Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Early 2023 has been characterized by an explosion of Artificial Intelligence (AI) breakthroughs. Image generators and large language models (LLMs) have captured global attention and fundamentally changed the Internet and the nature of modern work. But as AI / Machine Learning (ML) systems now support millions of daily users, has our understanding of the relevant security risks kept pace with this wild rate of adoption?

The White House’s ambitious national cyber strategy— which represents a shift away from decades-old voluntary compliance guidelines to a more aggressive regulatory approach of critical infrastructure firms—couldn’t come at a better time. A recent study found that local governments were the organizations least capable of disrupting ransomware attacks, and that they were also among the ransomware victims to pay ransoms most frequently (43% paid a ransom after an incident).

As a security manager, you have a wide variety of tasks you need to complete in order to protect your organization — as well as your employee and customer data. Of course, some of these responsibilities are performed on a quarterly or yearly basis, such as gathering information for audits or conducting annual assessments. But there are certain tasks that you should be completing daily in order to maintain the desired security posture and reduce cyber risk across your expanding attack surface.

Assessing cyber risk for potential vendors is one of the most important aspects of managing third-party risk for any organization. The vendor risk assessment process helps businesses decide which partners or service providers to work with and, more importantly, who to trust with their most sensitive data.

Vendor criticality is the level of risk that vendors are categorized into during the risk assessment phase. Determining vendor criticality is an essential part of the third-party risk management (TPRM) program to help organizations better prioritize their risk remediation goals. As part of the vendor risk assessment and vendor due diligence process, understanding the risk criticality levels of each vendor plays a huge role in preventing data breaches from occurring.

As part of SecurityScorecard’s commitment to making the world a safer place, we are now the first and only security ratings platform to integrate with OpenAI’s GPT-4 system. With this natural language processing capability, cybersecurity leaders can find immediate answers and suggested mitigations for high-priority cyber risks.

Researchers from Bitsight and Curesec have jointly discovered a high-severity vulnerability — tracked as CVE-2023-29552 — in the Service Location Protocol (SLP), a legacy Internet protocol. Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks with a factor as high as 2200 times, potentially making it one of the largest amplification attacks ever reported.

Cybersecurity has become a top-of-mind concern for many C-level executives and board members. Data breaches are a daily occurrence and carry a hefty — and growing — price tag averaging $4.35 million worldwide, according to the latest Cost of a Data Breach report. However, this is only one of several potential cybersecurity risks that an organization can face.

After COVID, enterprise IT security got turned on its head. As the world adjusted to working from home, and continues to, IT teams worked overtime to enable remote access for millions of employees. This transition has gone smoothly for most organizations, but many security gaps still remain years later. The SolarWinds data breach is a worrying example. It shows how vulnerable organizations are to malicious activity in our changing risk environment.

Let's be honest – nobody likes security questionnaires. To vendors, they're irritating workflow interruptions, always seeming to arrive at the most inconvenient times. To businesses, they mark the first stage of a long, drawn-out process where vendors need to be continuously pestered to complete them. In this post, we outline three proven strategies for streamlining the security questionnaire process to eliminate stress for both the businesses that send them and the vendors receiving them.