The cyber risk landscape changes quickly. In the last few years we’ve seen a rise in the number of ransomware attacks, and the end of 2021 was marked by the Log4J vulnerability. As data stacks get bigger and more difficult to defend, you may be wondering what threats are on the horizon in 2022. Based on what we’ve seen so far, the coming year’s risks are likely to be fairly familiar.

Software supply chain risks are escalating. Between 2020 and 2021, bad actors launched nearly 7,000 software supply chain attacks, representing an increase of more than 600%. Without identifying and managing security risks within the supply chain, you could be exposing your critical assets to attacks. Implementing a supply chain risk management strategy is essential to staying ahead of the potential threats and making the most of your software.

In the world of cybersecurity, artificial intelligence (AI) has changed the way we discover, respond, and recover from cyberattacks. But despite the several advancements of AI in cybersecurity, cyberattacks are becoming more and more dangerous because of AI. Cybercriminals are now leveraging existing artificial intelligence tools and AI-based technologies for use in their own attacks, and as a result, cyber threats and attacks are becoming harder to prevent.

According to the FBI Internet Crime 2020 Report, phishing scams were the most prominent attack in 2020 with 241,342 complaints reported and adjusted losses of $54 million. In particular, whaling (a highly targeted phishing attack) has been on the rise and is only expected to grow from here. A whaling attack targets high-profile executives with access to valuable information and systems. Let’s take a closer look at whaling attacks and how to stay protected.

Viruses, worms, ransomware — even the least tech-savvy among us know what these are, and want to avoid them if at all possible. What do they all have in common (besides the fact that they can lock up your devices and attempt to steal your data)? They all fall under the malware umbrella.

In a recent webinar, SecurityScorecard hosted Justin Herring, Executive Deputy Superintendent, Cybersecurity Division of the New York Department of Financial Services (DFS), and Luke Dembosky, Partner and Co-Chair of the Data Strategy & Security practice at Debevoise & Plimpton, to discuss DFS’s top cybersecurity priorities this year, current enforcement and to examine trends, and the regulatory environment around cybersecurity in 2022.

I am excited to share that SecurityScorecard is now formally a member of the Information Technology Sector Coordinating Council (IT-SCC). Established in 2006, the IT SCC is the principal entity for coordinating with the government on a wide range of critical infrastructure protection activities and cybersecurity issues.

The hybrid workplace is here to stay. If the past couple of years have proved anything, it’s that many workers enjoy working remotely, or like the flexibility of working from home part-time. Organizations also appreciate the benefits of a hybrid workplace; according to Gartner, 48% of employees will likely work remotely at least part of the time after COVID-19, as opposed to the 30% of employees who did so before the pandemic.

The term Governance, Risk, and Compliance (relatively known as its acronym ‘GRC’) is an integrated strategy for managing an organisation’s overall governance procedures, enterprise risk management, and regulatory compliance.

While the digital world provides many benefits, there are also various risks involved within the third-party risk category. Also, the category of the risks can be quite long i.e. financial, environmental, security risk and reputational. Firms are often required to open their network and share data related to the company, employees, customers etc. which puts them at significant risk of cybersecurity issues, breaches and loss of sensitive data.

PII, or Personally Identifiable Information, is any information that directly or indirectly identifies an individual, such as name, address, payment information, or contact information. The U.S. The Department of Homeland Security defines a second category of PII: Sensitive PII, which includes Social Security Numbers, driver’s license numbers, Alien Registration numbers, financial or medical records, biometrics, and criminal history.

Vendors are a key part of every business and, therefore, every organization’s security. Yet, one of the biggest challenges for security and third-party risk management teams is tracking down their vendors. It’s no wonder that 65% of organizations don’t know which third parties have access to their most sensitive data. On top of that, vendor risk management teams need to worry about who their vendors’ vendors are – namely their fourth parties.

When was the last time you purchased a product that was in a container? If you are a typical consumer, you probably have done so in the last few days. There is an entire industry that focuses on these containers. Consumer Packaged Goods (CPG) is an industry term for merchandise that is used and replaced on a frequent basis.

Our world is changing rapidly. More than ever, organizations are reliant on digital technologies to do business. Cyber threats continue to evolve as adversaries seek to exploit digital connections for financial gain. Today, SecurityScorecard has announced the acquisition of LIFARS, a global leader in digital forensics, incident response, ransomware mitigation and cyber resiliency services.

Cyber attacks are major threats to organizations and industries across the board. And as technology advances, cybersecurity continues to be the focus that requires serious attention. However, many have weaknesses and gaps in their cybersecurity strategy. Common weaknesses can include the failure to identify and mitigate risks, as well as maintain compliance in the industry – leaving organizations more vulnerable to attacks.

Threat analysis and risk assessment (commonly referred to as TARA) are the key activities that should be carried out by all organisations whether they are enterprises or small scale companies. At present, there are many methodologies for how risk assessment and threat analysis can be performed.

With the release of our new Badges feature, you can add a “Seal of Trust” to your website so your partners can easily see a snapshot of your security health.

This blog was written by an independent guest blogger. Ambitious information security experts serve as a critical part of cyber risk management. The corporation is responsible for structuring IT and information security activities to protect its data resources, such as hardware, software, and procedures. To stay competitive, enterprises must design and establish secure environments that retain confidentiality and privacy while also ensuring the integrity of corporate information.

A botnet is a cluster of machines that are infected with malware, enabling hackers to control them and unleash a string of attacks. Most commonly, botnets come in the form of distributed denial of service (DDoS) attacks, and recently the Microsoft Azure DDoS Protection team reported a 25% increase in these attacks when compared to the first half of 2021. Recent advances in technology have opened up a world of new opportunities for both consumers and businesses.

Does the saying "compliance does not equal security" paint a holistic picture? Sure, the concept is genuine; meeting a single compliance standard will not directly improve security posture. However, after working with hundreds of organizations, we have learned there are key considerations that can help maximize the value and urgency of compliance requirements by channeling such efforts into more practical risk assessments.

A recent survey by the analyst firm Gartner showed that 89% of companies experienced a supplier risk event in the last five years; however, those companies' overall awareness and plans to mitigate lacked maturity. As a result, it is no longer enough to secure your own company's infrastructure. You must also evaluate the risk posed by third-party vendors and plan to monitor those organizations for breaches.