MITRE has publicly released the enhanced EMB3D Threat Model, a comprehensive framework for identifying, understanding, and mitigating threats to embedded devices used in critical infrastructure, industrial systems, IoT, automotive, and healthcare. A major advancement of this release is the inclusion of tiered mitigation guidance—categorized as Foundational, Intermediate, and … [Read more...] about MITRE releases enhanced EMB3D Threat Model
Cybersecurity-Risk Management
“Where Are We On Cyber?” – A Qualitative Study On Boards’ Cybersecurity Risk Decision Making
This qualitative study explored how cybersecurity risk is perceived and handled at the board level in some of the UK’s largest organizations. Through interviews with 18 C-level executives, CISOs, non-executive directors (NEDs), and consultants, researchers found that while cybersecurity is increasingly present on board agendas, it is commonly reduced to financial … [Read more...] about “Where Are We On Cyber?” – A Qualitative Study On Boards’ Cybersecurity Risk Decision Making
What is Continuous Threat Exposure Management?
As cyber threats become more sophisticated and attack surfaces expand, traditional periodic vulnerability scans and reactive responses no longer suffice. Continuous Threat Exposure Management (CTEM) and broader exposure management offer a unified, proactive strategy for identifying and reducing organizational risk in real time. Developed from Gartner’s CTEM framework, this … [Read more...] about What is Continuous Threat Exposure Management?
Deepfake Deception in Digital Identity
Deepfake deception has rapidly emerged as a critical cybersecurity and identity verification threat, with AI-generated content capable of replicating human likenesses to an alarming degree. Powered by machine learning models like GANs and autoencoders, deepfakes can convincingly mimic voices, faces, and gestures, enabling cybercriminals to deceive targets through manipulated … [Read more...] about Deepfake Deception in Digital Identity
Book Review: “NIST CSF 2.0: Your essential introduction to managing cybersecurity risks”
Andrew Pattison’s A Concise Introduction to the NIST CSF 2.0 delivers exactly what the title promises: a focused, readable guide to understanding and applying the new version of the National Institute of Standards and Technology’s Cybersecurity Framework. As digital threats grow more sophisticated and public expectations around data protection rise, the importance of scalable, … [Read more...] about Book Review: “NIST CSF 2.0: Your essential introduction to managing cybersecurity risks”
Which industry has the worst cybersecurity practices?
Across hundreds of Reddit comments from cybersecurity professionals, healthcare emerges as the most frequently cited industry with the worst cybersecurity practices. Stories range from hospitals storing patient data on unencrypted personal laptops to X-ray machines operated through unsecured remote access points. Many healthcare professionals—especially doctors—are described as … [Read more...] about Which industry has the worst cybersecurity practices?
A Complete Guide to Third-Party Risk Management
Third-party relationships are vital to business operations, but they also pose significant security risks. Outsourcing to vendors and other external entities exposes organizations to potential data breaches, with third-party vulnerabilities ranking among the top causes of security incidents. The 2022 IBM and Ponemon Institute report highlights that third-party software … [Read more...] about A Complete Guide to Third-Party Risk Management
How to Perform a Successful IT Risk Assessment
Conducting an IT risk assessment is essential for organizations facing increasing cyber threats, with cyberattacks occurring every 40 seconds and ransomware attacks rising rapidly. An IT risk assessment identifies vulnerabilities within an organization’s information systems, networks, and data, helping leaders understand potential financial and operational impacts. Such … [Read more...] about How to Perform a Successful IT Risk Assessment
OWASP Releases Updated 2025 Top 10 Risks for LLMs
The OWASP Foundation has released the 2025 edition of its Top 10 Risks for LLM Applications and Generative AI, addressing the changing threat landscape as organizations increasingly adopt generative AI technologies. This refreshed list provides updated insights into vulnerabilities across development, deployment, and management phases, helping developers and security … [Read more...] about OWASP Releases Updated 2025 Top 10 Risks for LLMs
How to create a third-party risk management policy
Developing an effective third-party risk management policy is essential for organizations seeking to mitigate risks from suppliers, vendors, and external partners. These risks include data breaches, operational failures, regulatory violations, and reputational harm. Leveraging NIST’s Cybersecurity Framework (CSF) offers a flexible and globally recognized approach to structuring … [Read more...] about How to create a third-party risk management policy
The Mechanics of Remote Template Injection Attack
Remote Template Injection is a sophisticated cyberattack method that exploits Microsoft Word’s ability to load templates from remote servers. Attackers embed a malicious template link in a Word document, enabling the execution of harmful macros without directly embedding them in the file. This allows the decoy document to bypass traditional security measures, including email … [Read more...] about The Mechanics of Remote Template Injection Attack
The Ultimate SaaS Security Admin Guide for 2025
SaaS security involves securing access to and using cloud-based applications to protect against unauthorized access, data breaches, and other cyber threats. It relies on the shared responsibility model, where cloud service providers ensure infrastructure security while customers manage data and application security. Critical elements include encryption, backups, multi-factor … [Read more...] about The Ultimate SaaS Security Admin Guide for 2025
CISA Releases National Cyber Incident Response Plan update
The NCIRP serves as a strategic national framework for addressing cyber incidents, focusing on coordination between public and private stakeholders under the guidance of Presidential Policy Directive 41 (PPD-41). It aims to enhance national preparedness by leveraging contributions from various entities and aligning their efforts during significant cyber incidents. This plan … [Read more...] about CISA Releases National Cyber Incident Response Plan update
What is Cyber Supply Chain Risk Management?
Cyber Supply Chain Risk Management (C-SCRM) identifies, assesses, and mitigates cybersecurity risks within an organization’s supply chain. By encompassing risks from procurement tools, third-party vendors, and developers, C-SCRM extends beyond traditional third-party risk management. Its lifecycle involves vendor vetting, assessing security postures during acquisition, … [Read more...] about What is Cyber Supply Chain Risk Management?
A Guide to Developing a Business or Retail Supply Chain Cybersecurity Risk Management Plan
Retail supply chains rely heavily on third-party suppliers, creating potential cybersecurity vulnerabilities that malicious actors can exploit. Risks are categorized into supplier, supply, and service risks, each requiring tailored strategies to mitigate threats. High-risk suppliers, such as those handling critical software or sensitive data, necessitate rigorous evaluation and … [Read more...] about A Guide to Developing a Business or Retail Supply Chain Cybersecurity Risk Management Plan
The Ultimate Guide to Vulnerability Management
Vulnerability management (VM) is a proactive approach to identifying, evaluating, and mitigating security vulnerabilities within an organization's systems. By continuously scanning and monitoring environments, VM helps minimize attack surfaces and protect critical assets. A risk-based approach, RBVM, enhances traditional methods by prioritizing vulnerabilities based on their … [Read more...] about The Ultimate Guide to Vulnerability Management
What is Risk Posture?
Risk posture is an organization’s approach to cybersecurity, encompassing its readiness to manage risks and vulnerabilities effectively. It involves identifying, evaluating, and mitigating threats while balancing acceptable risks with necessary controls. Regular assessments of risk posture allow organizations to align their strategies with their overall objectives, providing … [Read more...] about What is Risk Posture?
The Definitive Guide to SASE Security
SASE (Secure Access Service Edge) is a security framework designed to address the challenges of modern, distributed IT environments. It integrates network and security functions in the cloud, providing secure, efficient, and scalable access for users, applications, and data regardless of location or device. By moving beyond traditional perimeter-based security models, SASE … [Read more...] about The Definitive Guide to SASE Security
Threat Spotlight: Bad bots are evolving to become more ‘human’
While decreasing in overall traffic share, malicious bots have become more sophisticated and harder to detect. Advanced bots now constitute 49% of bot activity and often use complex techniques to bypass traditional security measures. These bots can mimic human interactions, evade detection with slow and deliberate actions, and target e-commerce and login systems for fraud and … [Read more...] about Threat Spotlight: Bad bots are evolving to become more ‘human’
DDN Releases Report on Digital, Cybersecurity, and Systemic Risk Governance for 2025
Boardroom governance is vital in overseeing digital, cybersecurity, and systemic risks to safeguard business value and drive investor returns. Effective oversight requires directors with in-depth expertise in data management, cybersecurity, and IT operations, as research has demonstrated the financial benefits of having at least three digitally savvy directors. Boards with such … [Read more...] about DDN Releases Report on Digital, Cybersecurity, and Systemic Risk Governance for 2025