If you missed the first part of our series (What will be the top cybersecurity threats in 2023?) we highly recommend you go check it out here. ‍

We’ve all got our heads in the cloud, or if not yet, we’re well on our way there. In other words, the process of digital transformation is happening at such a pace that almost all organizations will soon be working in the cloud and using cloud-native technology. Analyst Gartner has predicted that by 2025, over 95% of new digital workloads will be deployed on cloud-native platforms. This represents a 30% growth from 2021.

The idea behind “SPoF,” or “Single Point of Failure,” is that if one part of a system fails, then the entire system fails. It’s not desirable. In IT and security circles, if a system or application can be disrupted or degraded severely by the failure of just one component or subcomponent, then we usually deem the design to have a flaw.

As we look towards 2023, it is important to gain insight from top cybersecurity experts on the emerging threats and trends in the field. In this interview series, we spoke with four leading CISOs in order to gain their perspective on the threats, trends, and their personal goals as CISOs in 2023. Meet our panel of distinguished CISOs who will impart their foresight and guidance on the future of cybersecurity in 2023. ‍ ‍

Having effective enterprise cybersecurity is more than having your employees create a password that isn’t their pet’s name—unless perhaps their cat’s name is at least 12 characters long, and a combination of upper- and lower-case letters and symbols. Whether it’s well-researched spearphishing attempts or bypassing MFA, threat actors have only become more daring.

SecurityScorecard has been in Davos, Switzerland for the past week with heads of state, CEOs, and other global leaders as part of the 2023 World Economic Forum’s Annual Meeting. Along with climate change, sustainability, and geopolitical complexities, cybersecurity is one of the hottest topics of WEF’s official programming and the myriad private events that are part of the Davos annual experience.

The Fourth Industrial Revolution, with its accelerating pace of digitization and automation, means that organizations are becoming more dependent on data processing and connectivity to deliver value to their customers and stakeholders. Threat actors exploit this growing attack surface to achieve their aims: fraud, extortion, harassment, espionage, and other harms. They are smart, adaptive, and ruthless—and getting rich as a result.

Two years ago, Kovrr took a unique approach to cyber risk modeling of financial quantification (FQ) and expanded to the enterprise market. After a long time of quantifying risks of portfolios for global insurers and reinsurers, Kovrr was able to build expertise around quantifying risk with specific expertise in acquiring high-quality data to feed our models and fast time to value using automation.

Whether or not you believe in omens and superstition , Friday the 13th is a day of infamy. To celebrate—if that’s a thing—let’s look at some creepy cyber incidents that will have your skin crawling in good old Friday the 13th fashion.

Third party risk assessment is the process of evaluating and managing the risks associated with engaging third parties. It involves identifying, assessing, and mitigating potential risks that could arise from working with external vendors or partners. The goal of this type of assessment is to ensure that any risks posed by these relationships are minimized or eliminated altogether.

During the last week of December, a threat actor who goes by the name “Ryushi”, claimed to be selling public and private data of 400 million Twitter users, which was scrapped in 2021, using an API vulnerability which was fixed by Twitter in 2022. Since then, Ireland’s Data Protection Commission (DPC) notified that it "will examine Twitter's compliance with data-protection law in relation to that security issue".

Malware is short for "malicious software" and refers to any software program that is designed to harm or exploit a computer or device. And unfortunately, malware is all over the internet, with 560,000 new pieces of malicious software detected every day. It can come from many potential sources, including: It’s vital for organizations to understand the risks malware poses and take effective measures to stop potential threats.

Cloud computing is a powerful service, but securing its assets proves to be a difficult task by even the largest companies in the world. The average cost of a cloud breach is around $4 million, and it is vital that cloud workloads are as secure as possible. This article will explain cloud security and provide seven steps organizations should take when conducting their cloud risk assessment.

‍ Even maintaining current budgets can be hard as companies look for cost savings in non-revenue-generating areas. But you don’t have to wait for a cyber attack to occur to prove that you need to invest in cybersecurity. ‍ Instead, CISOs can demonstrate the ROI of their current spend, and potentially convince other leaders to increase budgets, by using cyber risk quantification (CRQ).

It’s estimated that 63.5 percent of the world’s total population—or 5.07 billion people—uses the Internet today, with a projected 30.9 billion devices connected to the Internet by 2025. (This means even more proving to CAPTCHAs that we’re not robots–good luck picking out all the fire hydrants in the grids!) With more people working from home, combined with a greater reliance on cloud services and ecommerce, the potential for cyberattacks has never been higher.

CISOs – the senior level executives responsible for developing and implementing cybersecurity programs for corporations and other organizations – are not happy campers these days. And it’s not just because they are chronically understaffed and under constant pressure.

I am yet to meet a CISO who has been given unlimited resources to secure the organization, and in almost all cases, there is more work that can be done to improve security. So given infinite time and resources, how to prioritize the next strategic initiative or project? The increasing maturity of security control frameworks such as those developed by NIST and CIS provide a good structure for maturing a cyber security programme, mapped to preventing common tactics, techniques and procedures .