Articles about risk

New analysis from MixMode.ai reveals the countries with the highest and lowest risk for cyber threats worldwide in 2024, with the US ranking 9th overall among countries with the lowest risk.

The analysis is based on a comprehensive dataset encompassing various indices, including the National Cyber Security Index, Cybersecurity Exposure Index, Global Cybersecurity Index, Cyber Resilience Index, and the Final Cyber Safety Score to give each of 70 countries a score out of 100.

Continue reading →

A new report finds that 85 percent of executives surveyed believe computing innovation is
increasing risk.

The report from LevelBlue also shows 74 percent think the opportunity of computing innovation outweighs the corresponding increase in cybersecurity risk -- making cyber resilience nearly impossible to achieve.

Continue reading →

Security vulnerabilities often lurk undetected within organizations, a consequence of gaps in traditional security assessments. These gaps can arise from missed systems during scans or the use of improper scanning techniques or technologies for specific systems.

To effectively manage risk, organizations need a comprehensive understanding of their security posture across the entire technology stack. This is where continuous risk assessment comes in -- it provides enhanced visibility, pinpointing vulnerabilities that periodic audits might miss and highlighting the limitations of traditional methods.

Continue reading →

Human factors, including lack of awareness, training and inconsistent policy adherence, are getting in the way of cybersecurity for smaller businesses.

A new survey of more than 600 business and IT security managers conducted by LastPass and survey research firm InnovateMR shows that cyberattacks targeting smaller organizations have increased significantly in recent years, as cyber criminals have learned these organizations are relatively easy targets.

Continue reading →

The critical national infrastructure that underpins the UK has undergone a tremendous amount of digital transformation in recent years. Areas like water treatment, energy and food production are still heavily reliant on operational technology (OT) systems that were often designed and implemented long before the digital revolution.

Digitizing these systems and connecting them to standard IT networks has allowed operators to boost efficiency and bring in practices like remote working and data collection that weren’t possible in an analogue environment.

Continue reading →

A new study from Barracuda Networks finds just 43 percent of organizations surveyed have confidence in their ability to address cyber risk, vulnerabilities, and attacks.

The findings also show that many organizations find it hard to implement company-wide security policies such as authentication measures and access controls. 49 percent of the smaller to mid-sized companies surveyed listed this as one of their top two governance challenges.

Continue reading →

In today's digital landscape, where data is omnipresent across various platforms and devices, maintaining efficient backup processes has become increasingly critical. Yet, despite the inherent risks, a surprising number of organizations continue to deploy their infrastructure without adequate backup measures in place.

According to a poll conducted among IT professionals, only a mere 25 percent of them adhere to industry best practices concerning data backup, creating potentially dangerous data gaps in production and employee risk management. Initially enticed by the allure of cost-saving, many companies overlook the necessity of investing in backup solutions, only to face dire consequences in the long run.

Continue reading →

According to a new study, 89 percent of cybersecurity professionals agree that their company's sensitive data is increasingly vulnerable to new AI technologies.

The study of 700 respondents across cybersecurity roles, conducted by Vanson Bourne for Code42, also finds that 87 percent are concerned their employees may inadvertently expose sensitive data to competitors by inputting it into GenAI. In addition 87 percent are concerned their employees are not following their GenAI policy.

Continue reading →

An overwhelming majority of global organizations admit they are ill-prepared to handle the steady increase in insider threat activity, according to new research conducted by Cybersecurity Insiders and announced today by Securonix.

While 76 percent of organizations have detected increased insider threat activity over the past five years, less than 30 percent believe they are equipped with the right tools to handle them.

Continue reading →

Today’s complicated threat landscape leaves security teams grappling with new challenges on a scale never seen. Threat actors are more organized and efficient, leveraging a vast ecosystem of tools and services that cater to experts and beginners alike. In early March, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory warning of the resurgence of Royal ransomware with new compromise and encryption tactics used to target specific industries, including critical infrastructure, healthcare and education.

Cyberattacks are only increasing and growing more destructive, targeting supply chains, third-party software, and operational technology (OT). Gartner predicts that by 2025, threat actors will weaponize OT environments successfully to cause human casualties. This is happening at a time of increased technology adoption led by accelerated digital transformation efforts, hybrid work and the Industrial Internet of Things (IoT) boom, leaving security teams to manage an evolving and growing attack surface and multiplying vulnerabilities.

Continue reading →

Without intending to be trite, there is a very important role that experience plays in the mitigation of risk. Experience comes into play when you are tasked with prioritizing risks. If you have zero experience in cybersecurity risk management, two critical vulnerabilities have equal weight and importance. But not all critical vulnerabilities can or will be weaponized and exploited. And not all critical vulnerabilities will result in a breach or security incident. This is the difference between a priori (independent from any experience) vs a posteriori (dependent on empirical evidence) vulnerability management.

To be effective at mitigating risk, we need to find ways to make intelligent use of experience in running infosec programs. We need to use not just our own experience, but also the experience of others. This is a form of collective resilience that is crucial to defending against nation states, organized crime and, like it or not, bored teenagers attacking and breaching companies just for the lulz like LAPSUS$. This piece aims to help identify some ways in which we can better prioritize our efforts.

Continue reading →

Transatlantic data flows underpin more than $7 trillion in cross-border trade and investment per year, according to the U.S. Department of Commerce. The recently announced EU-US Data Privacy Framework (TADPF), in place as of July 10 2023, is expected to further promote opportunity and economic fruitfulness on both sides of the Atlantic.

However, many are rightfully questioning the staying power of this latest version of the TADPF. Will it be third-time lucky or Groundhog Day all over again? Against this backdrop of uncertainty, many companies must evaluate their short- and long-term regulatory resilience.

Continue reading →

Attackers are always looking for routes that will offer them a way into organizations' networks. New research released today by Armis shows the devices that are most likely to pose a threat.

Interestingly the list includes various personal devices as well as business assets, suggesting attackers care more about their potential access to assets rather than the type and reinforcing the need for security teams to account for all physical and virtual assets as part of their security strategy.

Continue reading →

Businesses are struggling to understand their cyber risks, with 66 percent of respondents to a new survey indicating that they have limited visibility and insight into their cyber risk profiles.

The survey, conducted by Censuswide for Critical Start, shows 67 percent of organizations have experienced a breach requiring attention within the last two years despite having traditional threat-based security measures in place.

Continue reading →

There tends to be some confusion about where cyber risk ends and where IT risk starts and the terms are often used interchangeably.

We spoke to Gary Lynam, head of ERM advisory at risk management specialist Protecht, to find out more about understanding and managing the different types of risk that enterprises face.

Continue reading →