The Dutch Police have arrested three individuals for suspected ransomware activity, which generated at least 2.5M Euro in extortion fees. The actors are believed to have attacked thousands of organizations, compromising the data of tens of millions of individuals. This is another example of successful law enforcement activity against ransomware operations. Such activity has increased over the past year, leading to the arrest of several prominent ransomware group members, such as Revil and Netwalker.

While things can sometimes seem “back to normal” in the rest of the world, the devastating war is still going on in Ukraine, affecting millions of innocent civilians. Reflecting on the past year’s suffering of the Ukrainian people, we’d like to summarize the cyber warfare aspect of this conflict. In 2022, Russian government-backed cyberattacks targeted users in Ukraine more than any other country.

Companies and their many stakeholder groups depend on accurate information. Whether you’re a manager, investor, board director, or employee, it’s crucial to have an accurate picture of what is happening in a company. Publicly traded companies provide this picture through financial data, collected and shared through formal, published financial reports.

Today’s release of the White House’s National Cybersecurity Strategy is the result of more than a year of government and industry collaboration that sets new boundaries for the government approach needed to improve global cyber defenses. The strategy clearly represents a shift away from decades-old voluntary compliance regimes to a more aggressive regulatory construct that seeks to shift cyber burdens onto providers/developers and owners and operators of critical infrastructure.

On average, 55 new cybersecurity vulnerabilities were published every day in 2021. This goes on to show that preparing for every single vulnerability and running a hundred percent risk-free business is an extremely difficult task, but not entirely impossible.

Some of the biggest prevailing challenges in the cybersecurity world over the last year have been those revolving around securing the software supply chain across the enterprise. The software that enterprises build for internal use and external consumption by their customers is increasingly made up of third-party components and code that can put applications at risk if they aren't properly secured.

In today's ever-changing digital world, users of digital risk protection solutions encounter various obstacles. Although the top players in the digital risk protection industry provide powerful solutions that come with an array of features and capabilities, customers must still navigate a complicated and fast-moving environment of potential threats.

There are two kinds of CISOs: pre-breach and post-breach. Pre-breach CISOs are overly focused on tools and thinking about investing in prevention technologies. They do this almost to the exclusion of thinking about recovery and timely restoration of services once something bad actually occurs. And something bad will happen; it’s not a matter of if, but when (and how often, I might add, so “breach cadence” seems a more suitable KPI than breach likelihood).

Third-party risk management is a well-known industry term that emphasizes the importance of looking outside yourself to identify potential risks to your organization. In the current business landscape, where you are communicating and collaborating with dozens, if not hundreds, of other organizations, focusing on your own cyber risk and that of your third parties is not enough.

On the final day of the World Economic Forum, we shared SecurityScorecard’s five key cybersecurity insights based on the discussions that dominated our time in Davos, Switzerland. Several weeks later, after gathering our thoughts from everything we saw, heard, and contributed to in Davos, we’d like to expand on our cybersecurity perspectives from the Forum and provide five additional insights.