Cybersecurity has become a top-of-mind concern for many C-level executives and board members. Data breaches are a daily occurrence and carry a hefty — and growing — price tag averaging $4.35 million worldwide, according to the latest Cost of a Data Breach report. However, this is only one of several potential cybersecurity risks that an organization can face.

Against the backdrop of the growing frequency and severity of cyber attacks against enterprises, proposed new regulations from The Securities and Exchange Commission (SEC) are set to require publicly traded companies in the U.S. to analyze how cyber risk could affect financial statements. ‍

A major security incident in the crypto field occurred between March 17-18th. Due to a vulnerability that was not caught before the event, unknown crypto hackers were able to drain 1.6 million USD (around 59 BTC) from Bitcoin ATMs owned by General Bytes - the world’s largest Bitcoin, Blockchain, and Cryptocurrency ATM manufacturer.

As the frequency and complexity of cybersecurity threats continue to grow, it is becoming increasingly important for organizations to adopt advanced tools and techniques to protect themselves. One way to do this is by utilizing the MITRE attack framework (ATT&CK), a comprehensive taxonomy of common tactics, techniques, and procedures (TTPs) cyber attackers use to compromise information systems and steal data.

Being part of a governance, risk, and compliance (GRC) team is no easy task, as you have to stay on top of evolving expectations and laws, while connecting different business units together in a way that makes sense to other stakeholders. One area that’s been particularly tough to manage recently has been cybersecurity. From new data security standards to heightened risks around areas like ransomware, GRC teams have their hands full.

The Dutch Police have arrested three individuals for suspected ransomware activity, which generated at least 2.5M Euro in extortion fees. The actors are believed to have attacked thousands of organizations, compromising the data of tens of millions of individuals. This is another example of successful law enforcement activity against ransomware operations. Such activity has increased over the past year, leading to the arrest of several prominent ransomware group members, such as Revil and Netwalker.

Does your organization currently speak in the NIST framework language? Say bye-bye to manual mapping and say HELLO to filling out inputs in the NIST CSF framework. This new release helps security teams better align with the organization’s internal communications around security controls. We know that staying consistent with the company’s terminology can better help you achieve your goals.

T-Mobile has once again fallen victim to a massive new cybersecurity breach, discovered on Jan. 5. The company has a history of hacks from recent years, for which it was fined hundreds of millions of dollars. Using weak API security, the attack caused the exposure of the personal data of more than 37 million customer accounts, which was apparently first accessed on or around Nov. 25. The stolen records include addresses, phone numbers and dates of birth.

If you missed the first two parts of our series, we strongly suggest you visit the links here and here. ‍

If you missed the first part of our series (What will be the top cybersecurity threats in 2023?) we highly recommend you go check it out here. ‍