Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SecurityScorecard has been in Davos, Switzerland for the past week with heads of state, CEOs, and other global leaders as part of the 2023 World Economic Forum’s Annual Meeting. Along with climate change, sustainability, and geopolitical complexities, cybersecurity is one of the hottest topics of WEF’s official programming and the myriad private events that are part of the Davos annual experience.

The Fourth Industrial Revolution, with its accelerating pace of digitization and automation, means that organizations are becoming more dependent on data processing and connectivity to deliver value to their customers and stakeholders. Threat actors exploit this growing attack surface to achieve their aims: fraud, extortion, harassment, espionage, and other harms. They are smart, adaptive, and ruthless—and getting rich as a result.

Two years ago, Kovrr took a unique approach to cyber risk modeling of financial quantification (FQ) and expanded to the enterprise market. After a long time of quantifying risks of portfolios for global insurers and reinsurers, Kovrr was able to build expertise around quantifying risk with specific expertise in acquiring high-quality data to feed our models and fast time to value using automation.

Whether or not you believe in omens and superstition , Friday the 13th is a day of infamy. To celebrate—if that’s a thing—let’s look at some creepy cyber incidents that will have your skin crawling in good old Friday the 13th fashion.

Third party risk assessment is the process of evaluating and managing the risks associated with engaging third parties. It involves identifying, assessing, and mitigating potential risks that could arise from working with external vendors or partners. The goal of this type of assessment is to ensure that any risks posed by these relationships are minimized or eliminated altogether.

During the last week of December, a threat actor who goes by the name “Ryushi”, claimed to be selling public and private data of 400 million Twitter users, which was scrapped in 2021, using an API vulnerability which was fixed by Twitter in 2022. Since then, Ireland’s Data Protection Commission (DPC) notified that it "will examine Twitter's compliance with data-protection law in relation to that security issue".

Malware is short for "malicious software" and refers to any software program that is designed to harm or exploit a computer or device. And unfortunately, malware is all over the internet, with 560,000 new pieces of malicious software detected every day. It can come from many potential sources, including: It’s vital for organizations to understand the risks malware poses and take effective measures to stop potential threats.

Cloud computing is a powerful service, but securing its assets proves to be a difficult task by even the largest companies in the world. The average cost of a cloud breach is around $4 million, and it is vital that cloud workloads are as secure as possible. This article will explain cloud security and provide seven steps organizations should take when conducting their cloud risk assessment.

‍ Even maintaining current budgets can be hard as companies look for cost savings in non-revenue-generating areas. But you don’t have to wait for a cyber attack to occur to prove that you need to invest in cybersecurity. ‍ Instead, CISOs can demonstrate the ROI of their current spend, and potentially convince other leaders to increase budgets, by using cyber risk quantification (CRQ).