Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

June 2024

upguard

Third-Party Risk Management Dashboard: How to Design One

Jun 28, 2024 By Nicholas Sollitto In UpGuard
In today's interconnected business landscape, Third-Party Risk Management (TPRM), sometimes called vendor risk management (VRM), is a critical cybersecurity strategy for organizations aiming to safeguard their operations and reputation. With most companies increasing their reliance on external vendors and service providers, managing and mitigating risks associated with these third-party relationships is paramount.
Read Post
upguard

How CPG 235 is Shaping Data Security Standards in Finance

Jun 28, 2024 By Leah Sadoian In UpGuard
In 2013, the Australian Prudential Regulation Authority (APRA) introduced Prudential Practice Guide CPG 235, a comprehensive framework designed to enhance data risk management across the finance sector. This guide provides financial institutions with principles and best practices to safeguard data integrity, confidentiality, and availability. This blog explores CPG 235, its key components, compliance requirements, and how implementing the framework can enhance data security standards at your organization.
Read Post
upguard

Boost Your Cybersecurity with DevSecOps

Jun 28, 2024 By Leah Sadoian In UpGuard
As cyber threats increase in complexity and frequency, traditional security methods often fall short of safeguarding sensitive data and vital systems. DevSecOps offers a groundbreaking approach by incorporating security practices into all stages of the software development lifecycle (SDLC). By uniting development, security, and operations, DevSecOps ensures that security is a collective responsibility, promoting a culture of collaboration and ongoing enhancement.
Read Post

Building a Human-Centric Vulnerability Management Program

Jun 27, 2024 By Nucleus In Nucleus
Steve Carter, CEO and co-founder of Nucleus Security, and Dr. Nikki Robinson, Security Architect at IBM, discuss the importance of the people side of vulnerability management. They explore challenges such as context switching, long mean time to remediation, and the impact of communication on vulnerability management programs. The conversation includes practical advice on incorporating human factors into cybersecurity practices, how to improve communication and collaboration among teams, and why understanding human factors is crucial for effective vulnerability management.
View Video
bitsight

2024 Bitsight Ratings Algorithm Update: Purpose, Observations, and Impact

Jun 27, 2024 By Abdullah Al Rashid, Xiaofei Yang, and Francisco Almeida In BitSight
As our 2024 Rating Algorithm Update (RAU) goes live on July 10, 2024, we wanted to share some research that validates this update and reinforces the importance of the RAU process. As we noted in our announcement blog, after RAU 2024, remediated Patching Cadence findings will impact the Bitsight Rating for 90 days after the last vulnerable observation instead of 300 days.
Read Post
upguard

PIPEDA Compliance Guide

Jun 26, 2024 By Kyle Chin In UpGuard
The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian data privacy law that governs how private sector organizations collect, use, and disclose personal information when conducting commercial activities. By setting strict requirements for private businesses, PIPEDA ensures that individuals and customers have control over how their data is managed.
Read Post
lookout

Top Remote Work Security Risks Every Organization Should Know

Jun 26, 2024 By Lookout In Lookout
Remote work has become the new normal for many organizations worldwide. According to USA Today, approximately 14% of Americans now work from home, and around a third of all people who can work remotely choose to. Hybrid work is also increasing, with 41% of people splitting time between home and the office.
Read Post
veracode

Strategic Risk Management for CISOs: A Holistic and Consolidated Approach

Jun 26, 2024 By Sohail Iqbal In Veracode
As Chief Information Security Officers (CISOs), it's crucial to manage risks in a holistic and consolidated manner as the landscape of threats, particularly those targeting applications, continues to evolve and expand. With the increasing reliance on digital technologies, artificial intelligence (AI), and cloud-based services, the attack surface for potential cyber threats is growing and changing.
Read Post
netwrix

How to Conduct an Identity and Access Management Risk Assessment

Jun 25, 2024 By Tyler Reese In Netwrix
Identity and access management (IAM) plays a crucial role in security by helping to ensure that each user in the organization has access to only the data, systems, and other resources they need to do their job. This article explains the critical functionality of IAM solutions and how an IAM assessment can help you uncover essential risks to security, compliance, and business continuity. Then, it offers IAM best practices and guidance on choosing the right IAM solutions for your organization.
Read Post
riscosity

Riscosity Is Now Available on the AWS Marketplace

Jun 25, 2024 By Charrah Hardamon In Riscosity
Starting today, Riscosity is available on AWS Marketplace, a digital catalog of software listings from independent software vendors that makes finding, testing, buying and deploying software that runs on Amazon Web Services (AWS) simple. This new partnership enables companies using AWS cloud services to easily purchase a Riscosity license directly from the marketplace, streamlining risk management and the deployment of Riscosity into their current security stack.
Read Post
SecurityScorecard

The Role of Supply Chain Cyber Risk in U.S. Healthcare: Inside SecurityScorecard's new report

Jun 25, 2024 By SecurityScorecard In SecurityScorecard
In late February of this year, Change Healthcare experienced a massive ransomware attack. The company, a subsidiary of United Healthcare, is the largest clearinghouse for insurance billing and payments in the U.S, processing 15 billion medical claims each year.
Read Post
kovrr

Materiality Analysis Offers Risk Managers Data-Driven Loss Thresholds

Jun 24, 2024 By Kovrr In Kovrr
‍Determining and disclosing impactful events has been a longstanding practice for organizations operating within the US market. As early as 1933, with the Securities Act, publicly traded businesses were required to disclose “material information” regarding their security environment, allowing shareholders to make more informed investment decisions.
Read Post
upguard

Cyber Security Report Examples (3 Common Styles)

Jun 23, 2024 By Edward Kost In UpGuard
Cyber security reports are an invaluable tool for keeping stakeholders and senior management informed about your cyber security efforts. This post outlines examples of some of the most popular reporting styles, with a particular focus on a field of cybersecurity drawing increasing interest among executive teams - Vendor Risk Management. Each of the cyber security report examples in this list have been pulled from the UpGuard platform.
Read Post
upguard

Implementing CIS Controls in Small and Medium Enterprises

Jun 21, 2024 By Leah Sadoian In UpGuard
Cybersecurity is a critical concern for organizations of all sizes. Implementing robust security measures is a best practice and essential to protect against increasingly sophisticated cyber threats. However, the challenge is often more significant for small and medium enterprises (SMEs) due to limited resources, lack of security expertise, and other common obstacles.
Read Post
bitsight

Evaluating dependence on NVD

Jun 20, 2024 By Ben Edwards In BitSight
As I mentioned at the beginning of this year, I am trying to do a monthly blog post on what might be termed “Major Security Events”. In particular this year, I’ve written about the Ivanti meltdown, Lockbit ransomware, and the xz backdoor. These events usually emerge cacophonously and suddenly into the cybersecurity landscape, and generally get everyone’s attention “real quick”.
Read Post
bitsight

Extend Attack Surface Visibility to AWS, GCP, and Azure with Bitsight

Jun 19, 2024 By Francisco Ferreira In BitSight
Bitsight excels at using externally available data to paint a detailed picture of organizations’ digital footprint, including assets, organizational hierarchy, third-party relationships, and risk posture. But as more IT resources shift to cloud service providers, gaining complete and precise visibility into your external attack surface becomes increasingly complex.
Read Post
outpost 24

Getting started with Continuous Threat Exposure Management (CTEM)

Jun 19, 2024 By Outpost 24 In Outpost 24
AI risk and security management is unsurprisingly Gartner’s number one strategic technology trend for 2024. But you might be less familiar with number two: Continuous Threat Exposure Management (CTEM). Coined by Gartner in 2022, CTEM isn’t just another buzzy acronym – it’s a powerful process that can help continuously manage cyber hygiene and risk across your online environment.
Read Post
kovrr

Helping Smaller Reporting Companies Adhere to 8-K Regulations With CRQ

Jun 18, 2024 By Kovrr In Kovrr
In March 2022, when the not-so-new-anymore SEC cybersecurity regulations were initially drafted, some argued that smaller reporting companies, defined by having a public float of less than $250 million or an annual revenue of less than $100 million, should be exempt, given the "outsized costs" they faced. Others proposed that these smaller organizations should have a longer disclosure deadline, helping to alleviate the chances of non-compliance.
Read Post
riskoptics

What is the Importance of Internal Controls in Corporate Governance Mechanisms?

Jun 17, 2024 By RiskOptics In RiskOptics
At the core of business management are the rules, practices and processes that define how your organization is directed, operated and controlled. This system, known as corporate governance, is aimed at creating more ethical business practices by aligning the interest of your organization’s stakeholders. In today’s business environment, the more ethical-and transparent-your organization is about its corporate governance practices, the more financially viable it will be.
Read Post
bitsight

Latrodectus, are you coming back?

Jun 17, 2024 By João Batista In BitSight
At the end of May 2024, the largest ever operation against botnets, dubbed Operation Endgame, targeted several botnets including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot. This operation significantly impacted the botnets by compromising their operations and shutting down their infrastructure. Although Latrodectus was not mentioned in the operation, it was also affected and its infrastructure went offline.
Read Post
upguard

Ongoing Monitoring for Third-Party Risk Management (Full Guide)

Jun 17, 2024 By Kyle Chin In UpGuard
Ongoing monitoring is a key step in effective Third-Party Risk Management (TPRM) that helps ensure continuous compliance, cybersecurity performance, and risk management of external vendors and service providers. It’s a necessary step that reinforces how vendors are managing their cybersecurity processes to prevent potential data breaches or reputational damage.
Read Post
riskoptics

Risk Control & Risk Management: What's the Difference?

Jun 16, 2024 By RiskOptics In RiskOptics
Risk control and risk management are two essential parts of any organization’s efforts to manage risk. Understanding the difference between the two is critical to identify vulnerabilities, monitor risks, and make informed decisions on managing risk effectively. In this article we’ll explore those distinctions between risk control and risk management, and provide five tactics for mastering organizational risk management.
Read Post
riskoptics

Here's Why Regulatory Compliance is Important

Jun 14, 2024 By RiskOptics In RiskOptics
You don’t have to jump through endless hoops to achieve regulatory compliance. By finding an easy way to comply with the right laws, regulations, and industry standards, regulatory compliance can offer several benefits for companies. Specific compliance requirements vary by industry and country. But in general, implementing regulatory compliance is a mandatory requirement for every sector and every company in countries with a robust business and economic landscape.
Read Post
riscosity

Data Governance: What It Is, It's Importance, and How To Get Started

Jun 14, 2024 By Anirban Banerjee In Riscosity
A recent Gartner survey shared that, “61% of companies said their governance goals included optimizing data for business processes and productivity but only 42% of that group believed they were on track to achieve it.” Data governance is often viewed as a prohibitive, controlling, and time consuming process designed to slow down work. Traditional approaches to data governance can make it a complicated effort, detouring teams from implementing it, but it doesn’t have to be.
Read Post
upguard

A Guide to Complying with the Australian Signals Directorate

Jun 14, 2024 By Leah Sadoian In UpGuard
The Australian Signals Directorate (ASD) is a government agency responsible for providing foreign signals intelligence and ensuring information security for Australia’s national interests. The ASD also significantly enhances the nation’s cybersecurity through strategic advice, standards, and protective measures.
Read Post
upguard

A Guide to New Zealand's Cybersecurity Standards

Jun 14, 2024 By Leah Sadoian In UpGuard
In an age of increasingly complex cyber threats, New Zealand has implemented robust cybersecurity standards to secure the online environment for individuals, businesses, and government entities. New Zealand's cybersecurity approach is unique and effective, from the overarching strategies laid out by national cybersecurity policies to specific regulatory requirements that impact sectors like healthcare and finance.
Read Post
bitsight

A Vendor Risk Assessment Questionnaire Template

Jun 14, 2024 By Brian Thomas In BitSight
Digital relationships with third-party vendors increase opportunities for growth, but they also increase opportunities for cyberattacks — a recent study found that 61% of U.S. companies said they have experienced a data breach caused by one of their vendors or third parties (up 12% since 2016). Implementing a vendor risk management strategy aligned with frameworks like the NIST security framework can help mitigate these risks.
Read Post
obrela

10 tips for Small Business Cyber Security in 2024

Jun 14, 2024 By Obrela In Obrela
As we move further into 2024, the cyber threat landscape continues to evolve, presenting new challenges and opportunities for small businesses. At Obrela, we understand the importance of staying ahead of these threats and securing your digital assets. Here are some cyber security tips for small businesses to help your enterprise to enhance its cybersecurity measures this year and stay ahead of cyber criminals.
Read Post
securitysenses

How Brokers Harness Artificial Intelligence for Market Analysis

Jun 13, 2024 By SecuritySenses In SecuritySenses
The integration of artificial intelligence (AI) in the finance sector has seen a dramatic surge over the past decade. Key technological advancements like increased computing power, improved algorithms, and the availability of big data have paved the way for AI to transform brokerage operations.
Read Post
riskoptics

Threat, Vulnerability, and Risk: What's the Difference?

Jun 13, 2024 By RiskOptics In RiskOptics
Threat, vulnerability, and risk – these words often appear side by side in security discussions. But what exactly do they mean, and how do they differ from one another? This article discusses the relationships among threats, vulnerabilities, and risk. Then we’ll explore various methods for calculating and managing these issues, and provide insights into securing against potential security threats.
Read Post
SecurityScorecard

Cost, convenience, and compliance: The value for insurers of the Forrester Total Economic Impact Study

Jun 13, 2024 By SecurityScorecard In SecurityScorecard
The growing sophistication of threat actors, supply chain disruptions, and the potential for systemic and catastrophic losses make for a precarious landscape for insurers and those seeking insurance. To help customers reduce risk at scale, insurers and brokers must adopt technology in order to visualize vulnerabilities while also forecasting, quantifying, and monitoring risks.
Read Post
upguard

Building a Robust Vendor Risk Management Dashboard

Jun 12, 2024 By Nicholas Sollitto In UpGuard
In today’s interconnected business landscape, outsourcing to third-party vendors and service providers is an effective method for most organizations to improve operational efficiency and lower financial costs. However, as businesses form third-party partnerships, they inherit potential risks and increase the complexity of their third-party ecosystem, as any one vendor can become an attack vector that cybercriminals exploit to pursue a data breach.
Read Post
cultureai

Stop your employees from sharing credentials

Jun 12, 2024 By Lexie Taylor-East In CultureAI
Need help with a task while you’re out of the office? Sharing your login details with a colleague can seem harmless. However, this seemingly innocent act can lead to unintended consequences, especially if you’re using the same credentials across multiple platforms. Imagine the implications if those shared credentials grant access to your company's network. That's why it's crucial to prioritise security over convenience, and prevent password sharing.
Read Post
SecurityScorecard

SecurityScorecard Reduced External Third-Party Breaches by 75%

Jun 11, 2024 By SecurityScorecard In SecurityScorecard
The interconnected nature of our digital economy requires a shift in how companies think about their cyber risk. Companies need to consider the broader system and how to build mutual support with their entire cyber ecosystem– customers, partners, and vendors. Yet, today, most companies still rely on manual vendor onboarding, monitoring, and point-in-time external security reports to manage supply chain cyber risk – even top Fortune 500 companies.
Read Post
tigera

How to Address Kubernetes Risks and Vulnerabilities Head-on

Jun 11, 2024 By Dhiraj Sehgal In Tigera
Misconfigurations and container image vulnerabilities are major causes of Kubernetes threats and risks. According to Gartner, more than 90% of global organizations will be running containerized applications in production by 2027. This is a significant increase from fewer than 40% in 2021. As container adoption soars, Kubernetes remains the dominant container orchestration platform.
Read Post
kovrr

How PE Firm CFOs Can More Economically Manage Cyber Risks

Jun 10, 2024 By Kovrr In Kovrr
‍ ‍ ‍Private equity (PE) firms are becoming increasingly attractive targets for cybercriminals. Malicious actors are keen to capitalize on the ecosystem's access to an incredibly extensive and diverse array of sensitive data, particularly susceptible during and after M&As, as well as the notoriously low cybersecurity measures in place among the smaller businesses that some PE firms chose to hold.
Read Post
bluevoyant

Remediation Over Ratings - Achieving Third-Party Cyber Risk Reduction

Jun 10, 2024 By George Aquila In BlueVoyant
The most effective Third-Party Cyber Risk Management programs prioritize risk remediation as highly as risk identification. While Security Ratings Service (SRS) have long focused on risk identification, the burden of curation and remediation has traditionally fallen on the customer. Let's look at how best-in-class security programs achieve measurable cyber risk reduction through effective guided remediation.
Read Post
nucleus

Vulnerability Management Trends & SLAs: Risky Biz Podcast Episode

Jun 7, 2024 By Kevin Swartz In Nucleus
Nucleus Security co-founder and COO, Scott Kuffer, joined the Risky Biz News Podcast with host Catalin Cimpanu, for a discussion around trends Nucleus is observing when it comes to vulnerability management and how service level agreements (SLAs) have become a sign of an organization’s security health. In the podcast, Scott and Catalin discuss major trends of high performing vulnerability management programs for organizations using Nucleus’ platform, including.
Read Post
bitsight

Navigating NIS2 Requirements: Transforming Supply Chain Security

Jun 6, 2024 By Tim Grieveson In BitSight
Talking to fellow CISO’s around the globe - and in particular Europe - the topic of cybersecurity regulations and compliance has taken on a new life. Most recently, the Network and Information Security (NIS 2) Directive is the latest regulation shaking up the region. NIS2 is much more than an update though—it's transforming the cybersecurity landscape of the EU.
Read Post
upguard

Securing Vendor Risk Management Onboarding in 2024

Jun 6, 2024 By Edward Kost In UpGuard
Onboarding is perhaps the most precarious phase of the Vendor Risk Management process. A single oversight could expose your organization to dangerous third-party security risks, increasing your chances of suffering a data breach. This post explains how to bolster the most vulnerable access points of the vendor onboarding process to help you securely scale your VRM program.
Read Post
upguard

A Guide to Vendor Risk Management Reporting in 2024

Jun 6, 2024 By Edward Kost In UpGuard
Vendor Risk Management encompasses a wide range of cybersecurity risk factors. As such, a VRM report design could range from highly detailed to concise, depending on the specific reporting requirements of stakeholders and the board. This list represents the most comprehensive scope of third-party risk management information to fit the broadest range of VRM reporting use cases.
Read Post
Featured Post
cultureai

Generative AI: Productivity Dream or Security Nightmare

Jun 5, 2024 By Frederick Coulton, Head of Product In CultureAI
The field of AI has been around for decades, but its current surge is rewriting the rules at an accelerated rate. Fuelled by increased computational power and data availability, this AI boom brings with it opportunities and challenges. AI tools fuel innovation and growth by enabling businesses to analyse data, improve customer experiences, automate processes, and innovate products - at speed. Yet, as AI becomes more commonplace, concerns about misinformation and misuse arise. With businesses relying more on AI, the risk of unintentional data leaks by employees also goes up.
Read Post
bitsight

7 Types of exposures to manage beyond CVEs

Jun 5, 2024 By Vanessa Jankowski In BitSight
As cybersecurity leaders try to get ahead of threats to their organization, they're increasingly seeking ways to get off the hamster wheel of chasing countless CVEs (common vulnerabilities and exposures). The brass ring that most CISOs reach for today is prioritization of exposures in their infrastructure (and beyond), so their teams can focus on tackling the ones that present the greatest risk. In some cases, the highest priority exposures will still be critical CVEs on mission critical assets.
Read Post
upguard

Ultimate Guide to Vendor Risk Scoring

Jun 5, 2024 By Kyle Chin In UpGuard
Vendor risk scoring is a critical component within vendor risk management (VRM) or third-party risk management (TPRM) programs and an organization’s overall risk management strategy. Risk scoring is an integral tool in the risk assessment process, helping organizations identify, evaluate, and mitigate potential risks associated with third-party vendors or service providers.
Read Post
upguard

UpGuard Summit May 2024 Recap: Automated TPRM

Jun 5, 2024 By Nicholas Sollitto In UpGuard
The second UpGuard Summit of 2024 kicked off at the end of May, welcoming security professionals from APAC, EMEA, India, and the U.S. to discuss key developments and strategies across the cybersecurity industry. This quarter’s event focused on third-party risk management (TPRM), specifically how security teams can use automation to eliminate manual work and streamline critical TPRM workflows and processes.
Read Post
nucleus

Vulnerability Management Modernization & FedRAMP: Resilient Cyber Podcast

Jun 5, 2024 By Kevin Swartz In Nucleus
Ever wonder how Nucleus got started? Curious to know what our CEO and co-founder Steve Carter is working on? You’re in luck. Steve joined host Chris Hughes on the Cyber Resilience podcast to talk about those topics and more. Additionally, Steve and Chris explored the process for earning FedRAMP authorization, some of the particular vulnerability management challenges government agencies are dealing with, and why risk-based vulnerability management resonates with the government community.
Read Post
cultureai

Deepfakes: The Next Frontier in Digital Deception?

Jun 5, 2024 By John Scott In CultureAI
Machine learning (ML) and AI tools raise concerns over mis- and disinformation. These technologies can ‘hallucinate’ or create text and images that seem convincing but may be completely detached from reality. This may cause people to unknowingly share misinformation about events that never occurred, fundamentally altering the landscape of online trust. Worse – these systems can be weaponised by cyber criminals and other bad actors to share disinformation, using deepfakes to deceive.
Read Post
foresiet

Enterprise Risk Management Failures: Insights from the Cencora Breach

Jun 4, 2024 By Foresiet In Foresiet
In a significant cybersecurity incident, Cencora, a leading pharmaceutical services provider, experienced a data breach in February 2024, exposing sensitive patient information from 11 major pharmaceutical companies. This breach underscores the critical importance of robust enterprise risk management, vulnerability management, and endpoint security in protecting sensitive data and managing online reputation.
Read Post
bitsight

Race to KEV Remediation: Who Tops the Charts in Europe?

Jun 4, 2024 By Sabrina Pagnotta | Research by Ben Edwards In BitSight
In our global study of the CISA KEV Catalog, we uncovered widespread vulnerabilities and the swift pace at which threats evolve. As we dissect the layers of data from the report, it becomes evident that each country's unique approach to cybersecurity regulation, vulnerability management, and remediation presents distinct challenges and opportunities.
Read Post
elastic

Strengthening compliance and risk management with Elastic Observability: A case for India's banking sector

Jun 3, 2024 By Ravi Ramnani In Elastic
In navigating the complex landscape of regulatory compliance and risk management, India's banking sector faces unique challenges, particularly in meeting directives outlined by the Reserve Bank of India (RBI) and the Indian Computer Emergency Response Team (CERT-In). As organizations strive to adhere to these stringent requirements, Elastic Observability emerges as a powerful ally, offering advanced log analytics capabilities tailored to address regulatory mandates and mitigate operational risks.
Read Post
Arctic Wolf

Human Risk Management and Security Awareness Training

Jun 3, 2024 By Arctic Wolf In Arctic Wolf
A notable statistic has appeared in the cybersecurity research landscape: Phishing and pre-texting accounted for 73% of breaches in 2023. That’s according to the 2024 Verizon Data Breach Investigations Report, and the alarming use of humans as a vector for initial access is mirrored elsewhere.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.