Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

January 2025

SecurityScorecard

Implementing Non-Repudiation in Your Security Strategy: Best Practices and Techniques

Jan 24, 2025 By SecurityScorecard In SecurityScorecard
In the realm of cybersecurity, ensuring the authenticity and integrity of transactions or communications is paramount. Non-repudiation, a principle that prevents individuals or entities from denying their actions, is a cornerstone of this assurance. This blog post delves into the best practices and techniques for integrating non-repudiation into your security strategy, safeguarding your digital interactions against disputes and fraud.
Read Post
kovrr

Harnessing Cyber Risk Modeling to Navigate Modern Business Threats

Jan 23, 2025 By Kovrr In Kovrr
‍Embracing cyber risk management during a time in which the average cost of a data breach nearly surpasses $5 million is not merely a strategic option; it’s an absolute imperative. ‍ This calculated move, however, is not as straightforward as deploying an end-point detection solution, for example, or conducting monthly cybersecurity awareness sessions.
Read Post
riscosity

Salt Typhoon, The Shadow in the Digital Storm

Jan 23, 2025 By Anirban Banerjee In Riscosity
Salt Typhoon is suspected to be an Advanced Persistent Threat (APT) group. Their origins are linked to state-sponsored entities in Asia, leveraging their technical expertise to breach some of the world’s most critical telecom infrastructure. Unlike ransomware groups that aim for monetary gain, Salt Typhoon’s primary objective is espionage, focusing on data theft and surveillance.
Read Post
bitsight

Instant Insights for SOC 2 Reporting: Using AI to Streamline Vendor Assessments

Jan 22, 2025 By Greg Keshian In BitSight
With technology supply chain risks at an all-time high, many governance, risk, and compliance (GRC) teams conduct formal risk assessments as part of their new vendor selection and onboarding processes. Audit-based reporting frameworks like SOC 2 are invaluable to these efforts, as they provide a consistent way to benchmark prospective vendors’ customer data management practices.
Read Post
riscosity

Why CASB Solutions Are Unsuitable for Detecting AI Usage in Organizations

Jan 22, 2025 By Anirban Banerjee In Riscosity
Cloud Access Security Brokers (CASBs) are essential tools for many enterprises, acting as intermediaries between users and cloud services to provide visibility, enforce security policies, and ensure compliance. While CASBs excel at managing traditional SaaS (Software-as-a-Service) applications, they fall short when it comes to detecting and managing the use of AI tools within an organization.
Read Post
nucleus

Stop Demonizing CVSS: Fix the Real Problem

Jan 22, 2025 By Scott Kuffer In Nucleus
If you read the newest risk-based vulnerability management literature, it appears we have a new favorite punching bag: the Common Vulnerability Scoring System (CVSS). You seemingly can’t throw a rock into the “vuln-o-sphere” without hitting someone dunking on CVSS or the National Vulnerability Database (NVD). The argument goes something like this: “Exploitation rates are up, ransomware is surging, and vulnerabilities are multiplying like rabbits.
Read Post
bitsight

Shaping our 2025 Data Engine Priorities: Industry Evolution and Customer Feedback

Jan 21, 2025 By Brian Mulligan In BitSight
The effectiveness of external attack surface management (EASM) and third-party risk management (TPRM) capabilities hinges on the depth, breadth, and timeliness of the underlying data they are based on. For this reason, Bitsight makes a significant ongoing investment in: The introduction of Bitsight’s next-generation data engine enabled many improvements to our capabilities across all of these areas throughout 2024.
Read Post
Pentest People

Information Security Risk Management: A Comprehensive Guide to Protecting Your Data

Jan 21, 2025 By Kate Watson In Pentest People
In an age where data breaches make headlines almost daily, safeguarding sensitive information has never been more crucial. The rapid advancement of technology has made our personal and professional data vulnerable, raising the stakes for effective security measures. Information Security Risk Management (ISRM) emerges as a necessary framework to defend against these escalating threats.
Read Post
trustcloud

Ahead of the curve: Proactively managing third-party risks

Jan 18, 2025 By Tejas Ranade In TrustCloud
According to a Gartner report, 60% of organizations will rely on third-party vendors for more than half of their critical business operations by 2025. However, Gartner also warns that third-party risk events – such as data breaches or compliance violations – will increase by 30% in the same timeframe. As a technology leader, these figures resonate deeply with the challenges I see organizations facing daily.
Read Post
SecurityScorecard

What is the Threat Landscape?

Jan 17, 2025 By SecurityScorecard In SecurityScorecard
The threat landscape refers to the evolving environment of cyber threats, attack methods, and attack vectors targeting organizations, governments, and individuals. Shaped by threat actors like hackers, nation-states, and criminal groups, it has grown increasingly complex with the rise of cloud computing, IoT devices, and interconnected supply chains. These changes have expanded attack surfaces, offering adversaries more opportunities to exploit vulnerabilities.
Read Post
cultureai

The Growing Risk of Insider Threats in Cyber Security

Jan 16, 2025 By The CultureAI Team In CultureAI
Cyber security threats are increasingly complex, and while external attacks like phishing and malware often take centre stage, insider threats are emerging as a significant concern. Insider threats are risks originating from within an organisation, which pose unique challenges. They exploit an insider’s knowledge of systems, processes, and vulnerabilities, making detection and prevention particularly challenging.
Read Post
obrela

New cybersecurity threat-focused reports from ENISA

Jan 15, 2025 By Obrela In Obrela
The latest ENISA reports help inform about threat response and a more effective, risk-based approach to cybersecurity In December 2024, the European Union Agency for Cybersecurity (ENISA) released its first-ever report on the state of cybersecurity in the Union. The report, which was prepared in accordance with Article 18 of the NIS2 Directive, is a comprehensive, evidence-based overview of the cybersecurity ecosystem across EU Member States.
Read Post
SecurityScorecard

Operation 99: North Korea's Cyber Assault on Software Developers

Jan 15, 2025 By SecurityScorecard In SecurityScorecard
On January 9, the SecurityScorecard STRIKE team uncovered Operation 99, a cyberattack by the Lazarus Group, North Korea’s state-sponsored hacking unit. This campaign targets software developers looking for freelance Web3 and cryptocurrency work. If you thought fake job offers from the group’s Operation Dream Job campaign were bad, this latest move is a masterclass in deception, sophistication, and malicious intent. Here’s why Operation 99 demands your attention.
Read Post
upguard

Mitel MiCollab Vulnerabilities: CVE-2024-35286 and CVE-2024-41713

Jan 15, 2025 By UpGuard Team In UpGuard
Mitel’s MiCollab Unified Communications solutions are widely used by businesses to streamline communications. However, two critical vulnerabilities, CVE-2024-35286 and CVE-2024-41713, have been identified across several versions of Mitel MiCollab. CVE-2024-35286 has been identified in versions 9.8.0.33 and earlier and CVE-2024-41713 has been identified in versions 9.8 SP1 FP2 (9.8.1.201) and earlier.
Read Post
SecurityScorecard

Assembling the Dream Team: Building a High-Performing Supply Chain Incident Response Team

Jan 15, 2025 By SecurityScorecard In SecurityScorecard
Organizations are increasingly reliant on third-party vendors. While this enables agility and innovation, it also introduces significant security risks. Cyberattacks originating from the supply chain are on the rise, underscoring the critical need for robust security measures. This article explores the key elements of building a high-performing supply chain incident response team to effectively mitigate and respond to these threats.
Read Post
tanium

Is Your Organization Prepared for Tomorrow's Risks? Announcing Tanium Integrated Risk Management for ServiceNow

Jan 15, 2025 By Tanium In Tanium
As IT infrastructures grow more complex and cyber threats escalate, CIOs are searching for a powerful new solution for risk and compliance. Tanium Integrated Risk Management (IRM) for ServiceNow addresses these challenges with an integrated platform that transforms visibility, control, and remediation with real-time, unified data for IT, security, and risk teams.
Read Post
riscosity

Understanding ROPA: Who, What, Why?

Jan 14, 2025 By Anirban Banerjee In Riscosity
ROPA is primarily utilized by organizations subject to data protection regulations. While it is a legal requirement for businesses of all sizes handling personal data, it is especially critical for large enterprises that process substantial volumes of data or sensitive information. Compliance officers, data protection officers (DPOs), legal teams, and IT departments often rely on ROPA to demonstrate compliance to regulators during audits or investigations.
Read Post
SecurityScorecard

Securing Your Financial Ecosystem: A Guide to Managed Services for Supply Chain Detection and Response

Jan 10, 2025 By SecurityScorecard In SecurityScorecard
A single breach can have devastating consequences in the highly regulated financial services industry. From reputational damage and customer loss to severe financial penalties, safeguarding your entire ecosystem is paramount. This blog explores the critical role of Managed Services for Supply Chain Detection and Response (SCDR) in securing your financial services organization.
Read Post
bitsight

General Data Protection Regulation (GDPR) Compliance: An Advanced Guide

Jan 10, 2025 By Sabrina Pagnotta In BitSight
The General Data Protection Regulation (GDPR) is a pivotal framework that governs data protection and privacy for individuals within the European Union (EU). Its implications are far-reaching, affecting organizations worldwide that handle EU citizens' data. Understanding and achieving GDPR compliance is essential to avoid substantial penalties and to maintain trust with customers.
Read Post
netskope

Opportunities & Risks for Digital-first Leaders in Business-led IT

Jan 10, 2025 By Joe Topinka In Netskope
In the digital era, the ability to adopt and integrate technology quickly has become a key driver of business success. Technology decisions are increasingly being made outside IT organizations as cloud-based tools, SaaS platforms, and low-code/no-code solutions become more accessible. Known as business-led IT, this trend democratizes technology, empowering business leaders to innovate independently.
Read Post
riscosity

The HIPAA to HISAA transformation

Jan 9, 2025 By Anirban Banerjee In Riscosity
The healthcare industry stands at the cusp of a major transformation with the introduction of the Healthcare Information Security Accountability Act (HISAA), a progressive regulatory framework set to replace the decades-old Health Insurance Portability and Accountability Act (HIPAA). HISAA is designed to address the evolving complexities of healthcare data management, emphasizing real-time data governance, proactive monitoring, and stricter controls over third-party data exchanges.
Read Post
obrela

The Future of Cybersecurity: Insights and Predictions for 2025

Jan 8, 2025 By Notis Iliopoulos In Obrela
2024 marked a transformative shift in cybersecurity with AI and data driven cyber security leading the change. As the threat landscape evolves, the stage is set for further advancements in continuous risk management, threat monitoring, resilience, and governance in 2025, shaping a more secure and dynamic digital landscape where cybersecurity is becoming a catalyst for business success and compliance.
Read Post

How to build a cyber risk program that will lock hackers out

Jan 8, 2025 By One Identity In One Identity
Rob Kraczek, One Identity Global Strategist, explores how organizations can avoid becoming part of the 90% of organizations that are victims of cyberattacks by developing a cyber risk program. Most hackers look for the easiest and most effective way to hack your environment. In this video, Kraczek shares why every organization needs robust identity governance and administration (IGA), the core component of a cyber risk program, to prevent cyberattacks. Learn more about Risk in the World of Identity Governance.
View Video
bitsight

Web Application Security for DevOps: Cross-Origin Resource Sharing (CORS) and Subresource Integrity (SRI)

Jan 8, 2025 By Chris Poulin In BitSight
With all of that background from parts 1, 2, and 3 of this series out of the way, let's turn to some practical considerations for real-world web applications. The inherent security restrictions for resources, including cookies and JavaScript, assume that each website contains all of its functionality in one neat, isolated package. But websites often contain content and functionality from multiple websites that trust each other.
Read Post
kovrr

Kovrr's Top 9 Cyber Loss Scenarios: A Year In Review

Jan 8, 2025 By Kovrr In Kovrr
‍ ‍While each organization faces its own unique set of cyber risks that must be carefully assessed and managed in order to reach a state of resilience, certain events are nearly inevitable in today's threat environment, having the potential to create damaging ripple effects across the global market. Early in 2024, Kovrr's cyber risk quantification models identified these potential cyber incidents and loss scenarios most likely to impact organizations worldwide in the upcoming year.
Read Post
cultureai

5 ways a Human Risk Management Platform could support SaaS Security Posture Management

Jan 8, 2025 By The CultureAI Team In CultureAI
Software as a Service (SaaS) applications have become indispensable for organisations in today's digital landscape. From collaboration tools enabling better communication, to SaaS applications that streamline operations, enhance productivity, and support remote work. However, their convenience comes with significant security challenges—many of which stem from human errors, insider threats, and inadequate configuration practices.
Read Post
nucleus

Looking Back: What We Learned in 2024

Jan 6, 2025 By Corey Tomlinson In Nucleus
Looking back on 2024 to start the new year, we had the great opportunity to host and be part of several conversations and demonstrations that we hope were valuable learning opportunities for everyone who joined us. Let’s take a moment to review some of the highlights from those 2024 events before we leap into 2025.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.