2023 is a year of “digital forest fires.” The MOVEit and the Barracuda Networks’ email supply chain attacks underscore the massive butterfly effect a single software flaw can have on the threat landscape. Supply chain attacks spread like a forest fire. Once cybercriminals compromise widely used software, attackers gain access to potentially all organizations that use that software.

IT risk assessments are vital for cybersecurity and information security risk management in every organization today. By identifying threats to your IT systems, data and other resources and understanding their potential business impacts, you can prioritize your mitigation efforts to avoid costly business disruptions, data breaches, compliance penalties and other damage.

Risk management is a team sport. So whether we are assessing health risks during a pandemic, understanding the effect of natural disasters, or trying to block a cybersecurity attack, risk communication serves a vital purpose. Risk communication aims to inform and educate individuals so they can make informed decisions and take appropriate actions in the face of uncertainty.

As expected, the Securities and Exchange Commission adopted new rules today requiring publicly traded companies to make more disclosures about the cyber risks they have and the specific cyber attacks they suffer.

Cybersecurity intelligence is a powerful weapon against risk. It enables you to discover, proactively respond, and mitigate emerging threats—internally and across your supply chain. But how can you improve your cybersecurity intelligence without overburdening busy teams? Here are three ways you can combine technology, processes, and people to effectively acquire, analyze, and disseminate intelligence to improve your organization’s security posture.

Misconfigured security settings can be disastrous for a company’s cybersecurity. In 2019, for example, a researcher discovered a security misconfiguration in the popular project management tool Atlassian JIRA that allowed him to access a vast amount of confidential data from companies that used JIRA. Unfortunately, Atlassian’s error is all too common.

It all started with a statement from the US Securities and Exchange Commission’s (SEC) Jaime Lizárraga. The commissioner revealed that a staggering 83% of companies suffered from multiple data breaches last year, with an average expense of $9.44 million in the United States— a dramatic increase of 600% over the past ten years.

On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) voted to adopt new cybersecurity requirements for publicly traded companies. These regulations create new obligations for reporting material cybersecurity incidents and disclosing critical information related to cybersecurity risk management, expertise, and governance. Companies will be required to disclose risks in their annual reports beginning on December 15, 2023.

In 2022, the finance industry suffered the second-highest number of data breaches. Besides implementing an attack surface management solution, the finance sector must also ensure its remediation product can quickly and efficiently address cybersecurity risks. If you’re in the market for a cyber risk remediation product, this post outlines the key features to look for to maximize the ROI of your new IT security tool. Learn how UpGuard protects financial services from data breaches >

Cyber risk remediation, the process of actively identifying, remediating, and mitigating cybersecurity risks, is particularly critical for the technology industry. With its characteristic enthusiasm towards adopting the latest trends in innovation, without a cyber threat remediation product, tech companies are unknowingly increasing their risk to a swatch of data breach risks.