Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2023

4 Tips for Reducing Your Company's Cyber Exposure

If your organization is like many others, its cyber exposure continues to grow over time. During the pandemic, as attackers sought to exploit unprecedented changes in work environments, 35% of cyberattacks used previously unseen malware or methods, up from the norm of 20%. And with the average enterprise using well over 1,000 cloud services, it can be very difficult to get a handle on potential vulnerabilities or to know when risks will pop up.

What are Backdoor Attacks and How Can You Defend Against Them?

Backdoor attacks are on the rise. In 2022, this relatively little known cyberattack vector overtook ransomware as the top action deployed by cybercriminals. According to the IBM Security X-Force Threat Intelligence Index 2023, nearly a quarter of cyber incidents involved backdoor attacks. But what is a backdoor attack and how can you protect your organization from becoming a victim? Let’s explore this stealthy threat.

Financial Services Cybersecurity: 4 Ways to Combat Modern Threats in this Vulnerable Sector

The financial services sector is one of the highest performing in terms of cybersecurity. One factor that contributes to this performance is regulation. Laws such as FFIEC IT, the Gramm-Leach-Bliley Act, NYDFS, GDPR, and SOC2 have placed pressure on financial services companies to build and enforce some of the strongest cyber risk management programs across any industry. You should consider another factor, which is money.

Leaders Embrace New SEC Cybersecurity Regulations

On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) voted to adopt new cybersecurity requirements for publicly traded companies, creating new obligations for reporting “material” cybersecurity incidents and requiring more detailed disclosure of cybersecurity risk management, expertise, and governance. Companies will be required to disclose risks in their annual reports beginning on December 15, 2023.

New research reveals rapid remediation of MOVEit Transfer vulnerabilities

The recent discovery of a critical vulnerability in the MOVEit file transfer software is the latest driver in a series of high-profile software supply chain incidents. On May 31st 2023, Progress – the developer of MOVEit – published an advisory alerting the community to a critical vulnerability in its MOVEit Transfer product. The vulnerability, now tracked as CVE-2023-34362, allows an attacker to gain access to MOVEit’s database to steal and/or alter the contents.

Diligent and Bitsight Partner to Increase Board Confidence in Cyber Risk Oversight

Today, Bitsight and Diligent launched an extension of our partnership focused on correlated, independent, and comparable cyber ratings from Bitsight within Diligent’s Board Reporting for IT Risk. Streamlined data collection and standardized dashboards enable CISOs to deliver clear and consistent insights to the board leveraging Bitsight and Diligent solutions.

Not all cybersecurity analytics are created equal: What CISOs should look for

Cybersecurity leaders are always working to make smarter investments to improve their programs. Not only do they look to reduce risk from the expanding attack surface and manage supply chain risk, they’re also juggling external pressures from regulators, insurers, and shareholders. As leaders look to technology solutions to help, many look at data analytics to reduce their organization’s risk, manage exposure, and improve overall program performance.

Exposure Management: Best Practices for Getting Ahead of Cyber Risk

As your organization's attack surface expands—spanning across the cloud, remote locations, and interconnected digital supply chains—the potential for cyber risk exposure grows. Implementing a proactive cybersecurity exposure management program can enhance your understanding of your organization's cyber risk posture and facilitate informed decision-making about how to best allocate investments and resources.

4 Tips for Effective Cyber Vigilance as Your Attack Surface Expands

Cyberattacks are on the rise. In 2022, there was a 38 percent increase in global attacks compared to the previous year—and security teams are struggling to keep up. It now takes an average of 277 days for teams to identify and contain a breach. With so many alerts being received by the Security Operations Centers (SOCs) each day, how do teams decide which issues to address first?

Cyber Security Risk Modeling: What Is It And How Does It Benefit Your Organization?

As cyber security threats proliferate, cyber risk conversations are no longer limited to the Security Operations Center (SOC); they command the attention of the C-suite and the boardroom. Ultimately, cyber-crime is a significant and prominent issue. The average cost of a data breach in the U.S. has soared to nearly $9.44 million this year. Since 2018, cyber insurance carriers report that incident-related claims increased by an astonishing 486%, the majority being ransomware-related.

Continuous Security Monitoring - 5 Key Components

Utilizing a continuous security monitoring strategy for the purposes of cybersecurity can give your security team higher visibility into your threat landscape. To get the most value when investing in continuous security monitoring you first need to understand how data can be compromised. The three main ways are: In the current security landscape, it is imperative to engage in ongoing security monitoring. Doing so in to actively prevent the occurrence of the aforementioned situations.

Underwriting Cyber Risk Part 2: Metrics to Track Cyber Hygiene

Cyber insurers regularly get requests for new business and increased limits. How can they determine which organizations will be a risk worth taking? In my previous blog, I discussed how understanding an applicant’s cyber hygiene is the best indicator of whether they may experience a successful ransomware or other cyber attack. In this blog, I’ll walk through how to measure an applicant's cyber hygiene and which metrics are categorically proven to stand out.

What is cyber risk exposure and how can you manage it?

Cybersecurity is not an easy task. New threats are constantly emerging—in your IT infrastructure and that of your vendors and partners. But, as a cybersecurity leader, you can help your organization mitigate these threats if you adopt cyber risk exposure management practices. In this blog, we explore everything you need to know about how cyber risk exposure and management can help you reduce the risk of gaps and vulnerabilities in your network and across your third-party supply chain.

Creating A Successful Third Party Risk Management Program

As digital transformation picks up pace, companies are working with more vendors than ever. According to Gartner, 60% of organizations now work with more than 1,000 third-party vendors — including partners, sub-contractors, and suppliers. These third parties are essential to helping businesses grow and stay competitive, but third parties can also introduce unwanted cyber risk and overhead into the organization.

Underwriting Cyber Risk Part 1: Focus on Cyber Hygiene

Cyber risk uncertainty is growing. Despite massive spending worldwide to the tune of $173 billion, cyber attacks keep occurring. Ransomware attacks—a type of cyberattack that encrypts an organization's network or locks users out of their devices and requires a ransom before restoring access—are costing companies 20 days of downtime on average. Within the next few years, nearly half of companies worldwide will experience cyber attacks on their software supply chains.

3 Key Metrics to Include in Your Cybersecurity Risk Analysis

Every organization faces cyber risk. But that risk can vary by industry, business size, the regulatory environment, supply chain, and more. Understanding your security risk posture is essential for targeting your security budget and effective resource allocation. Conducting a risk assessment can assist you in this endeavor, but to gain optimal insights, you should also include a comprehensive cybersecurity risk analysis as part of this process.