On average, 55 new cybersecurity vulnerabilities were published every day in 2021. This goes on to show that preparing for every single vulnerability and running a hundred percent risk-free business is an extremely difficult task, but not entirely impossible.
Some of the biggest prevailing challenges in the cybersecurity world over the last year have been those revolving around securing the software supply chain across the enterprise. The software that enterprises build for internal use and external consumption by their customers is increasingly made up of third-party components and code that can put applications at risk if they aren't properly secured.
In today's ever-changing digital world, users of digital risk protection solutions encounter various obstacles. Although the top players in the digital risk protection industry provide powerful solutions that come with an array of features and capabilities, customers must still navigate a complicated and fast-moving environment of potential threats.
There are two kinds of CISOs: pre-breach and post-breach. Pre-breach CISOs are overly focused on tools and thinking about investing in prevention technologies. They do this almost to the exclusion of thinking about recovery and timely restoration of services once something bad actually occurs. And something bad will happen; it’s not a matter of if, but when (and how often, I might add, so “breach cadence” seems a more suitable KPI than breach likelihood).
Third-party risk management is a well-known industry term that emphasizes the importance of looking outside yourself to identify potential risks to your organization. In the current business landscape, where you are communicating and collaborating with dozens, if not hundreds, of other organizations, focusing on your own cyber risk and that of your third parties is not enough.
On the final day of the World Economic Forum, we shared SecurityScorecard’s five key cybersecurity insights based on the discussions that dominated our time in Davos, Switzerland. Several weeks later, after gathering our thoughts from everything we saw, heard, and contributed to in Davos, we’d like to expand on our cybersecurity perspectives from the Forum and provide five additional insights.
Unless you’ve been avoiding your inbox like a cybercriminal avoids sunlight, you’ve probably seen something like this before: That right there is a classic example of a phishing email. Most security-aware individuals can spot a phishing email from a mile away. In the past, it used to be the misspellings, such as in this email, that gave it away. Now, misspellings and poor grammar aren’t ideal indicators of phishing attempts.
The city government of Oakland has declared a state of emergency after it was hit by a ransomware attack. The attack, which began in the evening of February 8th, has forced the city to take all its IT systems offline, and has affected many non-emergency services, including the ability to collect payments, issue permits, and process reports.
Open source libraries have become an indispensable part of modern applications. Approximately 90% of organizations use open source software to support their services, but monitoring these dependencies can be difficult when environments run thousands of ephemeral services. The complex nature of modern applications, in combination with the challenge of keeping a competitive edge in a fast-moving market, can make it difficult for organizations to identify and remediate threats in a timely manner.
