and partners. But, as a cybersecurity leader, you can help your organization mitigate these threats if you adopt cyber risk exposure management practices. In this blog, we explore everything you need to know about how cyber risk exposure and management can help you reduce the risk of gaps and vulnerabilities in your network and across your third-party supply chain.

For years, cybersecurity teams had a blank check to spend on their efforts. Between rampant ransomware, an exploded distributed workforce post-pandemic, and the uncertainty surrounding digital transformation, CISOs and security teams were given the reins to spend how they pleased. That’s no longer the case. Now, economic headwinds are leading to trimmed budgets and cut resources. To make matters more challenging, sophisticated boards are asking harder questions around cyber risk and exposure.

As digital transformation picks up pace, companies are working with more vendors than ever. According to Gartner, 60% of organizations now work with more than 1,000 third-party vendors — including partners, sub-contractors, and suppliers. These third parties are essential to helping businesses grow and stay competitive, but third parties can also introduce unwanted cyber risk and overhead into the organization.

Cyber risk uncertainty is growing. Despite massive spending worldwide to the tune of $173 billion, cyber attacks keep occurring. Ransomware attacks—a type of cyberattack that encrypts an organization's network or locks users out of their devices and requires a ransom before restoring access—are costing companies 20 days of downtime on average. Within the next few years, nearly half of companies worldwide will experience cyber attacks on their software supply chains.

Every organization faces cyber risk. But that risk can vary by industry, business size, the regulatory environment, supply chain, and more. Understanding your security risk posture is essential for targeting your security budget and effective resource allocation. Conducting a risk assessment can assist you in this endeavor, but to gain optimal insights, you should also include a comprehensive cybersecurity risk analysis as part of this process.