Many of you have probably heard about the record $1.3 billion GDPR fine the European Union (EU) issued against Facebook’s parent company, Meta, for unlawful data transfers of EU citizens.1 In reading the coverage and ruling, I kept thinking about how high-stakes data privacy has become today and how data has surpassed oil as the world’s most valuable resource.

Effective corporate compliance is an increasingly urgent issue for businesses. More regulations continue to proliferate across the landscape, and compliance obligations are becoming more complex. The need for an effective compliance management tool to help CISOs and senior management meet those ever-expanding compliance requirements has never been greater. A manual approach to tracking and monitoring compliance activities drives up costs and is more prone to error.

A disruption to your company’s information technology (IT) systems can disrupt your business operations as well, costing you time and money while employees wait for repairs. An audit of your IT systems can identify and fix those potential disruptions before they happen – and an IT audit checklist can assure that your IT department has the necessary resources in place to keep your systems safe.

Effectively utilizing a risk register allows your organization to anticipate and overcome challenges with confidence. No GRC program is failproof, which is why it’s so critical to take a thorough look at potential risks and remediations. To make sure you’re starting on the right foot, we’ve provided a free, downloadable risk register template you can use once you have a better understanding of what it does.

When it comes to the quality of your software, it’s imperative to understand your strengths and weaknesses, before your buyer does.

An attack exploiting CVE-2023-34362, a zero-day vulnerability in the MOVEit file transfer software, was disclosed at the start of June, with additional victims still being uncovered. The vulnerability is an SQL injection vulnerability that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. The attack was carried out by at least one threat who gained unauthorized access to the software and stole sensitive data from affected organizations.

In a climate where companies largely gain attention only when something negative happens, it’s time to celebrate and recognize the companies who are best in class when it comes to cybersecurity. That’s why we applaud Forbes’ decision to produce the industry’s first list of America’s Most Cybersecure Companies. These companies illuminate how cybersecurity is being taken seriously as a core business issue.

While some of the obvious misuse of ChatGPT in the world of cyber security was not unexpected – asking the artificial intelligence to write harder-to-detect malware and easier-to-convince phishing emails – a new threat has emerged that can leverage the very nature of the large language model. Ultimately, ChatGPT is a learning machine, and bases its answers on information it sources from the Internet.

SecurityScorecard conducted an extensive investigation into the Zellis breach. This research revealed alarming insights about the scale and persistence of the attack. The data exfiltration was carried out in several steps: Netflow data from Zellis IP ranges indicated large outbound transfers over HTTPS, which pointed towards the presence of a web shell. Additionally, SecurityScorecard researchers detected exfiltration over SSH to known malicious IP addresses.

A data breach is an IT security incident where data is compromised or stolen from a system without the knowledge or authorization of its owner. But what happens when a third party is involved? Stolen data may include sensitive, proprietary, or confidential information such as credit card numbers, trade secrets, customer, or patient data. Third party breaches cost millions of dollars every year to companies of all sizes.