Citing senior Cybersecurity and Infrastructure Security Agency (CISA) officials, journalistsreported on November 8 that DDoS attacks had temporarily disabled the website of a state government. A group claiming to be pro-Russian hacktivists, CyberArmyofRussia_Reborn, claimed responsibility for that attack and another on the website of a U.S. political party’s governing body on the same day, specifying one target IP address for each organization.

With the rise in cybercrime, including malware and ransomware attacks, digital forensics has become vital for many organizations. Digital forensics is the science of recovering, investigating, and analyzing digital records, often called digital artifacts, or in legal language forensic artifacts. This can be to find evidence of a crime, but is more often used to identify activity occurring on a computer and to understand how a cyberattack or breach may have occurred.

It’s no secret that loss control programs are essential for cyber insurance. Unlike other forms of insurance where the risk and assets don’t change much during a policy term, cyber insurance is meant to mitigate a constantly evolving risk and cover organizations whose security posture is always changing. A cyber insurance policy could be priced completely differently today compared to a few weeks or months later.

When discussing cybersecurity, “penetration testing” and “red teaming” are two terms that are often used interchangeably but are two entirely separate concepts. If you are considering implementing additional cybersecurity protocols within your organization, it’s essential to understand the unique role and function of each of these processes and how they can benefit your organization.

SecurityScorecard, the global leader in cybersecurity ratings, commented on the Federal Energy Regulatory Commission’s (FERC or “Commission”) proposal to establish rules for incentive-based rate treatments for certain voluntary cybersecurity investments by utilities. Cybersecurity is among the greatest threats to the resilience and reliability of America’s critical infrastructure, including its electricity infrastructure.

In October, BleepingComputer reported that the websites of several airports were experiencing service disruptions after the KillNet threat actor group announced that they would target airports throughout the U.S.

In today’s rapidly evolving cyber risk landscape, a resilient and trusted digital ecosystem is possible with an agile security program. Cyber resiliency is the ability to respond to and recover from a cybersecurity incident effectively. A record high 71% of organizations were victimized by a ransomware attack in 2022. Even more concerning is that Gartner estimates that 80% of organizations have no knowledge or awareness of their attack surface.

You and your board have the same goal: to drive your organization in the right direction. That makes everything easy, right? Well, not always. Whereas the problem used to be an overall lack of security awareness, boards now are very much aware of the business risk less-than-robust cybersecurity poses. Today, it’s all about communicating effectively and fluently, especially when introducing cybersecurity solutions.

The U.S. Transportation Security Administration (TSA) recently issued new cybersecurity regulations for passenger and freight railroad carriers to enhance cybersecurity resilience with performance-based measures. This security directive includes a new requirement for railroad carriers to build continuous monitoring policies and procedures. This is the latest of several recent initiatives on the U.S. state and federal levels requiring continuous monitoring of cyber risk.

Effectively evaluating risk goes a long way toward improving an organization’s cybersecurity posture. The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA’s partnership with SecurityScorecard will enhance their members’ ability to evaluate their own risk and that of their entire business ecosystem.