If your organization is like many others, its cyber exposure continues to grow over time. During the pandemic, as attackers sought to exploit unprecedented changes in work environments, 35% of cyberattacks used previously unseen malware or methods, up from the norm of 20%. And with the average enterprise using well over 1,000 cloud services, it can be very difficult to get a handle on potential vulnerabilities or to know when risks will pop up.

Backdoor attacks are on the rise. In 2022, this relatively little known cyberattack vector overtook ransomware as the top action deployed by cybercriminals. According to the IBM Security X-Force Threat Intelligence Index 2023, nearly a quarter of cyber incidents involved backdoor attacks. But what is a backdoor attack and how can you protect your organization from becoming a victim? Let’s explore this stealthy threat.

The financial services sector is one of the highest performing in terms of cybersecurity. One factor that contributes to this performance is regulation. Laws such as FFIEC IT, the Gramm-Leach-Bliley Act, NYDFS, GDPR, and SOC2 have placed pressure on financial services companies to build and enforce some of the strongest cyber risk management programs across any industry. You should consider another factor, which is money.

On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) voted to adopt new cybersecurity requirements for publicly traded companies, creating new obligations for reporting “material” cybersecurity incidents and requiring more detailed disclosure of cybersecurity risk management, expertise, and governance. Companies will be required to disclose risks in their annual reports beginning on December 15, 2023.

The recent discovery of a critical vulnerability in the MOVEit file transfer software is the latest driver in a series of high-profile software supply chain incidents. On May 31st 2023, Progress – the developer of MOVEit – published an advisory alerting the community to a critical vulnerability in its MOVEit Transfer product. The vulnerability, now tracked as CVE-2023-34362, allows an attacker to gain access to MOVEit’s database to steal and/or alter the contents.

Today, Bitsight and Diligent launched an extension of our partnership focused on correlated, independent, and comparable cyber ratings from Bitsight within Diligent’s Board Reporting for IT Risk. Streamlined data collection and standardized dashboards enable CISOs to deliver clear and consistent insights to the board leveraging Bitsight and Diligent solutions.

Cybersecurity leaders are always working to make smarter investments to improve their programs. Not only do they look to reduce risk from the expanding attack surface and manage supply chain risk, they’re also juggling external pressures from regulators, insurers, and shareholders. As leaders look to technology solutions to help, many look at data analytics to reduce their organization’s risk, manage exposure, and improve overall program performance.

As your organization's attack surface expands—spanning across the cloud, remote locations, and interconnected digital supply chains—the potential for cyber risk exposure grows. Implementing a proactive cybersecurity exposure management program can enhance your understanding of your organization's cyber risk posture and facilitate informed decision-making about how to best allocate investments and resources.

Cyberattacks are on the rise. In 2022, there was a 38 percent increase in global attacks compared to the previous year—and security teams are struggling to keep up. It now takes an average of 277 days for teams to identify and contain a breach. With so many alerts being received by the Security Operations Centers (SOCs) each day, how do teams decide which issues to address first?

As cyber security threats proliferate, cyber risk conversations are no longer limited to the Security Operations Center (SOC); they command the attention of the C-suite and the boardroom. Ultimately, cyber-crime is a significant and prominent issue. The average cost of a data breach in the U.S. has soared to nearly $9.44 million this year. Since 2018, cyber insurance carriers report that incident-related claims increased by an astonishing 486%, the majority being ransomware-related.