Following the ransomware attack on a US pipeline company in May of 2021, the Transportation Security Administration (TSA) issued a series of security directives to enhance the cybersecurity posture of US transportation systems to mitigate cyber threats.

This NIST CSF questionnaire template will help you understand the degree of each vendor’s alignment with the high-level function of the NIST CSF framework - Identity, Protect, Detect, Respond, and Recover. Though this assessment only offers a superficial understanding of compliance, it’s sufficient for getting a sense of a prospective vendor’s security posture, especially when coupled with an external attack surface scanning solution.

Recently, a critical vulnerability tracked as CVE-2023-27997 was identified in Fortinet Fortigate appliances. Fortinet makes some of the most popular firewall and VPN devices on the market, which makes them an attractive target for threat actors. This vulnerability has been exploited by the Chinese APT group Volt Typhoon, among others, targeting governments and organizations worldwide. As a result, Fortinet has released an urgent patch for affected systems.

To manage cybersecurity risks effectively and maintain a strong defense posture, organizations need a clear understanding of their security program and the ability to measure their progress toward key objectives. Enter key performance indicators (KPIs), a mechanism that allows organizations to gauge and track their cybersecurity effectiveness.

The upcoming cybersecurity regulations from the U.S. Securities and Exchange Commission (SEC) deliver a clear message: Cyber risk is a business risk. Slated to be finalized this fall, the regulations will directly link financial performance to cybersecurity through required public disclosures. If a company is hacked, it can affect the stock price, the market capitalization, and customer trust. That is why the SEC is paying attention and has proposed these vital regulations.

21 CFR Part 11 is a set of regulations issued by the U.S. Food and Drug Administration (FDA) that establishes the criteria under which electronic records and signatures are considered trustworthy, reliable, and equivalent to paper records. In order to sell products in the United States, companies must demonstrate that their systems meet the standards set forth in Part 11. This can be a daunting task, as the requirements are numerous and detailed.

After a wave of zero-day attacks targeting widely used security and networking appliances, the Cybersecurity & Infrastructure Security Agency (CISA) is taking new measures to protect Internet-exposed networking equipment.

Today we’re excited to announce Risk Management customization, a collection of new capabilities in our platform that enhance the existing Risk Management solution and give you more flexibility to enable custom risk management scoring and prioritization. Currently in beta, Risk Management customization will be generally available in the coming months. ‍ ‍

Verizon’s much anticipated 2023 Data Breach Investigations Report (DBIR) has hit the market and we have the missing pieces you need to convert its findings into action. In this blog, we’ll break down.

The ransomware trend continues to run rampant. One in four breaches involve ransomware, and organized crime actors use ransomware in more than 62 percent of incidents. Cyber criminals are taking advantage of these new opportunities to exploit a greatly expanded attack surface: But ransomware is only one small piece that a security leaders has to manage. The threat of ransomware is compounded by a distributed workforce, trends toward technology consolidation, geopolitical upheaval, and budget constraints.