Author: Owen Denby, General Counsel, SecurityScorecard On October 30, 2023, the SEC charged both SolarWinds and their CISO Tim Brown with defrauding investors, by failing to make disclosures about cybersecurity issues and vulnerabilities related to the massive nearly two-year long “SUNBURST” hack of the company.

As web applications continue to grow in complexity and sophistication, ensuring their security has become an increasingly daunting challenge. From emerging threats like API vulnerabilities and serverless architectures to well-known risks like cross-site scripting and SQL injection, organizations—regardless of size or industry—must be prepared to address a wide range of security concerns in order to keep their web applications safe and secure.

SecurityScorecard recently participated and presented in the World Economic Forum’s (WEF) Annual Meeting on Cybersecurity, which brought together 160 leaders on cybersecurity, including: global Chief Information Security Officers (CISOs); academic thought leaders, heads of cybersecurity from multiple countries and entities (the United Arab Emirates, Canada, Singapore, Luxembourg, the European Union, and Interpol); and the CEOs of several major companies.

In organizational risk management, Risk Tolerance and Risk Appetite are two fundamental concepts. These concepts are applied in areas such as business investing, decision making, cybersecurity risk management, and overall finance. While these concepts complement each other, they do have different meanings. A simple distinction is this: And there’s a bit more to it.

As the world of digital payments evolves rapidly, staying ahead in terms of security standards is paramount for any business handling cardholder data. The introduction of PCI DSS 4.0 brings significant updates and enhancements aimed at strengthening payment security and overall cybersecurity in an increasingly complex cyber landscape.

When you collect and store information in a logical manner, you have a database. In modern uses of the word, a database often refers to the database management system (DBMS), which is a computer program that manages digital data. You use a database management system to interact with your stored data, so it's critical to implement security features that protect the DBMS and any data involved.

It might be hard to remember, but around twenty years ago, Amazon was only known for one thing: selling books. But it’s grown up in the last two decades, encompassing multiple business verticals, and selling more than just books (especially convenient when you need garbage bags, a spatula, and holiday decorations all at the same time).

In late July, the US Securities and Exchange Commission (SEC) enacted a groundbreaking ruling for the cybersecurity industry. Amid an increasingly risky cyber landscape, the new Ruling S7-09-22 requires all registrants to disclose material cyber incidents within four days of detection and provide a detailed description of their cyber risk and governance management programs.

In the high-stakes world of cybersecurity, one of the most daunting challenges faced by CISOs is the task of persuading their organization to invest in security capability. But in an age of worker shortages, cost-cutting measures, and a surge in third-party cyber risk at the enterprise level, CISOs need to get this message across urgently.

Welcome to the Nucleus Product Update 3.9. As we approach Thanksgiving, we’d like to start by expressing our appreciation for you and the rest of the Nucleus family. Thank you for being a part of our community and contributing to our collective growth and success. We have so much to be thankful for this year, especially YOU! We hope you have a wonderful holiday celebrating all there is to be grateful for and enjoying a great meal with the people you love most.