The attack surface for most organizations is constantly expanding, and security teams struggle to decide which parts of that surface deserve priority for effective risk mitigation. Traditional methods of ranking risks such as malware and ransomware on a high-, medium-, low- scale have unraveled as different people interpret those categories differently. What’s needed: more accurate cyber risk assessments.

Attending the RSA Conference can be an exciting time – whether you’re there representing your company or participating in the educational sessions. Just walking around the Moscone Center during RSAC 2023 provided insight into the latest trends and challenges in the risk and compliance industry. One of the most striking takeaways from the conference was the complexity and challenges involved in risk and compliance management faced by modern organizations.

As ever more business operations rely on software systems and online platforms, the range of cybersecurity risks they face become ever more complex. A strong risk management process can help, enabling organizations to detect potential threats, gauge the potential disruption, and implement mitigation plans to minimize the risk of harm. That said, merely implementing a risk management plan is not enough to ensure optimal cybersecurity.

Many companies now operate in a hybrid work environment. The term encompasses any number of specific workplace arrangements, but ultimately refers to a more flexible environment where employees spend a significant amount of time not in the office. So what are the implications of that shift for cybersecurity? Clearly hybrid work environments have a greater reliance on technology. That can increase your organization’s risk of a cybersecurity attack.

Auditors and other anti-fraud professionals have fresh guidance this week on how to manage fraud risk, with an emphasis on data analytics, internal reporting hotlines, and discussion of how effective fraud risk management can deter fraudsters from trying their schemes in the first place. Said guidance comes from COSO and the Association of Certified Fraud Examiners, who released the document earlier this week.

Among all the cyber attack techniques gaining prominence, account takeover (ATO) attacks are perhaps the most unnerving for businesses. Even though financial institutions seem like an obvious target, e-commerce storefronts and online entertainment platforms are also becoming popular targets. For example, online betting website DraftKings fell victim to an ATO attack in 2022, where the perpetrators made off with $300,000.

The world of business has changed dramatically over the past few years. Today, it’s more digital and connected than ever, leaving security and technology teams stretched even thinner. Privacy and data regulations are increasing on a state and national level; threat actors are learning and evolving; and cybersecurity has finally become a boardroom priority! Now that you have leadership’s attention — what will you do? If your answer is “GRC as usual,” it may hold you back.

End-to-end security is critical for businesses to navigate today’s digital age. The more consumers and businesses communicate, and transfer their information online, the more vital it is to keep that shared data confidential and secure. Leaving your endpoints (and the communication traveling between them) unsecure increases the risk that confidential data may land in the hands of malicious actors.

According to a 2022 Gartner survey, 84 percent of executive risk committee members say that “misses” in third-party risk resulted in disruption to their business operations. That statistic is alarming, considering that most enterprise organizations have extensive third-party relationships with vendors, suppliers, and partners for business innovation or operational efficiency.

Being a cybersecurity professional is a heavy responsibility and requires an exceptional amount of ethics and integrity. So, when cybersecurity software company Bitdefender released the results of their 2023 Cybersecurity Assessment, the results shocked me (more than they probably should have). The statistics on data breach cover-ups were alarming. 1.