In late August, a technology provider that offers student loan account management and payment services submitted a breach notice indicating that a compromise detected on July 22 exposed 2.5 million individuals’ data, including their names, contact information, and social security numbers. At present, neither the breach notice nor subsequent reporting have provided detailed insights into the nature of the breach, noting only that it likely began in June and continued until July 22.

We’re excited to announce a new way to monitor all of the companies you care about, but maybe don’t need all the granular security data on. Watch List lets you monitor the high-level score information of companies you care about without consuming a more detailed Portfolio slot.

Chief Information Security Officers know all about the “Sea of troubles,” and they experience “slings and arrows” daily. In mid-September, we saw a breach of Uber that threatened to undo the company’s security program - for exposing a fairly easy path to super admin privileges across most (if not all) of its infrastructure and security tools like GSuite, AWS, and HackerOne private vulnerability reports. The stakes are high.

As a CIO in charge of your organization's security, you're responsible for ensuring the security of your company's data. But with so many cybersecurity threats out there, it can be difficult to know where to start. Should you focus on conducting a vulnerability assessment? Or is a risk assessment more important? In this article, we will discuss vulnerability vs risk, cyber threats, and protecting sensitive data.

Cloud applications have opened up limitless opportunities for most organizations. They make it easier for people to collaborate and stay productive, and require a lot less maintenance to deploy, which means they’re much more affordable and easy to scale to your needs. But for all of their benefits, cloud apps also open up your organization to a host of new risks. By enabling users anywhere access to corporate resources you lose the visibility and control that perimeter-based tools provide.

Higher education institutions, like colleges and universities, often work with dozens of third-party vendors, which can introduce considerable security risks if the school doesn't maintain a proper vendor risk management (VRM) program. Compromised third parties can pose serious risks to universities, which can expose sensitive data, disrupt business continuity, or incur serious financial damages.

The purpose of vendor risk management is to strike a delicate balance between facilitating the needs of the business by integrating new vendors and ensuring that those same business partners don’t exceed the organization’s risk appetite. Maintaining a healthy balance between those two interests requires leaders to always consider broader business goals when executing VRM strategies.

Ransomware has traditionally revolved around the encryption of victims’ files. But even if encryption remains ransomware groups’ most common approach, it isn’t really their priority–extortion is. Financially-motivated cybercriminals care more about extracting payment from their victims than they do about the particular methods used to achieve that goal.

The spotlight on cyber risk quantification (CRQ) has raised its status to the top of the hypercycle, but with fame comes scrutiny and criticism. Security analysts and practitioners debate the validity of each model framework, along with the data used when modeling cyber risk. Despite this debate, there is a unifying consensus that knowing the possible range of the financial impact of a cyber event is far more optimal than flying blind.

‍Cyber vendor risk management (Cyber VRM) is the practice of identifying, assessing, and remediating cybersecurity risks specifically related to third-party vendors. By leveraging data from data leak detection, security ratings, and security questionnaires, organizations can better understand their third-party vendor’s security posture using Cyber VRM solutions.