Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

August 2022

Should You Worry About Ransomware Attacks?

Over $800,000 - that’s the cost of the average ransomware payout last year. 66% of mid-sized organizations and about 37% of global organizations got hit. (Sources cited below) Attackers have developed new techniques that a lot of companies aren’t aware of or prepared for. For example, the demand for ransomware as a service has hugely increased, resulting in many more organizations being hacked every day.

CISOs Need to Speak the Language of Board Members

"I understand the pitfalls of cyber security, but my boss just won't support me with the budget I need.” Does this sound familiar to you as a CISO? I have 3 pieces of advice for you: Speak their language I like to say that CISOs are from Mars, while CEOs and board members are from Venus. It’s because they don't speak the same language. You might go to your board and say, “I installed Akamai Prolexic.1.4.4.3.1./24 subnet to mitigate an SYN flood attack.”

Managing Work-Life Balance as a Founder

Here are 3 tips for founders and CEOs to have a work-life balance: As a founder/CEO, there are always 500 more things you could do at the end of the day, the next day, and the day thereafter. So you’ve to ask questions like:“What can I do that will deliver 10x results?”“What can I do to move the needle the most?”“What areas will the results be the same unless I get involved?” Before each day starts, I ask myself, “What are the top few things I need to accomplish?”

4 Ways Using SecurityScorecard Can Help You Monitor Vendor Risk

According to a Gartner report, 60 percent of organizations work with more than 1,000 third parties that connect to their internal systems, and nearly 58 percent of organizations believe they have incurred a vendor-related breach. Many third parties require more access to organization data assets and are increasingly working with their own third parties, further multiplying the size and complexity of the third-party network.

Assessing Cybersecurity in M&A Diligence

Here’s why you should check a company’s overall cyber security health before acquiring it: You could be doing a great job protecting your company. But then, if you merge with a business with holes and attackers are already inside it, their problem becomes your problem. So you need to build a rigorous methodology and a playbook to assess the security of your target during the M&A diligence. Here’s how you can do it.

Don't Hack the Computer - Hack the Person! Recently Observed Social Engineering Attacks

When most people think about the origin of a cyberattack, the image is that of a hacker using some kind of exploit against software or hardware in order to gain unauthorized access to systems. The hacker is seeking data to exfiltrate and monetize, either through re-sale on the darknet or extortion through ransomware.

Vulnerability Scans Are a Must but Not Enough

Vulnerability scans test for different misconfigurations and report the vulnerabilities. But they have 2 big drawbacks: You need to get consent from a company before you do a vulnerability scan on them. You may get a very rigorous readout from a vulnerability scan. But then a sleep-deprived IT administrator misconfigured the system, making your report irrelevant. On the other hand, security ratings don’t need anybody’s consent and provide continuous, real-time monitoring.

Federal and Local Government Agencies Continue to Use Section 889 Prohibited Products

Section 889 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2019 prohibits the procurement or use of Huawei, ZTE, Hytera, Hikvision, or Dahua telecommunication and video surveillance products and services by federal agencies, government contractors, and the recipients of any federal grants or loans (this latter category includes many state and local governments).

SecurityScorecard Is One of Only Five Organizations to Partner with the Institute for Security and Technology's Ransomware Task Force to Create the Blueprint for Ransomware Defense

On August 4, the Institute for Security and Technology’s (IST) Ransomware Task Force (RTF) announced the release of its Blueprint for Ransomware Defense - a clear, actionable framework for ransomware mitigation, response, and recovery aimed at helping organizations navigate the growing frequency of attacks.

Looking for a Digital Forensics Expert Witness? Guidelines and Procedures for Testimony

In 2022, a lot of crime involves a digital element. The digital element can be anything from text messages to complex cyber attacks on organizational networks. If you're prosecuting, a digital forensics expert can help you build a stronger case by gathering and documenting evidence and testifying in court on their findings.

Was the Explosion at Freeport LNG a Result of a Russian Cyber Attack?

On June 8, an explosion took place at Freeport LNG’s liquefied natural gas (LNG) export facility in Quintana, Texas. The company later explained that the explosion resulted from a rupture in an over-pressurized pipeline, but did not comment as to how the pressure built up enough to cause such a rupture. In the wake of the explosion, Freeport reported that the outage resulting from it would persist until September, after which the facility would only resume partial operations.