Last week, SecurityScorecard was invited back to participate in the World Economic Forum’s Annual Meeting in Davos, Switzerland. It was a tremendous honor and, once again, we were the only security ratings company present (and one of the few cybersecurity companies). Our team spent the week with a dynamic mix of tech innovators, thought leaders, and heads of state, discussing some of the world’s most pressing political, societal, and economic challenges.

I’ll be honest – the last time someone asked me to assess my behavior was in therapy. Difficult? Yes. Who likes to audit themselves? But that process taught me something valuable: evaluating ourselves, even when uncomfortable, propels us forward. In my many conversations with security professionals, one common theme emerges. We need continuous progress forward as security organizations for the business.

Public cloud infrastructure is, by now, the default approach to both spinning up a new venture from scratch and rapidly scaling your business. From a security perspective, this is a brand new (well, by now more than a decade old) attack surface. “Attack surface” is a commonly used term that denotes the aggregate of your exploitable IT estate, or all of the different pathways a hacker might be able to use to gain access to your systems, steal your data, or otherwise harm your business.

In a new SEC disclosure, Hewlett Packard Enterprise (HPE) announced on Wednesday that it fell prey to the same Russian intelligence group, known as Midnight Blizzard or Cozy Bear, that recently breached Microsoft's email system. This disclosure comes just a week after Microsoft reported a similar intrusion, putting the spotlight back on this notorious hacking group.

What keeps CISOs up at night? The extended, often unsecured, ever-changing attack surface of critical supply chain vendors providing an unmonitored pathway into their enterprise. Emerging zero-day vulnerabilities, like MOVEit and SolarWinds, are time-sensitive issues that require immediate attention by security teams that are often over-burdened with securing the local enterprise.

Generative AI and large language models (LLMs) are revolutionizing natural language processing (NLP), offering enhanced conversational AI experiences for customer service and boosting productivity. To meet enterprise needs, it’s important to ensure the responses that are generated are accurate as well as respect the permissions model associated with the underlying content.

The surge in Ransomware-as-a-Service affiliates is likely the reason behind the dramatic increase in the number of victimized organizations, with all indicators suggesting that this trend will persist into 2024. I love it when vendors put out a yearly summary, and do it in the first month of the next year! The data is relevant and helps paint a picture of what the industry should expect in the near future. In Cyberint’s 2023 Ransomware Recap report, we find that ransomware had quite the year.

Users are becoming increasingly aware of where and how their information is shared, and their concerns regarding the need to keep that data private are growing in turn. Digitalization, rising daily averages for time spent on the Internet and connected devices, along with the ongoing proliferation of cyberattacks, have made individuals more cautious than ever when it comes to providing information online – and rightfully so.

We’re excited to announce that Riscosity has successfully completed its SOC 2 Type II audit. This is a big effort for any organization, and it shows our commitment to protecting our customers’ sensitive data.

Technology is a crucial part of today’s healthcare and pharmaceutical industries. Advances in medical devices, data use, and interconnected systems have significantly improved patient care, reduced costs, and increased efficiency. However, as the sector’s reliance on technology grows, so does the risk of cyberattacks.