The increasing prevalence and sophistication of cyberattacks, coupled with their significant financial ramifications, have pushed more organizations towards adopting cybersecurity insurance, as revealed by a survey conducted by Recast Software. The necessity for cyber insurance is recognized amid the challenges businesses face in meeting insurers' stringent requirements and … [Read more...] about Organizations are Embracing Cyber Insurance, But It’s Not Easy: Survey
Cybersecurity-Risk Management
I Stopped Using Passwords. It’s Great—and a Total Mess
The transition from traditional passwords to passkeys represents a significant shift in online security and convenience. The author shares their journey of dealing with cumbersome and numerous passwords, highlighting the common frustrations many face with password management. Introducing passkeys, which utilize public key cryptography to allow for more secure and … [Read more...] about I Stopped Using Passwords. It’s Great—and a Total Mess
Data Protection and Recovery: A Foundation to a Cyber Readiness Plan
The whitepaper on "Data Protection and Recovery: A Foundation to a Cyber Readiness Plan" emphasizes the growing sophistication of ransomware and malware attacks, which pose significant economic threats to businesses. The document highlights the need for a new approach to cybersecurity, particularly in protecting information management systems and data. It underscores the … [Read more...] about Data Protection and Recovery: A Foundation to a Cyber Readiness Plan
Key reasons third-party risk management programs fail
John P. Mello Jr.'s article discusses organizations' prevalent challenges in managing third-party cybersecurity risks and offers insights into developing an effective risk management program. According to a Gartner report, over 80% of organizations have encountered business disruptions due to third-party issues in the past two years, highlighting the importance yet difficulty … [Read more...] about Key reasons third-party risk management programs fail
Cybersecurity Risk Management: Frameworks, Plans, & Best Practices
This article by Mark Knowles discusses the complexities and challenges of managing cybersecurity risks in today's digital environment. The article acknowledges the increasing difficulty of maintaining secure and compliant architectures and systems. Cybersecurity consultant Dave Hatter highlights how digitizing business and personal information has amplified risks. The … [Read more...] about Cybersecurity Risk Management: Frameworks, Plans, & Best Practices
Security Assessment for an IoT-Based System
This article from QASource highlights the critical importance of security in the rapidly growing Internet of Things (IoT) market. With projections indicating significant growth in the IoT sector, the need for comprehensive security measures to protect data and services managed by IoT devices has become paramount. The article emphasizes the complexities of IoT architectures, … [Read more...] about Security Assessment for an IoT-Based System
IBM’s Cost of a Data Breach Report 2023 finds the average cost of a data breach at $4.45 million
IBM Security's 2023 Cost of a Data Breach Report provides critical insights for IT, risk management, and security leaders. The report analyzed data from 553 organizations across 16 countries and regions and 17 industries that experienced data breaches between March 2022 and March 2023. This year's report introduces new areas of exploration, including how breaches are … [Read more...] about IBM’s Cost of a Data Breach Report 2023 finds the average cost of a data breach at $4.45 million
“Lions and tigers and bears, oh my!” Global legal risks in cybersecurity investigations
This article by Brian Hengesbaugh delves into the complex global legal challenges companies face during cybersecurity investigations, particularly in the context of global ransomware and cyberattacks. Drawing an analogy to the fears expressed in "The Wizard of Oz," the article underscores how companies grapple with varied and sometimes conflicting legal obligations across … [Read more...] about “Lions and tigers and bears, oh my!” Global legal risks in cybersecurity investigations
The Complications of Cyber Risk Quantification
In this article, Maahnoor Siddiqui addresses the critical and complex nature of Cyber Risk Quantification (CRQ) in the current digital era. The author writes that CRQ is crucial for organizations striving to protect their digital assets. CRQ involves assigning a monetary value to potential losses from cybersecurity breaches, which extends beyond traditional risk assessment by … [Read more...] about The Complications of Cyber Risk Quantification
NIST Releases Phish Scale User Guide for Detecting Sinister Phishing Emails
The National Institute of Standards and Technology's (NIST) Human-Centered Cybersecurity program has released the NIST Phish Scale User Guide. This guide provides comprehensive instructions for applying the Phish Scale, a global method organizations use to assess the difficulty of detecting human phishing in emails. It's beneficial for implementers of phishing awareness … [Read more...] about NIST Releases Phish Scale User Guide for Detecting Sinister Phishing Emails
A Primer on Cyber Insurance and the Use of Models
The article traces the history and evolution of cybercrime, from the world's first alleged cybercrime in 1834, when attackers hacked the telegraph system in France, to the modern-day surge in cyberattacks since the 2010s. Despite the overshadowing of cyber risks by other global concerns in the 2022 World Economic Forum's annual risk tabulation, cyber threats remain a … [Read more...] about A Primer on Cyber Insurance and the Use of Models
How to Build and Maintain a Risk Register
A risk register is a vital tool for organizations, serving as an information repository to document the various risks they face and the measures taken to address them. The article emphasizes the increasing probability, severity, and innovation of cyber-attacks and the challenges many organizations face in integrating cybersecurity risk into their enterprise risk management … [Read more...] about How to Build and Maintain a Risk Register
What Is SIEM?
"Security Information and Event Management" (SIEM) is a security management approach that merges security information management (SIM) and security event management (SEM) into a single system. The primary objective of SIEM is to aggregate data from various sources, pinpoint changes from the norm, and pursue necessary actions, such as logging additional information or generating … [Read more...] about What Is SIEM?