Articles about risk

Without intending to be trite, there is a very important role that experience plays in the mitigation of risk. Experience comes into play when you are tasked with prioritizing risks. If you have zero experience in cybersecurity risk management, two critical vulnerabilities have equal weight and importance. But not all critical vulnerabilities can or will be weaponized and exploited. And not all critical vulnerabilities will result in a breach or security incident. This is the difference between a priori (independent from any experience) vs a posteriori (dependent on empirical evidence) vulnerability management.

To be effective at mitigating risk, we need to find ways to make intelligent use of experience in running infosec programs. We need to use not just our own experience, but also the experience of others. This is a form of collective resilience that is crucial to defending against nation states, organized crime and, like it or not, bored teenagers attacking and breaching companies just for the lulz like LAPSUS$. This piece aims to help identify some ways in which we can better prioritize our efforts.

Continue reading →

Transatlantic data flows underpin more than $7 trillion in cross-border trade and investment per year, according to the U.S. Department of Commerce. The recently announced EU-US Data Privacy Framework (TADPF), in place as of July 10 2023, is expected to further promote opportunity and economic fruitfulness on both sides of the Atlantic.

However, many are rightfully questioning the staying power of this latest version of the TADPF. Will it be third-time lucky or Groundhog Day all over again? Against this backdrop of uncertainty, many companies must evaluate their short- and long-term regulatory resilience.

Continue reading →

Attackers are always looking for routes that will offer them a way into organizations' networks. New research released today by Armis shows the devices that are most likely to pose a threat.

Interestingly the list includes various personal devices as well as business assets, suggesting attackers care more about their potential access to assets rather than the type and reinforcing the need for security teams to account for all physical and virtual assets as part of their security strategy.

Continue reading →

Businesses are struggling to understand their cyber risks, with 66 percent of respondents to a new survey indicating that they have limited visibility and insight into their cyber risk profiles.

The survey, conducted by Censuswide for Critical Start, shows 67 percent of organizations have experienced a breach requiring attention within the last two years despite having traditional threat-based security measures in place.

Continue reading →

There tends to be some confusion about where cyber risk ends and where IT risk starts and the terms are often used interchangeably.

We spoke to Gary Lynam, head of ERM advisory at risk management specialist Protecht, to find out more about understanding and managing the different types of risk that enterprises face.

Continue reading →

Businesses are engaged in a constant cat-and-mouse game with hackers, attackers, and bad actors in order to stay secure.

Dominic Lombardi, VP of security and trust at Kandji believes that in order to stay ahead it's necessary to master basic IT and security hygiene, update and communicate your risk register, and work steadily toward a zero-trust security model. We spoke to him to discover more.

Continue reading →

Most businesses will complete regular risk assessments as standard practice. They’re crucial to reducing the threat of financial or reputational loss and give you an overview of the high-risk areas you must address.

One type of risk analysis that is critical but sometimes overlooked is a cybersecurity risk assessment. In today’s digital-first world, it’s difficult to overstate the importance of analyzing and addressing threats to your IT security. Making it a regular occurrence is also advised because cybercriminals are finding new holes in your defenses every day.

To address these threats, full and frequent cybersecurity audits are necessary to review:

Continue reading →