Articles about cyber risk

Most businesses will complete regular risk assessments as standard practice. They’re crucial to reducing the threat of financial or reputational loss and give you an overview of the high-risk areas you must address.

One type of risk analysis that is critical but sometimes overlooked is a cybersecurity risk assessment. In today’s digital-first world, it’s difficult to overstate the importance of analyzing and addressing threats to your IT security. Making it a regular occurrence is also advised because cybercriminals are finding new holes in your defenses every day.

To address these threats, full and frequent cybersecurity audits are necessary to review:

Continue reading →

New research reveals that a small volume of security exposures can put more than 90 percent of an organization's critical assets at risk of compromise.

The analysis of more than 60 million exposures in over 10 million entities from XMCyber, in collaboration with the Cyentia Institute, finds just two percent of security exposures can actually lead to critical assets and most exposures (75 percent) along attack paths lead to 'dead ends'.

Continue reading →

The current economic downturn has meant significant budget cuts for many enterprises. But cyberthreats continue to escalate and businesses need to take them seriously.

This means that more than ever CISOs must prove the value of their cybersecurity programs to senior management. But how can they do this effectively? We spoke with Tim Erlin, VP of product innovation at SecurityScorecard to find out.

Continue reading →

We know that not many consumers actually care about the metaverse, but that hasn't stopped tech giants investing heavily in preparing for it.

A new report from Tenable, based on a study of 1,500 professionals representing roles in cybersecurity, DevOps and IT engineering, shows 68 percent of respondents plan to do business in the metaverse within the next three years, with 23 percent having already begun initiatives in the past six months.

Continue reading →

A successful cyberattack can have significant costs for a business, in terms of both reputation and finances. But what's the actual cost of an attack? And if you're looking at insurance how much should you be covered for?

To help answer those questions Safe Security is announcing two industry-first assessment tools to empower organizations to make financial decisions based on their actual cyber risk.

Continue reading →

Risk-based strategies are most successful in preventing security breaches, according to a new study from Skybox Security.

Of companies taking a risk-based approach 48 percent suffered no breaches, 50 percent were top performers in time to mitigate issues, and 46 percent top performers in response time.

Continue reading →

Continuing global supply chain disruption caused by the pandemic and the war in Ukraine is putting enterprises at increased risk from things like ransomware attacks, according to new research from Citrix.

The survey of 200 UK IT decision makers carried out by OnePoll finds 80 percent of security leaders believe that supply chain issues or delays have put their organization at increased risk from ransomware -- for example, by being unable to replace unsupported hardware.

Continue reading →

Cybersecurity is one of the most pressing issues for businesses. For the first time, it has been identified by security professionals as the single biggest risk to an organization. Cybersecurity risks come in many forms but, while businesses need to protect against all threats, some are more urgent than others.

Prioritizing the levels of risk associated with cybersecurity incidents will help you protect your business from the most pressing threats first. For example, if you have an unsupported operating system (OS) on your PCs, they are very likely to get breached, whereas your up-to-date systems pose less risk. But how do you determine the biggest risks in your business? Read on to find out how.

Continue reading →

Risk professionals work with uncertainty every day. They need to identify and prioritize which risks to address now versus later, consider many moving parts and rely on judgment and data to make informed decisions.

But how do they communicate those risks to stakeholders? Using "low, medium or high" classifications doesn’t always express the consideration risk requires -- especially since those terms don’t mean the same thing to everyone. If you told key stakeholders "there’s a possibility of rain tomorrow" before a company barbecue, how would they know whether to reschedule or put a few tents up? Is "possibility" enough information to make that decision, especially since not everyone equates possibility with the same level of probability? 

Continue reading →

The saying "too many cooks spoils the broth" could well be true in the case of how we currently approach vulnerability management (VM). The process around vulnerabilities has become increasingly complex, with high levels of pressure to ensure that it is done right.

Vulnerabilities have long been one of the most prominent attack vectors, yet so many are left unpatched by organizations of every size and across every vertical -- the root of catastrophic issues. The Ponemon Institute conducted a recent study that found almost half of respondents (48 percent) reported that their organizations had one or more data breaches in the past two years. In addition, the discovery of high-risk vulns in 2020 alone, has drastically increased by 65 percent -- ultimately alluding to the fact that breaches could potentially become increasingly impactful. The longer a vulnerability remains present, the higher the chance that it will be exploited by bad actors.

Continue reading →

As businesses rely more on the cloud and virtual infrastructure, so the potential for both configuration errors and cyberattacks increases.

The pandemic has only made the problem worse and in many cases led to a loosening of security policy. What do organizations need to do to address the issue and protect their systems? We spoke to Tal Morgenstern, Vulcan Cyber CPO and co-founder, to find out.

Continue reading →

Nearly a quarter (24 percent) of office workers have experienced a data breach, yet 12 percent say nothing will make them take cyber security more seriously, and a third won't take extra precautions.

A survey of over 2,000 UK office staff from BlueFort Security finds 34 percent believe cybersecurity awareness is the biggest issue when it comes to hybrid working, and 33 percent cite personal use of company devices as another significant risk.

Continue reading →

Organizations are prioritizing strategic security programs but are missing the capabilities they need to make meaningful changes to their security posture according to a new report.

The study by ReliaQuest, in partnership with Ponemon Research shows that 48 percent of organizations are prioritizing implementing zero trust principles as part of their security strategy.

Continue reading →

Cyberattacks continue to be a problem for businesses and it's no surprise that cyber insurers are tightening up their requirements for policyholders to obtain new cover or to renew their existing cyber policies.

But in the past cybersecurity and cyber insurance have tended to operate in silos with insufficient coordination, leading to a misalignment between the cyber threats faced by an organization and the security measures needed to prevent them.

Continue reading →

After a slump during the pandemic, vulnerability disclosures are once again showing growth according to the latest Vulnerability QuickView Report from Risk Based Security's VulnDB team.

The report shows 12,723 vulnerabilities disclosed during the first half of 2021 and the vulnerability disclosure landscape saw a growth of 2.8 percent compared to the same period in 2020.

Continue reading →