Cybersecurity threats abound, and the pace of cybersecurity attacks is increasing steadily year after year. At the same time, consumers are also becoming more aware of cybersecurity harms, and demanding better performance from the companies with which they do business. Regulators hear that sentiment from consumers too, and are responding with ever more stringent rules for data privacy.

Discover the best vulnerability mitigation strategies to help protect your business from potential threats with this guide from the team at Reciprocity. 2021 (and every year leading up to it) was the worst year on record for cybersecurity. Since the onset of the COVID-19 pandemic, cybercrime as a whole has increased by 600 percent.

In the age of digital business, protecting your organization’s digital assets from cyber threats and reducing your cyber risk exposure has never been more important – or more complicated. At the same time, most organizations are also required to comply with numerous industry and government regulations that dictate standards for data privacy and IT security.

People have long used mission statements, declarations and manifestos to publicly convey the intentions, motives or views of its issuer. While the historical political landscape has long used these actions to challenge and provoke, they are also advertisements to gain attention and to spark action.

Today I want to revisit the SEC’s proposed new rules requiring public companies to disclose more about their cybersecurity risks. Those plans would obligate companies to discuss how the board and senior management address cybersecurity risk at a strategic, enterprise level. What’s that all about?

Every business activity involves risk, so simply viewing and measuring risk at a high level isn’t enough. InfoSec teams also need to identify and categorize risks as they relate to individual business activities and the context around them. Managing risk is all about delivering insights so that key stakeholders – including executives and the board – can better understand their IT risk posture and use that knowledge to make better business decisions. But where to start?

The team at Reciprocity recently conducted a live poll and asked our audience, “Are you currently using your compliance program to guide your risk management program?” Here’s what our respondents said...

Businesses are constantly adapting to changing circumstances. Yet, many are strapped for resources and view compliance as nothing more than a checklist of requirements to satisfy regulators or auditors which could short-change their business. At the same time, the pandemic has highlighted the necessity of risk management for every organization, and exposed the gaps that exist in many governance, risk, and compliance (GRC) programs today.

Brute force attacks are nothing new in cybersecurity. As far back as 2015 (eons ago, in technology terms) the global coffee chain Dunkin’ Donuts suffered a brute force attack that targeted nearly 20,000 of its customers. In this attack, cyber attackers used brute force to get unauthorized access to the accounts of more than 19,000 users and steal their money. Following the incident, Dunkin’ Donuts was slapped with a lawsuit, where it ended up paying more than $500,000 dollars in a settlement.

Risk assessments are essential to a risk management program. Risk assessments identify existing and emerging threats (either internal or external) to a company’s information systems, data, and operations; so the company can then respond accordingly.