In the world of risk management, risk is commonly defined as threat times vulnerability times consequence. The objective of risk management is to mitigate vulnerabilities to threats and the potential consequences, thereby reducing risk to an acceptable level. When applied to cybersecurity risk, this equation provides a great deal of insight on steps organizations can take to mitigate risk.

By now you’ve heard about the new cybersecurity rules from the U.S. Securities and Exchange Commission (SEC) requiring public companies to report material cybersecurity incidents and disclose critical information related to cybersecurity risk management, expertise, and governance. Companies will be required to disclose risks in their annual reports beginning on December 15, 2023.

A whaling attack is a type of phishing attack that targets senior executives. The act of whaling is usually perpetrated via email and involves deceiving victims into initiating actions that put the organization and its assets at risk. In this blog, we explore how a whaling attack works, why executives are targeted, examples of successful whaling attacks, and steps you can take to prevent them.

Data breach attacks are serious problems for companies, organizations and institutions all over the world. For example, in the US one data breach costs on average 9.4 Million USD, which is the highest worldwide. To handle—or ideally, prevent—these attacks, we need to understand first the “why” and “how” of an attack. With this objective in mind, Bitsight analyzed more than 17,000 data breach events from the last seven years affecting 23 sectors in the US.

s cyber threats evolve and business models change, maintaining a mature cybersecurity program can be challenging. You need to be confident that your organization’s current security tools and techniques are effective. A single error or postponement in resolving a software problem can create weaknesses in your IT infrastructure, increasing the likelihood of cyber attacks.

On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) voted to adopt new cybersecurity requirements for publicly traded companies. These regulations create new obligations for reporting material cybersecurity incidents and disclosing critical information related to cybersecurity risk management, expertise, and governance. Companies will be required to disclose risks in their annual reports beginning on December 15, 2023.

Cybersecurity intelligence is a powerful weapon against risk. It enables you to discover, proactively respond, and mitigate emerging threats—internally and across your supply chain. But how can you improve your cybersecurity intelligence without overburdening busy teams? Here are three ways you can combine technology, processes, and people to effectively acquire, analyze, and disseminate intelligence to improve your organization’s security posture.

On May 29 2023, the Cybersecurity Division of the Commerce and Information Policy Bureau of the Ministry of Economy, Trade and Industry of Japan (METI) released an introduction guidance on Attack Surface Management (ASM) as a response to the increased cyber threats as a result of companies’ rapid digital transformation has led to a dynamic and growth of their internet footprint and possible attack vectors.

If your organization is like many others, its cyber exposure continues to grow over time. During the pandemic, as attackers sought to exploit unprecedented changes in work environments, 35% of cyberattacks used previously unseen malware or methods, up from the norm of 20%. And with the average enterprise using well over 1,000 cloud services, it can be very difficult to get a handle on potential vulnerabilities or to know when risks will pop up.

Backdoor attacks are on the rise. In 2022, this relatively little known cyberattack vector overtook ransomware as the top action deployed by cybercriminals. According to the IBM Security X-Force Threat Intelligence Index 2023, nearly a quarter of cyber incidents involved backdoor attacks. But what is a backdoor attack and how can you protect your organization from becoming a victim? Let’s explore this stealthy threat.