Why CISOs Should Pay Attention to Daily Threat Intelligence Feeds
Determining the ROI of your security stack can often be a challenge, so it may come down to staying one step ahead of your competition, minimizing the “blast radius” in the event of a breach which ultimately reduces the financial impact to the organization, or simply providing enough layers of security that the threat actor […]
Beyond Red, Yellow, Green: The Evolution of Cybersecurity Risk Measurement
Introduction For years, companies have relied on qualitative methods, if any, to measure cybersecurity risk within their organizations. These methods often involved subjective red, yellow, and green 5×5 matrices or semi-quantitative ranges like 1-5. While these tools provided a basic framework, they often left executive leadership with more questions than answers. This was particularly problematic […]
Top 5 Threat Actor Groups and Their Modus Operandi
Everyone reading this blog should be familiar with the most notorious and sophisticated cybercrime gang in history, LockBit, targeting over 2,000 victims, receiving over $120 million in ransom payments with other ransom demands totaling hundreds of millions. You may also be aware that on February 20, 2024, the Department of Justice announced that in a […]
NIST CSF 2.0 – Why the Addition of GOVERN is Critical to Addressing Today’s Cybersecurity Risk
Executives Take Notice In recent years it has become quite evident that a cyberattack can rear its ugly head at any time, affecting organizations of all sizes. It has been said that 60% of small to mid-sized businesses will fail within 6 months if certain risks are ignored. This should most certainly be an executive-level […]
Cybersecurity Incident Response Programs: Are They Really That Important?
Have you truly considered what it would take to minimize the impact on your organization following a cyberattack? You’ve probably heard the phrase, “it’s not a matter of if, but when.” After hearing that phrase, you may have thought to yourself, “I’m too small for a hacker to care about me,” or “I have impenetrable […]
Cybersecurity Risk is a Business Problem
Risk Consider the fact that we, as humans, assess risk daily. We assess risk before walking across the street, catching a train, driving our car, or even eating spicy foods, so why have we been reluctant to consider cybersecurity risk assessments as the foundational approach to security and assurance? Organizational Risk Let us first discuss […]
The Modern CISO: From Data Closet to Boardroom
In the short span of twenty years, companies of all sizes have experienced rapid transformation in the way they receive, process, store, and transmit data of all types. The most heavily impacted data sets have been personal health information (PHI), financial data, and personally identifiable information (PII). The CISO and security practitioners’ job is, and […]
October: National Cybersecurity Awareness Month
Cybersecurity Awareness Month is a collaboration between government and private industry to raise awareness about cybersecurity and empower everyone to protect their data from digital forms of crime. In the spirit of Cybersecurity Awareness Month, we thought we’d share 10 simple tips we all can use to protect ourselves from security risks while at work. […]