August 2024

Software supply chain risk assessment: 8 steps to a secure SDLC

Aug 30, 2024 By Eyal Katz In Spectral

Like any chain, a software supply chain contains many links. These links consist of every actor involved in the development & deployment of your code in the Software Development Life Cycle (SDLC). An actor can be the developers, infrastructure components, and even repositories like GitHub. A company might have a very secure supply chain. However, it will only be as strong as its weakest link.

Read Post

Spectral

Read more about Software supply chain risk assessment: 8 steps to a secure SDLC

The Downloadable Risk Assessment Template for Cybersecurity [XLS]

Aug 30, 2024 By Ran Arad In Memcyco

Every day, new headlines emerge about another major corporation falling victim to a cyberattack, leaving businesses everywhere questioning their vulnerabilities. These breaches underscore the critical need for thorough risk assessments to identify and mitigate potential weaknesses. Proactively managing risks enables organizations to better defend against the relentless wave of cyber threats.

Read Post

Memcyco

Read more about The Downloadable Risk Assessment Template for Cybersecurity [XLS]

The New & Improved Splunk Guide to Risk-Based Alerting

Aug 29, 2024 By Haylee Mills In Splunk

Howdy folks, it’s your friendly neighborhood transformational detection engineering evangelist Haylee Mills here. Maybe you’ve already been introduced to risk-based alerting, or maybe you’ve seen one of my many talks on the subject: Even if you haven’t, I’m super excited to share a brand new version of my step-by-step guide to success with the risk-based alerting framework!

Read Post

Splunk

Read more about The New & Improved Splunk Guide to Risk-Based Alerting

Predictive Vulnerability Management: Operationalizing EPSS with Business Context

Aug 29, 2024 By Nucleus In Nucleus

Join us for an in-depth webinar on the Exploit Prediction Scoring System (EPSS), a powerful tool for predicting the exploitability of vulnerabilities. This discussion features experts Jay Jacobs from Cyentia and Stephen Schafferr from Peloton Interactive. They explore the intricacies of EPSS, its application, and the benefits of using EPSS over traditional methods like CVSS for better vulnerability management. Key topics include operationalizing EPSS, leveraging threat intelligence, and creating effective prioritization strategies. .

View Video

Nucleus

Read more about Predictive Vulnerability Management: Operationalizing EPSS with Business Context

Identity Governance: Balancing Cost Reduction with Effective Risk Management

Aug 29, 2024 By Xalient In Xalient

In today’s business environment, cost reduction is a top priority for many organizations. Companies are increasingly adopting technologies that automate tasks and enhance efficiencies to achieve cost savings. However, minimizing risk should also be a key objective for every business.

Read Post

Xalient

Read more about Identity Governance: Balancing Cost Reduction with Effective Risk Management

Beyond Patches and CVEs: The New Dynamics of Enterprise Technology and Vulnerability Management

Aug 29, 2024 By Corey Tomlinson In Nucleus

The enterprise technology landscape has changed significantly, driven by the rapid adoption of cloud technologies, evolving IT infrastructures, and evolving exploitation activities. This transformation requires that organizations take an updated approach to vulnerability management—one that goes beyond the traditional focus on patch management to encompass a broader spectrum of risks.

Read Post

Nucleus

Read more about Beyond Patches and CVEs: The New Dynamics of Enterprise Technology and Vulnerability Management

Reimagining Supply Chain Cybersecurity

Aug 28, 2024 By SecurityScorecard In SecurityScorecard

From ransomware attacks to data breaches, the threats lurking within supply chains are more pervasive than you might realize. Many security teams aren’t aware of the various supply chain cyber risks lurking within their network, most of which are difficult to detect, manage, and mitigate. Let’s explore how to achieve a more secure and resilient supply chain.

Read Post

SecurityScorecard

Read more about Reimagining Supply Chain Cybersecurity

7777 Botnet - Insights into a Multi-Target Botnet

Aug 27, 2024 By João Batista and Gi7w0rm In BitSight

Over the last month there have been some updates about the mysterious 7777 botnet—which was first mentioned in this post in October 2023. Until now, it was known that the botnet was made up of TP-LINK routers and that it was being used to execute very low volume and controlled brute force attacks on Microsoft 365 services targeting corporate accounts. In our continuous efforts to have all sorts of malware families under our radar, the 7777 botnet is no exception.

Read Post

BitSight

Read more about 7777 Botnet - Insights into a Multi-Target Botnet

Building a Resilient Supply Chain in the Face of Cyber Threats

Aug 27, 2024 By SecurityScorecard In SecurityScorecard

Supply chain resilience has never been more critical. Recent cyber outages have underscored a harsh reality—supply chains are vulnerable, and disruptions can have far-reaching impacts. But what does it mean to be supply chain resilient, especially in the context of cyber threats? In this post, we will explore lessons learned from recent cyber outages, offering actionable insights for enhancing supply chain resilience.

Read Post

SecurityScorecard

Read more about Building a Resilient Supply Chain in the Face of Cyber Threats

Defend Against Infostealer Malware

Aug 25, 2024 By UpGuard In UpGuard

Join Jess Aiken, Growth Executive at UpGuard, who will be discussing the impacts of Infostealer malware and how organizations can best defend themselves.

View Video

UpGuard

Read more about Defend Against Infostealer Malware

Managing Cloud Security and Third Party Risk Management

Aug 25, 2024 By UpGuard In UpGuard

Join Jeff Farinich, CISO & SVP Technology at New American Funding, who will be presenting a keynote focusing on navigating cloud security and third-party risk management.

View Video

UpGuard

Read more about Managing Cloud Security and Third Party Risk Management

Mitigate Procurement Risk

Aug 25, 2024 By UpGuard In UpGuard

Join Letecia Allen, Senior Product Marketing Manager at UpGuard, who along with two of our customers will share some insights on how UpGuard can help mitigate procurement risk in your organization.

View Video

UpGuard

Read more about Mitigate Procurement Risk

Product Spotlight Q3 2024

Aug 25, 2024 By UpGuard In UpGuard

Join Toby Roger, our Director of Product Marketing at UpGuard, who will share what's new at UpGuard and what we have in store over the coming months.

View Video

UpGuard

Read more about Product Spotlight Q3 2024

Managing Your Human Risk

Aug 25, 2024 By UpGuard In UpGuard

Join Michael Tan, Senior Product Marketing Manager, and Joe Nalewabau, Senior Product Manager as they address how UpGuard is tackling the challenge of human risk.

View Video

UpGuard

Read more about Managing Your Human Risk

Top 10 Cyber Risk Assessment Tools

Aug 23, 2024 By Arthur Zavalkovsky In Memcyco

Estimating the potential impact of a successful cyber attack may seem impossible, especially given the rapid expansion of organizations’ digital footprint (and, consequently, their attack surface). One example are attacks which pertain to the contact points between businesses and clients, such as websites and mobile apps. In particular, these assets can be cloned and used for phishing attacks.

Read Post

Memcyco

Read more about Top 10 Cyber Risk Assessment Tools

From NIS to NIS2: What Your Organization Needs to Know

Aug 23, 2024 By Leah Sadoian In UpGuard

The first Network and Information Systems (NIS) Directive, introduced in 2016, was a key regulation that enhanced the EU’s cybersecurity posture, laying the foundation for protecting critical infrastructure and essential services from cyber threats. However, as cyber threats have evolved, so too must the regulations that protect against them. Enter NIS2—an updated and more comprehensive directive designed to address the gaps and limitations of its predecessor.

Read Post

UpGuard

Read more about From NIS to NIS2: What Your Organization Needs to Know

NIS 2 Cybersecurity Risk Management Measures Explained

Aug 23, 2024 By Kirk Jensen In WatchGuard

The Network and Information Systems Directive 2 (NIS 2) is a cornerstone of European cybersecurity regulation, imposing stringent requirements on critical infrastructure sectors. To ensure their resilience, NIS 2 mandates specific cybersecurity risk management measures. Let's break down these ten essential measures and understand their implications.

Read Post

WatchGuard

Read more about NIS 2 Cybersecurity Risk Management Measures Explained

How to Prepare for a Cyber Essentials Plus Audit

Aug 23, 2024 By Leah Sadoian In UpGuard

Cyber Essentials is a UK government-supported certification scheme that helps organizations protect themselves against cyber threats by providing a framework of basic security controls for safeguarding systems. Cyber Essentials Plus builds on this foundation by requiring a more in-depth, hands-on assessment by an independent auditor. This audit not only verifies that essential cybersecurity controls are in place but also ensures they are functioning effectively in practice.

Read Post

UpGuard

Read more about How to Prepare for a Cyber Essentials Plus Audit

Insider Risk Management: Addressing the Human Side of Risk

Aug 22, 2024 By Veriato Team In Veriato

Recognizing the indicators of insider risk before they turn into threats requires a paradigm shift in the way we operate. It necessitates moving from a reactive mode of operation to proactive. And it requires data that is continuously captured and analyzed to enable security teams to easily see patterns and anomalies and gauge the level of risk of specific behaviors.

Read Post

Veriato

Read more about Insider Risk Management: Addressing the Human Side of Risk

Don't Pass on Combining iPaaS with a DFPM Platform

Aug 22, 2024 By Anirban Banerjee In Riscosity

Businesses are under an ever-increasing pressure to maintain exceptional experiences for their customers, making seamless connectivity across tools a must. This is true for industries like financial services that need to provide enhanced digital payments, or for healthcare organizations that need to share critical data across systems quickly. The need for connected infrastructures has become the norm.

Read Post

Riscosity

Read more about Don't Pass on Combining iPaaS with a DFPM Platform

Bitsight GIA: AI-Powered Asset Mapping and Attribution

Aug 22, 2024 By Francisco Ferreira In BitSight

Last month, my colleague Arzu Ozbek Akay shared some insights about the impact that Bitsight Groma, our next-generation scanner, is already having on our products. Today, I’m going to follow that up with an update on the momentum we’re seeing with the second core component of our data engine: Bitsight Graph of Internet Assets (GIA). As a quick refresher, GIA uses advanced graph technology and AI models to map assets to specific organizations and build Ratings Trees at a global scale.

Read Post

BitSight

Read more about Bitsight GIA: AI-Powered Asset Mapping and Attribution

Splunk Asset and Risk Intelligence

Aug 22, 2024 By Splunk In Splunk

Gain continuous asset discovery and compliance monitoring to accelerate investigations and minimize risk exposure.

View Video

Splunk

Read more about Splunk Asset and Risk Intelligence

Healthcare Data Destruction for Protecting Patient Privacy

Aug 22, 2024 By SecuritySenses In SecuritySenses

The healthcare industry handles an immense volume of sensitive patient data, making it a prime target for cybercriminals. Maintaining patient trust and adhering to strict standards depend heavily on the security of this information.

Read Post

SecuritySenses

Read more about Healthcare Data Destruction for Protecting Patient Privacy

Five Key Findings from the Inaugural EPSS Report

Aug 21, 2024 By Corey Tomlinson In Nucleus

Last month, Cyentia and First.org published the inaugural Exploit Prediction Scoring System (EPSS) performance report. The report goes beyond just assessing the EPSS predictive scoring model. It looks at historical vulnerability data and published CVEs, as well as provides comparisons to the other popular scoring models: CVSS and CISA-KEV.

Read Post

Nucleus

Read more about Five Key Findings from the Inaugural EPSS Report

Navigating Japan METI's Upcoming Cybersecurity Rating System: Strategies for Businesses to Enhance Cyber Defense

Aug 21, 2024 By Terence Cheong In BitSight

On April 9, 2024, Japan's Ministry of Economy, Trade and Industry (METI) announced its intention to implement a cybersecurity rating system for companies by fiscal year 2025.

Read Post

BitSight

Read more about Navigating Japan METI's Upcoming Cybersecurity Rating System: Strategies for Businesses to Enhance Cyber Defense

Top cyber security threats to look out for

Aug 21, 2024 By Obrela In Obrela

Increasingly sophisticated cyber security threats present significant challenges for businesses and individuals alike. And with increasing dependency on technology and digital platforms, understanding the various types of cyber security attacks and how they can impact an organization is crucial to maintain a secure business environment. From phishing scams to ransomware attacks, cyber security attacks are constantly evolving, becoming more targeted and difficult to detect.

Read Post

Obrela

Read more about Top cyber security threats to look out for

Dcode Capital Makes Investment in Nucleus Security to Solve Critical Cybersecurity Challenges for Federal Organizations

Aug 20, 2024 By Nucleus In Nucleus

Unified vulnerability management streamlines vulnerability analysis, triage, and remediation.

Read Post

Nucleus

Read more about Dcode Capital Makes Investment in Nucleus Security to Solve Critical Cybersecurity Challenges for Federal Organizations

Challenges in Automating and Scaling Remote Vulnerability Detection

Aug 20, 2024 By Kolby O'Malley-Dertien In BitSight

When a new major CVE gets released, cybersecurity companies race to discover ways of detecting the new vulnerability and organizations scramble to determine if they are impacted or not. Developing high-confidence techniques to scan the public-facing Internet assets for newly published vulnerabilities can potentially take weeks or even months as vulnerability researchers discover and test various detection methods.

Read Post

BitSight

Read more about Challenges in Automating and Scaling Remote Vulnerability Detection

The Role of ISO 27001 in Enhancing Information Security

Aug 20, 2024 By SecuritySenses In SecuritySenses

In today's digital age, information security is paramount for organizations of all sizes and industries. Protecting sensitive data from cyber threats, unauthorized access, and other vulnerabilities is a critical concern. One of the most effective frameworks for achieving robust information security is ISO 27001. This international standard provides a comprehensive approach to managing and safeguarding information assets. This article delves into the role of ISO 27001 in enhancing information security, exploring its key principles, benefits, and implementation strategies.

Read Post

SecuritySenses

Read more about The Role of ISO 27001 in Enhancing Information Security

Insights From The SOC

Aug 16, 2024 By Theofanis Dimakis In Obrela

A review of AI-generated malware, and how a SOC might deal with the ever-increasing threat… Theofanis Dimakis, SOC Officer, and Nikolaos Tsompanidis, Threat Detection & Response Expert at Obrela, speaking during the recent CRESTCon Europe event, shared insights from their perspective into detecting malware, including the rising tide of AI variants.

Read Post

Obrela

Read more about Insights From The SOC

What is HIPAA and How to Become Compliant

Aug 16, 2024 By Charrah Hardamon In Riscosity

HIPAA stands for Health Insurance Portability and Accountability Act. HIPAA is a U.S. law that was enacted in 1996 to protect sensitive patient health information from being disclosed without the patient's consent or knowledge and is enforced by the Department of Health and Human Services (HHS). The purpose of HIPAA is to protect the privacy of patients’ medical information and secure the handling of health information in the age of electronic health records.

Read Post

Riscosity

Read more about What is HIPAA and How to Become Compliant

Generative AI: Workplace Innovation or Security Nightmare

Aug 16, 2024 By Frederick Coulton In CultureAI

The field of AI has been around for decades, but its current surge is rewriting the rules at an accelerated rate. Fuelled by increased computational power and data availability, this AI boom brings with it both opportunities and challenges. AI tools fuel innovation and growth by enabling businesses to analyse data, improve customer experiences, automate processes, and innovate products – at speed. However, as AI becomes more and more commonplace, concerns about misinformation and misuse arise.

Read Post

CultureAI

Read more about Generative AI: Workplace Innovation or Security Nightmare

Supply Chain Visibility: The Key to NIS2 Coordinated Risk Assessments

Aug 15, 2024 By Francisco Fonseca In BitSight

The path to NIS2 compliance is less about ticking boxes and more about fostering a resilient, proactive cybersecurity culture across the organisation and its extended network. While the challenges pertaining to third-party and supply chain risk management are significant, they are not insurmountable—especially if we break them down. Today we will focus on understanding a very specific NIS2 requirement: Coordinated Risk Assessments.

Read Post

BitSight

Read more about Supply Chain Visibility: The Key to NIS2 Coordinated Risk Assessments

Black Hat 2024 In Review - The Power of Unity

Aug 15, 2024 By Tamir Hardof In Nucleus

Black Hat 2024 has come and gone. The Nucleus team attending the show has (mostly) caught up on their sleep, which can mean one thing – a look back at the conference and our impressions of the event.

Read Post

Nucleus

Read more about Black Hat 2024 In Review - The Power of Unity

PSPF 001-2024: Safeguarding GovTech from Foreign Influence

Aug 14, 2024 By Leah Sadoian In UpGuard

In 2024, the Australian government introduced PSPF Direction 001-2024 in recognition of the potential threats posed by Foreign Ownership, Control, or Influence (FOCI) on technology assets and GovTech (government technology operations). As part of the Protective Security Policy Framework (PSPF), PSPF 001-2024 is a crucial step in evaluating and mitigating cyber risks associated with foreign interference in the procurement and maintenance of technology assets.

Read Post

UpGuard

Read more about PSPF 001-2024: Safeguarding GovTech from Foreign Influence

Continuous Accountability: Leveraging Contracts to Secure your Supply Chain

Aug 14, 2024 By SecurityScorecard In SecurityScorecard

A critical problem for security and legal professionals who manage supply chain risk is that cybersecurity risks are dynamic and always shifting. You have done your due diligence and selected a vendor with strong cybersecurity controls – but how can you guarantee that your vendor maintains this type of security hygiene and doesn’t become a target and a “weak link” in your supply chain?

Read Post

SecurityScorecard

Read more about Continuous Accountability: Leveraging Contracts to Secure your Supply Chain

SecurityScorecard is now part of AWS OMNIA

Aug 14, 2024 By SecurityScorecard In SecurityScorecard

SecurityScorecard is excited to announce that we are now an AWS OMNIA partner. This unlocks a critical opportunity for the 90,000 buying organizations that make up the OMNIA partner network to reduce and manage Supply Chain Cyber Risks. The third party attack surface is a fast growing risk vector and SecurityScorecard offers an industry leading solution to help organizations combat these threats.

Read Post

SecurityScorecard

Read more about SecurityScorecard is now part of AWS OMNIA

We Made It! Nucleus Placed 267 on Inc. 5000 Fastest Growing Companies

Aug 14, 2024 By Steve Carter In Nucleus

This week, Nucleus can add another accolade to a growing list, being listed as number 267 on Inc. Magazine’s list of the 5000 fastest-growing companies in America. We are proud of the growth we’ve achieved as a company and the potential for the future at Nucleus. Looking more closely at the results, we are the fourth fastest-growing security company on the list. As many people know, the cybersecurity and technology market has been tumultuous recently.

Read Post

Nucleus

Read more about We Made It! Nucleus Placed 267 on Inc. 5000 Fastest Growing Companies

How highly effective CISOs lean forward with proactive risk management

Aug 13, 2024 By Matt Stamper In Sysdig

No executive wants to be blindsided by risks that should have been reasonably anticipated, especially the CEO, CFO, and board members. In the CISO Desk Reference Guide, Gary Hayslip, Bill Bonney, and I wrote extensively about how CISOs play a critical role in contextualizing digital and cyber risks to the organization’s broader enterprise risk management practices.

Read Post

Sysdig

Read more about How highly effective CISOs lean forward with proactive risk management

Insider Risk Management Strategies to Protect Sensitive Data

Aug 12, 2024 By Lookout In Lookout

Cybersecurity methods are usually focused on protecting an organization from external risk factors, but insider attacks can be just as dangerous and costly as those that originate outside an organization. In fact, insider threats pose serious security risks because they typically involve individuals with authorized access to the organization’s systems, data, or networks.

Read Post

Lookout

Read more about Insider Risk Management Strategies to Protect Sensitive Data

The Importance of Due Diligence in Corporate Governance

Aug 9, 2024 By SecuritySenses In SecuritySenses

Due diligence is a critical component of corporate governance, serving as a cornerstone for effective decision-making. It helps organizations mitigate risks and ensure compliance with legal and regulatory standards. Understanding the importance of due diligence can significantly enhance corporate governance practices.

Read Post

SecuritySenses

Read more about The Importance of Due Diligence in Corporate Governance

Streamline Vendor Risk Management with the New Riscosity and ServiceNow Integration

Aug 8, 2024 By Charrah Hardamon In Riscosity

Today, we’re excited to announce the launch of our integration with the ServiceNow Vendor Response Management (VRM) offering. Riscosity’s integration with ServiceNow empowers security teams with the insights and tools needed to achieve their security goals while still using their existing workflows in ServiceNow VRM.

Read Post

Riscosity

Read more about Streamline Vendor Risk Management with the New Riscosity and ServiceNow Integration

SecurityScorecard and ServiceNow Expand Partnership with New Capabilities for TPRM and Security Incident Response (SIR)

Aug 8, 2024 By SecurityScorecard In SecurityScorecard

ServiceNow and SecurityScorecard have been longtime strategic partners, helping mutual customers measure and manage cyber risk. Today we’re highlighting the next phase of our partnership and innovation to help customers tackle the complex challenges associated with managing cyber risk in the third party ecosystem. Organizations struggle with prioritization, resource constraints, and the need to act quickly when responding to threats.

Read Post

SecurityScorecard

Read more about SecurityScorecard and ServiceNow Expand Partnership with New Capabilities for TPRM and Security Incident Response (SIR)

GDPR's Influence on Indian Data Protection Practices

Aug 7, 2024 By Leah Sadoian In UpGuard

The General Data Protection Regulation (GDPR), introduced by the European Union in 2018, has not only set a new benchmark for data privacy but has also significantly impacted global data protection frameworks. Its comprehensive and stringent requirements have prompted countries worldwide, such as India, to reevaluate and enhance their data protection laws. In recent years, India has been actively working on enhancing its data protection regulations, drawing considerable influence from the GDPR.

Read Post

UpGuard

Read more about GDPR's Influence on Indian Data Protection Practices

The Risks of Parked Domains

Aug 7, 2024 By Chris Poulin In BitSight

Organizations register domains for many reasons, the obvious one being to use as their primary online presence. In many cases organizations also register domains that they might not use but want to prevent others from using.

Read Post

BitSight

Read more about The Risks of Parked Domains

Asset and Inventory Management - The Foundation of the Vulnerability Management Lifecycle

Aug 7, 2024 By Corey Tomlinson In Nucleus

Organizations face a myriad of cybersecurity threats that can compromise sensitive data and disrupt operations. A cornerstone of defending against these threats is an effective vulnerability management program. This program’s first, and arguably most critical, step is strong asset and inventory management. A thorough and accurate asset inventory is essential for identifying and mitigating vulnerabilities.

Read Post

Nucleus

Read more about Asset and Inventory Management - The Foundation of the Vulnerability Management Lifecycle

Introducing Books

Aug 7, 2024 By Charrah Hardamon In Riscosity

The months leading up to audits can be some of the most stressful for security and privacy teams. Some audits can take up to 9 months to prepare for and another 3 months to complete, with security and privacy teams spearheading the evidence collection. Collecting evidence used to be a walk in the park, but that was before multi-cloud environments, new standards, and emerging regional privacy requirements.

Read Post

Riscosity

Read more about Introducing Books

Effective Board Communication: Lessons from CrowdStrike for CISOs

Aug 6, 2024 By Nicholas Sollitto In UpGuard

The 2024 CrowdStrike Incident blue-screened Microsoft computers worldwide, causing significant disruptions to high-profile industries such as transportation, healthcare, and financial services. Now that the world has largely recovered, the most forward-minded chief information security officers (CISOs) are focusing on using the incident as an opportunity for continuous improvement. How can they prevent similar incidents from having such a disastrous impact on their organization in the future?

Read Post

UpGuard

Read more about Effective Board Communication: Lessons from CrowdStrike for CISOs

Avoiding the Breach: Lessons for CISOs From the CrowdStrike Case

Aug 6, 2024 By Nicholas Sollitto In UpGuard

The 2024 CrowdStrike incident caused blue screens of death (BSOD) on Microsoft Windows devices worldwide, severely disrupting operations across essential industry sectors.

Read Post

UpGuard

Read more about Avoiding the Breach: Lessons for CISOs From the CrowdStrike Case

A brief introduction to Industrial Control Systems and Security

Aug 6, 2024 By Brandon Smith In BitSight

You may not know it, but much of your daily life depends on Industrial Control Systems(ICSs). From the power you're using right now to the water you drink, it all depends on Programmable Logic Controllers (PLCs) and other ICS tech to be delivered. In fact, nearly any time something in the physical world needs to be automated, there will be an ICS involved.

Read Post

BitSight

Read more about A brief introduction to Industrial Control Systems and Security

The Optimal Cyber Risk Management Tools to Streamline DORA Compliance

Aug 5, 2024 By Kovrr In Kovrr

‍Over the past few decades, money has steadily transformed from a material entity to a digital one. Worldwide, people rely on the cyber realm to pay their bills, shop for food, and perform many other everyday activities. Corporations, too, particularly following the 2020 pandemic, are largely dependent on cloud-based operations, utilizing various management platforms and storing massive amounts of data online.

Read Post

Kovrr

Read more about The Optimal Cyber Risk Management Tools to Streamline DORA Compliance

Up Level Your Amazon Security Lake with Attack Surface Intelligence

Aug 5, 2024 By SecurityScorecard In SecurityScorecard

As global network infrastructure expands to include devices without traditional compute power, every organization’s attack surface becomes increasingly complex. Parallel to the increased complexity in the threat landscape is the increased scale and complexity of the signals and data necessary to produce meaningful cybersecurity insights. At its core, cybersecurity is a big data problem, requiring centralization of disparate data sources in uniform structure to enable continuous analytics.

Read Post

SecurityScorecard

Read more about Up Level Your Amazon Security Lake with Attack Surface Intelligence

SecurityScorecard and AWS Help Make Secure Software Procurement Faster and Easier

Aug 5, 2024 By SecurityScorecard In SecurityScorecard

Organizations increasingly rely on third parties for business operations, and as a result are working with more digital suppliers than ever. According to Gartner, 60% of organizations work with more than 1,000 third parties and this number will grow. High-profile vulnerabilities such as Log4Shell are a constant reminder of the risks posed by a breakdown in the software supply chain. This has spurred enterprises to increase the rigor of software risk assessments to ensure supply chain security.

Read Post

SecurityScorecard

Read more about SecurityScorecard and AWS Help Make Secure Software Procurement Faster and Easier

NCIIPC Explained: Safeguarding India's Critical Infrastructure

Aug 2, 2024 By Leah Sadoian In UpGuard

Safeguarding critical infrastructure is crucial for national security and economic stability in the digital age. The National Critical Information Infrastructure Protection Centre (NCIIPC) plays a key role in protecting India's vital assets and critical infrastructure. Tasked with the monumental duty of protecting the nation's most vital assets—such as power grids and financial systems—the NCIIPC stands as a stronghold against the constantly evolving landscape of cyber threats.

Read Post

UpGuard

Read more about NCIIPC Explained: Safeguarding India's Critical Infrastructure

How to best protect your cloud operations

Aug 1, 2024 By Muhammed Mayet In Obrela

Modern organisations today are increasingly adopting cloud operations to enhance their agility, scalability, and efficiency. By moving to cloud-based platforms, businesses can leverage powerful computing resources without the need to invest heavily in physical infrastructure. This shift not only reduces capital expenditure but also allows organisations to quickly scale operations in response to demand fluctuations.

Read Post

Obrela

Read more about How to best protect your cloud operations

Introducing new Snyk AppRisk integrations: Enhancing application risk management with development context

Aug 1, 2024 By Daniel Berman In Snyk

In the fast-paced world of modern software development, grasping the full scope of an application is essential for managing an application security program. This entails having visibility into all the application assets involved in building the app, knowing their ownership, and understanding their importance to the development process and the broader business.

Read Post

Snyk

Read more about Introducing new Snyk AppRisk integrations: Enhancing application risk management with development context

AI Governance Belongs In Your Organization

Aug 1, 2024 By Anirban Banerjee In Riscosity

In the modern workplace, GenAI models have become powerful assets due to their ability to introduce efficiency, up level product innovation, and expedite how teams close the gap on competitors. However, these powerful tools also introduce significant risks related to data security and governance. Companies that aren’t actively figuring out how to govern the GenAI they’ve adopted will inevitably be left vulnerable.

Read Post

Riscosity

Read more about AI Governance Belongs In Your Organization

Triaging Non-CVE Vulnerabilities with Nucleus

Aug 1, 2024 By Nucleus In Nucleus

Join Scott Kuffer, Co-Founder of Nucleus Security, in this webinar, focused on effective vulnerability management. Dive deep into the complexities of managing non-CVE based vulnerabilities. Learn about centralized vs. distributed remediation strategies and gain practical tips on triaging, prioritizing, and responding to vulnerabilities. This webinar emphasizes the importance of a unified approach to vulnerability management, leveraging threat modeling, and re-evaluating risk assessment methodologies to protect your business.

View Video

Nucleus

Read more about Triaging Non-CVE Vulnerabilities with Nucleus

CISO Strategies Post-CrowdStrike to Safeguard the Balance Sheet

Aug 1, 2024 By Edward Kost In UpGuard

The ubiquitous CrowdStrike incident resulted in a major diversion of resources, with some hard-hit organizations assigning almost all of their IT and security personnel to damage control. As a CISO of an impacted organization, you will likely be required to answer for a lack of resilience to this type of event. To support your decision-making as you reevaluate your resilience budgets, this post outlines four resilience strategies based on key learnings from the CrowdStrike event.

Read Post

UpGuard

Read more about CISO Strategies Post-CrowdStrike to Safeguard the Balance Sheet

How CISOs Should Handle Future CrowdStrike-type Breaches

Aug 1, 2024 By Edward Kost In UpGuard

SolarWinds, MOVEit, Knight Capital, and now CrowdStrike. The vendor ecosystem will remain a major playing field for operational disruptions. But are you ready for the next inevitable event? As a CISO, your response to such a question from the board shouldn't be anything less than a resounding "Yes!" Here are five plans of action to help your organization survive the next major IT quake, whether it's due to another rusty security update or a third-party breach.

Read Post

UpGuard

Read more about How CISOs Should Handle Future CrowdStrike-type Breaches

"What's our number?": Responding To Your Exposure to CrowdStrike Outage Event

Aug 1, 2024 By SecurityScorecard In SecurityScorecard

Is cyber risk insurable? That question is often at the heart of the debate about the future of the cyber insurance industry. One of the primary drivers of that question is the insurance industry’s challenges when managing systemic cyber risk since many believe that systemic cyber risk has the potential to bankrupt the industry. While there hasn’t been a catastrophic cyber incident that has proven the skeptics right, there have been several close calls.

Read Post

SecurityScorecard

Read more about "What's our number?": Responding To Your Exposure to CrowdStrike Outage Event

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

August 2024