According to the latest IBM Cost of a Data Breach Report, the average breach costs $4.35M per incident, climbing by 12.7% from 3.86 million USD in IBM’s 2020 report. This does not account for lost business opportunities and lingering reputational damage. A cybersecurity tabletop exercise could substantially reduce this amount simply by having a well-thought-out incident response plan and effectively exercising business continuity plans.

The August 4th compromise of Twilio via a targeted smishing attack has been a topic of wide concern and discussion on social media. My first thoughts on hearing of the attack were to virtually “pat myself down” with regard to exposure risk. Kind of like that feeling when you’re not sure if your car keys or wallet are in your pocket a few blocks after walking away from your parking space. Is my company affected by the breach? Did we receive a notification email from them?

The BlackCat/ALPHV ransomware is a complex threat written in Rust that appeared in November 2021. In this post, we describe a real engagement that we recently handled by giving details about the tools, techniques, and procedures (TTPs) used by this threat actor. Firstly, the attacker targeted an unpatched Microsoft Exchange server and successfully dropped webshells on the machine.

Not all of the recognizable risks in your software supply chain can be identified by their known vulnerabilities recorded as CVEs. A component that is outdated or inactive may present risks to your application that no one has had cause to investigate. Yet these components could still harbor threats.

Have you ever been asked difficult questions from your leadership teams that you couldn’t answer? How do you intelligently and succinctly respond to the following questions and have the supporting data to back up your metrics and business outcomes? Regardless of your role in compliance, risk management or information security, these questions can potentially trigger a mild case of anxiety or even a full on panic attack, depending on your organization’s level of control maturity.

Few Indian businesses are included in the ever-increasing list of major data breaches. But data suggests that this streak of luck could soon be reaching its end. Increasing third-party security risks and a deficiency of security controls addressing them create the perfect conditions for a large-scale global supply chain attack facilitated by breached Indian business.

Managing individual business risks is difficult when silos exist. An enterprise risk management (ERM) framework consolidates risk management strategy across an entire organization, enabling better visibility, measurement, and management of business objectives. With a unified focus on addressing risk, compliance teams can universally improve regulatory compliance, governance, and risk management processes.

Risk, security and compliance executives have many choices and decisions on their respective plates, and whether or not to automate is not among them. I’ve been seeing a trend in the marketplace: more and more organizations are investing in risk management and compliance technology tools1. But why? The answer may be as simple as supply and demand dynamics.

Keeping up with ever-changing regulatory requirements for cybersecurity can prove difficult for many organizations, which may unknowingly become non-compliant if they fail to adapt to new laws and regulations. Healthcare organizations and financial services must be even more vigilant with compliance. Both sectors are subject to even stricter requirements due to the large quantities of personally identifiable information (PII) they manage.

The total global value of corporate mergers and acquisitions (M&A) reached $5.9 trillion in 2021. For 2022, the figure is expected to reach $4.7 trillion. This would make 2022 the second-best year on record for the M&A market after 2021. Clearly, robust M&A opportunities exist for companies looking to stimulate growth, increase market share, and influence supply chains. Despite those potential benefits, however, M&A deals are also fraught with serious risks.