Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

September 2024

bitsight

Critical Vulnerabilities Uncovered: How Bitsight Delivered Fast, Actionable Insights in Under 24 Hours

Sep 30, 2024 By BitSight In BitSight
The speed at which vulnerabilities are detected and addressed can drastically impact an organization’s likelihood of suffering a security incident. Recently, Bitsight demonstrated how its investments in product fingerprinting and CVE mapping allowed it to identify and surface assets potentially impacted by a set of critical vulnerabilities in the CUPS printing system in under 24 hours.
Read Post
SecurityScorecard

The Road Taken: Pathways to Better Compliance

Sep 30, 2024 By SecurityScorecard In SecurityScorecard
Ralph Waldo Emerson, the renowned American writer, lecturer and philosopher, is often credited with the phrase “It’s not the destination, it’s the journey.” Legal, Compliance, Risk and Security professionals would be wise to consider Emerson’s wise words and philosophy. The path to optimal compliance outcomes and practices is long and full of twists and turns – with new and increasingly complex rules, regulations and legal regimes.
Read Post
SecurityScorecard

How the U.S. Department of Justice Can Improve Its Approach to Combat Ransomware Attacks

Sep 30, 2024 By SecurityScorecard In SecurityScorecard
Earlier this month, the U.S. Department of Justice’s Office of the Inspector General released a report on how the Department could improve its approach to combat ransomware attacks. The report included an audit and evaluated the Department’s strategy to respond and counter ransomware attacks during a two-and-a-half-year period from April 2021 through September 2023.
Read Post
knowbe4

From Tetris to Minecraft: The Evolution of Security Awareness into Human Risk Management

Sep 27, 2024 By Javvad Malik In KnowBe4
Once upon a time, security awareness training resembled a never-ending game of Tetris. Threats cascaded down, demanding swift action and strategy, only to speed up until we inevitably faltered. Today, we've entered a new realm of engagement, creativity, and community in human risk management.
Read Post
upguard

UpGuard Expands Vendor Risk Questionnaire Library with New DORA Questionnaire

Sep 26, 2024 By Kyle Chin In UpGuard
UpGuard is excited to announce the latest addition to our Vendor Risk Questionnaire Library: the DORA (Digital Operational Resilience Act) questionnaire! The addition of DORA to the Questionnaire Library reflects UpGuard’s ongoing commitment to providing our customers with the necessary tools to navigate today’s evolving regulatory standards.
Read Post

Accelerating Threat Assessment and Risk Mitigation with Nucleus Vulnerability Intelligence Platform

Sep 26, 2024 By Nucleus In Nucleus
In this webinar, discover how the Nucleus Vulnerability Intelligence Platform (VIP) is changing the way organizations handle vulnerabilities. Learn how VIP empowers security teams to assess, prioritize, and mitigate vulnerabilities in real time by leveraging automated workflows, comprehensive data aggregation, and custom risk ratings. Key topics covered: Chapters Don't forget to like, comment, and subscribe for more in-depth webinars and expert discussions on cybersecurity and vulnerability management!
View Video
upguard

Introducing UpGuard's DPDP Act Security Questionnaire

Sep 25, 2024 By Nicholas Sollitto In UpGuard
In an era where data breaches and privacy concerns dominate headlines, regulatory frameworks like India’s Digital Personal Data Protection Act, 2023 (DPDP) have become indispensable. The DPDP Act safeguards the privacy of individuals by regulating how organizations operating in India can collect, process, and store personal data. Landmark regulations like the DPDP Act are essential for enhancing data security.
Read Post
bitsight

Critical Vulnerabilities Discovered in Automated Tank Gauge Systems

Sep 24, 2024 By Pedro Umbelino In BitSight
Industrial Control Systems (ICS) have become a ubiquitous part of modern critical infrastructure. Automatic Tank Gauge (ATG) systems play a role in this infrastructure by monitoring and managing fuel storage tanks, such as those found in everyday gas stations. These systems ensure that fuel levels are accurately tracked, leaks are detected early, and inventory is managed efficiently.
Read Post
nucleus

How Security Debt Compounds Vulnerability Risk

Sep 24, 2024 By Corey Tomlinson In Nucleus
Organizations often find themselves caught in a perpetual cycle of identifying, prioritizing, and mitigating vulnerabilities that pose the most risk. Amid this ongoing battle, a significant challenge is often overlooked: security debt. Much like technical debt, security debt refers to the accumulation of unresolved vulnerabilities within an organization’s systems and software.
Read Post
kovrr

Deciphering the Loss Exceedance Curve in Cyber Risk Quantification

Sep 24, 2024 By Kovrr In Kovrr
On-demand cyber risk quantification (CRQ) models have the power to assess an organization’s unique risk profile and, subsequently, generate data-driven insights that facilitate informed risk management decisions. The basis of these insights is grounded on a probabilistic approach to event forecasting, which involves simulating thousands of potential cyber scenarios a business may experience over a given period, typically the upcoming year.
Read Post
parablu

Risks and Mitigation of Insider Threats

Sep 23, 2024 By Parablu In Parablu
Insider attacks are growing, whereby 60% of organizations in the past year alone have suffered employee-related data breaches. Surprised? Most businesses get blindsided by the people they put their most trust in. It can be accidental data leaks or malicious actions, but the risk is very real and, regrettably, on the rise. It’s no longer a matter of “if,” but rather “when” an insider threat could compromise your organization’s most sensitive data.
Read Post
securitysenses

A Comprehensive Guide to Post-Breach Services

Sep 22, 2024 By SecuritySenses In SecuritySenses
As businesses increasingly migrate to the cloud, leveraging its scalability, flexibility, and cost efficiency, they also face the rising threat of cyberattacks. Despite advanced preventive measures, breaches happen. When they do, knowing how to respond is critical to minimising damage, ensuring compliance, and maintaining customer trust. This guide delves into the essential post-breach services businesses need to implement to recover and strengthen their cybersecurity posture.
Read Post
securitysenses

4 Ways Ethical Hacking Services Helped Businesses Prevent Cyber Attacks

Sep 22, 2024 By SecuritySenses In SecuritySenses
As technology continues to advance at a rapid pace, so do the tactics of cybercriminals. For businesses of all sizes, the threat of a cyber attack is growing more and more concerning. Through the use of ethical hacking techniques, companies can identify vulnerabilities in their systems. They can also address them before malicious hackers exploit them. In this post, we will explore the ways ethical hacking services have become a valuable asset in the fight against cyber attacks.
Read Post
knowbe4

Beyond Analyst Reports: KnowBe4's Undeniable Leadership in Human Risk Management

Sep 19, 2024 By Perry Carpenter In KnowBe4
Analyst reports aim to provide market insights. But when it comes to Human Risk Management (HRM), we’ve noticed that they often fall short of capturing the full picture. You already know that we are the undisputed leader in the essential areas that have been standard features in the security awareness market for years. Those capabilities are why we’ve become the largest vendor in the space. But for years now we have exceeded just those standard features.
Read Post
Snyk

3 best practices to make the most of Snyk AppRisk Essentials

Sep 19, 2024 By Daniel Berman In Snyk
Thousands of our customers are leveraging Snyk to implement their DevSecOps and shift-left strategies. However, with the increasing speed and complexity of applications, we also know it’s harder to stay in sync with development. It is increasingly difficult to maintain a clear view of all the software assets being developed, identify ownership and their importance to the business, and, most importantly, ensure that these assets are properly secured by Snyk.
Read Post
bitsight

From Theory to Practice: How Portugal's Cybersecurity Centre Is Tackling NIS2 Compliance

Sep 19, 2024 By Francisco Fonseca In BitSight
In their capacity as a regulator, the Portuguese National Cybersecurity Centre (CNCS) is at the forefront of adapting to NIS2 requirements and ensuring that entities under their purview are compliant. They provide strategic oversight and support for organisations navigating the complexities of the new directive, which introduces stricter standards for risk management, incident response, and supply chain security.
Read Post
foresiet

The Crucial Role of Service-Level Agreements in Third-Party Risk Assessments

Sep 19, 2024 By Foresiet In Foresiet
In today's interconnected business environment, third-party risk management has become a pivotal concern for organizations. As businesses increasingly rely on external vendors for essential services, managing the risks associated with these third-party relationships is critical. A key tool in mitigating these risks is the Service-Level Agreement (SLA).
Read Post
sysdig

Prioritize Security Without Sacrificing Productivity: Balancing Identity Management and Risk Tolerance

Sep 19, 2024 By Crystal Morin In Sysdig
In the fast-paced, large-scale world of digital business, establishing and managing an acceptable risk tolerance related to user identities — both human and machine — is a critical element of organizational security. At the forefront of this challenge is the need to strike the right balance between ensuring robust security and maintaining an environment that doesn’t impede innovation. After all, identities are the new perimeter in the cloud.
Read Post
obrela

MDR vs MSSP: What is the difference?

Sep 19, 2024 By Obrela In Obrela
At Obrela , our mission is to keep your business in business. And we achieve it by protecting and preventing malicious attacks from cybercriminals. When we onboard new clients, we are often asked to explain the difference between MDR and MSSP. Both options offer managed cybersecurity processes. However, there are some key differences between MDR and MSSP.
Read Post
kovrr

Leveraging Cyber Risk Quantification for NIS2 Compliance

Sep 18, 2024 By Kovrr In Kovrr
‍In response to the growing number of disparate cyber regulations across its member states, resulting in inconsistent cybersecurity practices, the EU drafted Directive 2022/2555, more commonly known as NIS 2. This sweeping directive, officially in effect in October 2024, aims to ensure a more uniform, proactive approach to cyber risk management across the union in the face of an interdependent market and increasingly costly risk landscape.
Read Post
bitsight

CISA KEV performance in the Financial Sector

Sep 18, 2024 By Ben Edwards In BitSight
As a security data nerd I am absolutely spoiled here at Bitsight. So much so that I have to stop myself from doing little projects and requests so I can dive into the “big” stuff1. So it is always refreshing when folks see a piece of research and decide “hey can you give me more information on my little corner of the world.” Then of course and can throw off those notions of “stopping” and just dive back in.
Read Post
upguard

UpGuard's Cyber Risk Ratings: Enhancing Risk Categorization for 2024

Sep 17, 2024 By Nicholas Sollitto In UpGuard
Each year, we revisit our risk rating system to ensure it best reflects the needs of security practitioners safeguarding their organizations and supply chains. For our 2024 update, we’ve made two closely related changes: we’ve recategorized some of our existing findings to make an organization’s risk profile more understandable and recalibrated our scoring algorithm to more clearly illustrate the impact of specific risks.
Read Post
upguard

What is Enterprise Attack Surface Management?

Sep 17, 2024 By Edward Kost In UpGuard
The rapid expansion of the digital landscape adds increasing complexity to cybersecurity, especially for enterprises that could have up to 100,000 vendors in their supply chain. Addressing these challenges requires implementing an Attack Surface Management (ASM) strategy tailored to enterprise businesses' unique risk profiles. This post outlines the importance of ASM for enterprises and offers a strategy for ensuring its effective implementation.
Read Post

Keeper 101 | Enterprise: Risk Management Dashboard

Sep 17, 2024 By Keeper In Keeper
The Keeper Risk Management Dashboard is a powerful feature of the Keeper Admin Console that provides comprehensive security posture information covering end-user deployment, utilization, cloud configuration, and event monitoring. This critical data helps administrators ensure that risks are remediated and compliance is enforced effectively. The Risk Management Dashboard monitors key metrics and leverages Keeper Security's Benchmarks to enforce the highest level of security in your environment across all users and devices.
View Video
securitysenses

The Importance of Application Security Posture Management in Business

Sep 17, 2024 By SecuritySenses In SecuritySenses
Application security posture management (ASPM) is a critical process for businesses today. It involves assessing and managing the security risks in business applications to protect against cyber threats. With advancing technology, cybercriminals are becoming more sophisticated, making it crucial to maintain a robust application security posture. By doing so, businesses can prevent data breaches, ensure business continuity, and build customer trust.
Read Post

Redefining Security Investments: SAST Scans and DFPM

Sep 16, 2024 By Riscosity In Riscosity
In today's ever-evolving digital landscape, teams must have a strong understanding of the security measures that will work best for their environment and how to implement them. During this event, we explore the benefits of utilizing SAST scans and DFPM (Data Flow Posture Management) tools to create robust security guardrails for your organization. Hear from Anirban Banerjee, CEO and Co-founder of Riscosity, and Milan Williams, Sr. Product Manager at Semgrep, as they dive into how teams can approach security investments starting with SAST scans and data flow security.
View Video
nucleus

4 Simple Steps to Implement Risk-Based Vulnerability Management

Sep 13, 2024 By Tally Netzer In Nucleus
Imagine if your fire alarm sensor went off every time you burned your toast or lit candles on a birthday cake. After a few false alarms, you’d probably start ignoring them or even turn your sensor off just to get some peace. This is what many information security teams are experiencing with vulnerability alerts.
Read Post
bitsight

Continuing to Evolve Next-Gen Asset Attribution Through Service Provider Collaboration

Sep 12, 2024 By Miguel Reis In BitSight
One of the primary reasons that the Bitsight Security Rating is widely respected and closely correlated with real-world security outcomes is the scale and sophistication of our asset attribution capabilities. In a recent post, my colleague Francisco Ferreira shared an update on the momentum building with Bitsight Graph of Internet Assets (GIA), the AI-powered engine we use to map assets to organizations and build our Ratings Trees.
Read Post
obrela

What is a WAF (Web Application Firewall)? How does it Work?

Sep 12, 2024 By Obrela In Obrela
As organizations are increasingly relying on web applications, securing them is vital. A Web Application Firewall (WAF) plays a critical role in protecting web apps by filtering and monitoring HTTP traffic between the application and the internet. Unlike traditional firewalls, which safeguard internal networks, a WAF focuses on protecting web applications from threats such as SQL injection, cross-site scripting (XSS) and other vulnerabilities.
Read Post
securitysenses

How Cybersecurity Risk Assessments Will Need to Evolve for 2025

Sep 12, 2024 By SecuritySenses In SecuritySenses
2025 is drawing near, and the cybersecurity scene is changing quickly. Organizations must adapt how they undertake cybersecurity risk assessments in tandem with the ongoing evolution of technology and the escalating sophistication of cyber-attacks. In order to address the difficulties of the near future, cybersecurity risk assessments will need to change in ten key areas, as this essay examines.
Read Post
kovrr

The Value of Cyber Risk Quantification Models Vs. CRQ Frameworks

Sep 11, 2024 By Kovrr In Kovrr
From the individual to the global level, managing risk is a part of life. While in some contexts, poor risk planning merely results in minor, inconsequential outcomes, in others, such negligence can be catastrophic. Take the July 2024 CrowdStrike incident, for instance, during which a faulty software update put global airlines out of commission, took broadcasters off the air, and cost the market upward of $5 billion in uninsured losses.
Read Post
Snyk

Announcing new Snyk AppRisk integration with Orca Security

Sep 11, 2024 By Daniel Berman In Snyk
We’re excited to announce a new Snyk AppRisk integration with Orca Security that brings the best of two worlds together: developer-loved, security-trusted application security from Snyk and leading cloud security from Orca. This integration is big news for organizations looking to align with DevSecOps and enhance collaboration between development and security teams.
Read Post
securitysenses

Virtual CISO Services: A Smart Solution for Modern Businesses

Sep 11, 2024 By SecuritySenses In SecuritySenses
In today's dynamic cybersecurity landscape, businesses of all sizes face significant challenges in safeguarding their data and systems from cyber threats. As the need for robust cybersecurity measures grows, many organizations are turning to Virtual CISO (vCISO) services as a cost-effective and flexible solution to enhance their security posture. A Virtual CISO is an outsourced cybersecurity professional or team that provides the expertise and guidance of a Chief Information Security Officer (CISO) on a part-time or contract basis.
Read Post
netskope

Evolving the Netskope Risk Exchange Ecosystem

Sep 10, 2024 By Agasthiamani Sankaran In Netskope
The adoption of cloud services, hybrid workforces, the rapid emergence and use of generative AI (genAI) along with the evolving regulatory environment are forcing security and risk management (SRM) leaders to enhance their SRM spending. Gartner forecasts global SRM spending to grow 14% in 2024. Moreover, worldwide end-user spending on SRM is projected to total $215 billion in 2024, an increase of 14.3% from 2023, according to a new forecast from Gartner, Inc.
Read Post
bitsight

Do We Need Yet Another Vulnerability Scoring System? For SSVC, That's a YASS

Sep 10, 2024 By Ben Edwards In BitSight
The security world is awash in acronyms. As a niche in the security world, vulnerability, tracking, measurement, and management is no stranger to inscrutable collections of capital letters. We’ve got NVD, CPE, CWE, CVSS, EPSS, CAPEC, KEV, and of course “CVE”. The key goal of all these frameworks is to try to help folks organize information around vulnerabilities and assess how their presence might increase an organization's exposure.
Read Post
SecurityScorecard

Billington 2024: Key Cybersecurity Takeaways from the AI Age

Sep 9, 2024 By SecurityScorecard In SecurityScorecard
SecurityScorecard had the pleasure of participating in the 15th Annual Billington CyberSecurity Conference – a key convening of policymakers and industry thought leaders in our Nation’s Capital. This year’s edition – Advancing Cybersecurity in the AI Age – included over 4,000 registrants and 200 speakers participating in 40+ sessions and breakouts. It would not be an emerging tech and government conference without an extra emphasis on AI.
Read Post
cyberint

Why MSSPs Are Short on Good External Risk Management Tools

Sep 8, 2024 By Avi Mileguir In Cyberint
If you’ve worked in the Managed Security Services Provider (MSSP) industry for a while, you might remember the era when the MSSP tool set consisted only of internal risk management solutions – like software that scanned client endpoints and application source code. Those days are gone. Today, external risk management has become just as critical a part of an MSSP’s job.
Read Post
SecurityScorecard

CISA's Secure By Design: A Year Later

Sep 6, 2024 By SecurityScorecard In SecurityScorecard
In April this year, the CISA Secure By Design initiative turned one. The initiative calls for the public and private sectors to work together to challenge and encourage software manufacturing companies to adopt principles to ensure their software is developed and produced as securely as possible. The initiative tracks seven goals that software manufacturers can pledge to develop and transparently track progress towards those goals.
Read Post
securitysenses

Understanding Risk Management in Trading for Newcomers

Sep 6, 2024 By SecuritySenses In SecuritySenses
Risk management is a crucial pillar of successful trading, especially for newcomers navigating the often volatile financial markets. At its core, risk management involves identifying, assessing, and prioritizing risks to minimize potential losses. New traders should start by determining their risk tolerance - an understanding of how much they can afford to lose without jeopardizing their financial stability. Keeping a crypto trading diary can also help in tracking decisions and outcomes, which is essential for improving one's approach to risk management.
Read Post
vanta

Vanta Delivers: Introducing New Products for the Future of Governance, Risk and Compliance (GRC)

Sep 5, 2024 By Vanta In Vanta
Empowering GRC teams to make their security and compliance continuous and automated. Announcing Report Center, enhancements to Vendor Risk Management (VRM), and market-leading milestones for integrations and frameworks.
Read Post
bitsight

A Complete Guide to Security Ratings

Sep 5, 2024 By Rachel Holmes In BitSight
Security ratings are a data-driven, dynamic measurement of an organization's cyber security performance that can be used to understand and influence internal and third-party cyber risk. Sometimes referred to as cybersecurity ratings, these quantitative metrics give security teams a simple indicator of security performance across their own organization, as well as the security posture of the third-party organizations they rely on.
Read Post
upguard

ServiceNow Vulnerabilities: CVE-2024-4789 and CVE-2024-5217

Sep 5, 2024 By Nicholas Sollitto In UpGuard
In late July 2024, the US Cybersecurity and Infrastructure Security Agency (CISA) added two critical vulnerabilities (CVE-2024-4789 and CVE-2024-5217) affecting ServiceNow to its list of known exploited vulnerabilities. These vulnerabilities can allow unauthenticated users to execute code remotely, posing severe risks to organizations that use the platform. The potential for unauthorized access and severe data breaches makes addressing these vulnerabilities crucial.
Read Post
bluevoyant logo

Detect, Deflect, Protect: The Story of Third-Party Cyber Risk Management

Sep 5, 2024 By BlueVoyant
Your business is your castle. Once upon a time, you could keep it safe by constructing strong walls, posting a few guards at the door, raising the drawbridge, and digging a deep moat around it. That's now the stuff of fairy tales. Today's networks simply can't be locked down due to the nature of business itself. The perimeter that was once contained to a single building now spreads as far as your furthest third-party connection or remote employee. And while your business benefits from this greater flexibility and increased operational efficiency, so do the cybercriminals.
Get EBook
cultureai

More than a security alert: A guide to nudges

Sep 4, 2024 By Lexie Taylor-East In CultureAI
As American poet Nikki Giovanni wisely observed, "Mistakes are a fact of life. It is the response to error that counts." This rings particularly true in the world of cyber security. Even the most vigilant individuals can make mistakes—after all, we’re only human. What truly matters is how we respond. Imagine a platform that automatically detects risky security behaviours, alerting employees and nudging them to fix their mistakes before they escalate?
Read Post
bitsight

A look into Web Application Security

Sep 3, 2024 By Pedro Umbelino In BitSight
In today's digital age, web applications are the backbone of many businesses, supporting and managing a vast array of sensitive information, from personal details and financial records to critical business data. When we think about any company that we want to know more about, the most common question is: “what is their website”? But web applications are not just about traditional websites, they encompass far more than just the pages you go to when browsing the Internet.
Read Post
obrela

What is SIEM in cyber security? Definition & Meaning.

Sep 3, 2024 By Obrela In Obrela
Security Information and Event Management (SIEM) is a critical tool in modern cybersecurity, combining Security Information Management (SIM) and Security Event Management (SEM) to provide real-time monitoring, threat detection and incident response. Obrela’s SIEM solutions collect and analyse security data from various sources to provide a comprehensive view of the security landscape.
Read Post
upguard

What is Vendor Risk Monitoring in Cybersecurity?

Sep 2, 2024 By Edward Kost In UpGuard
Vendor risk monitoring is the process of continuously identifying, assessing, and managing security risks associated with third-party vendors. This effort is crucial to a successful Vendor Risk Management program as it ensures an organization’s third-party risk exposures remain within acceptable levels throughout each vendor's lifecycle.
Read Post
upguard

Top 8 Vendor Risk Monitoring Solutions in 2024

Sep 2, 2024 By Edward Kost In UpGuard
The effectiveness of your entire Vendor Risk Management program is contingent on your vendor risk monitoring capabilities. Insufficient vendor security monitoring that fails to detect cyber risks during onboarding or any new cybersecurity risks throughout the vendor lifecycle will inevitably emerge later on as a major breach risk. To help you choose a vendor risk monitoring solution that will maximize your VRM investment, this post ranks the top eight vendor monitoring platforms on the market in 2024.
Read Post

Measuring Risk with One Yardstick: Lessons Learned on the Road to RBVM

Sep 1, 2024 By Nucleus In Nucleus
How should we measure risk? Zebra Technologies has more than a dozen cybersecurity tools, thirty-five teams, and hundreds of people worldwide managing vulnerabilities. They wanted to measure with one yardstick; use a single, risk-based solution that could be customized to meet business criteria.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.