Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Risk Management

Board Members' Guide to Cyber Governance and Leadership

Last week, I had the opportunity to moderate a panel at the NACD Summit, where I was joined by: Deven Sharma, Former President at S&P; John Katko, Former Member of U.S. House of Representatives; and Aaron Hughes, CISO at Albertsons. The National Association of Corporate Directors (NACD) holds its summit annually to empower directors and transform boards to be future ready. Our panel discussion focused on how board members can strategically oversee their organizations’ cybersecurity resilience.

Re-evaluating risk in the artificial intelligence age

It is common knowledge that when it comes to cybersecurity, there is no one-size-fits all definition of risk, nor is there a place for static plans. New technologies are created, new vulnerabilities discovered, and more attackers appear on the horizon. Most recently the appearance of advanced language models such as ChatGPT have taken this concept and turned the dial up to eleven.

The IR Retainer Redefined: Boosting Cyber Resilience with MDR + Cyber Risk Retainer

An effective detection and response capability is essential for monitoring key assets, containing threats early and eradicating them. However, due to the current disparate nature of potential attack vectors within an organization, affording the wide range of sensors necessary can be a challenge as well as the worry of the disruption of critical services. Yet, without robust detection and response processes, businesses are left vulnerable.

Navigating the Unknown: Zero-Days in the Supply Chain

Zero-days are out there. Lurking just under the surface, waiting for the right moment to strike. A security team can do everything right and still experience a zero-day attack in its supply chain. And with innumerable configurations, devices, and platforms that can be exploited, zero-day exploits are becoming more common than ever.

Mastering Cybersecurity in Today's World

In a world where AI is everywhere, cybersecurity regulations are on the rise, and cyber insurance is booming, we need standardized metrics for cybersecurity. Remember, you can’t manage what you can’t measure. A recent report by SecurityScorecard and the Cyentia Institute discovered a startling fact: 98% of organizations have a third party with a breach in the last two years. In cybersecurity, metrics matter; knowing how to communicate and report on metrics is essential.

5 Steps to Creating an Incident Response Plan

No matter how robust your cyber defenses are, there is a high likelihood that your organization will experience a cybersecurity incident—either directly or as a result of a supply chain attack. Implementing a cybersecurity incident response plan can help you effectively address a cyber event, reduce disruptions to your business operations, and ensure compliance with regulations.

What Is Security Posture?

In the ever-evolving digital landscape, an organization's security posture stands as a sentinel, guarding against cyber threats and vulnerabilities. But what exactly is a security posture, and why is it crucial for businesses today? This article delves deep into the heart of this matter, unraveling the concept and exploring the essential components that constitute a robust security posture.

Your Sender Policy Framework (SPF) Risk Exposure

The Sender Policy Framework (SPF) is an email authentication protocol that specifies email authorization through Domain Name System (DNS) records. When an email is sent through the Simple Mail Transfer Protocol (SMTP), there is no requirement for authorized messages, which means that spammers can forge your domain in their phishing attacks.

10 Frequently Asked Supplier Risk Management Questions

Supply chain attacks are increasing. According to KPMG, 73 percent of organizations have experienced at least one significant disruption from a third-party in the last three years. These findings underscore the imperative of implementing a supply chain risk management program. But as your vendor portfolio grows, assessing your vendors for cyber risk can seem daunting and raises many questions.