You’ve seen suspicious ads. Some were obvious — ads that claim your browser is infected with malware and you need to click immediately to remedy the situation — but likely, some weren’t obvious at all. They just looked like regular ads, and might have appeared on a site you trust. You didn’t know it (and hopefully didn’t click) but some of the ads you see regularly are malvertising.

This past year was a banner year for cybercriminals. By the end of September, the Identity Theft Resource Center (ITCR) reported that the number of breaches that had taken place over the first three quarters of 2021 had exceeded the total number of breaches in 2020.

Third-party technology providers can confer huge strategic advantages to a business. It allows each organization to focus on their highest value activities, but there’s a downside; new cyber security risks come with each partnership. Third-party risk is now an integral part of business ecosystems. A solid risk management framework is required to manage risk and keep you and your customers safe.

Last week one of the country’s top banking regulators published its semi-annual report on risks to the financial system, and to no surprise cybersecurity risk was near the top. The more one ponders the findings, however, the more you can see insights about cybersecurity, internal control, and innovation that are worth the time of a compliance professional in any sector.

Risk management doesn’t belong to one person or department at an organization. It’s a shared effort—partly because it touches on multiple roles at a company and partly because it is a massive and complex undertaking. Successful CISO’s use risk management visualization and reporting to provide a clear and easy way to understand the value of their security program.

A digital security risk is any action or event that could cause loss of or damage to computer software, hardware, data, processing capability, or information. Digital risk management is an organization’s effort to keep such risks at acceptable levels. It’s crucial to understand that a risk is not the same as vulnerability. A risk is any event that could lead to an undesired outcome or loss. A vulnerability, on the other hand, is a weakness that can be exploited.

Cyberattacks are constantly evolving as criminals discover new ways to crack strong networks or automate attacks to target vulnerable systems. Nowadays, it seems as if cyberattacks are everywhere you look. In 2021, we faced many new attack vectors as the shift to remote work challenged traditional work operations, and we are likely to see those continue well into 2022.

There's little question that you've already heard about the recently discovered security flaw related to Log4j, a widely used Java library for logging error messages in applications. The vulnerability enables a threat actor to remotely execute commands via remote code execution (RCE) on nearly any machine using Log4j. But it's also important to cut through all of the noise to truly understand the implications of the Log4j and what organizations can do to combat it.

Cyber threats are everywhere, regardless of your organization’s size or industry. Businesses today must adopt a systematic, disciplined cybersecurity plan to secure vital infrastructure and information systems — that is, a cybersecurity framework. Cybersecurity risk management encompasses identifying, analyzing, assessing, and addressing cybersecurity threats to your organization. In this sense, the first part of any cyber risk management program is a cybersecurity risk assessment.

Holiday shopping is right around the corner, but unfortunately, Black Friday isn’t just an opportunity for shoppers and retailers — it’s also an opportunity for cybercriminals. While criminals have always been attracted by the money that changes hands on Black Friday, the last couple of years have been a magnet for cyber attacks. The pandemic means that more people than ever shopped online in 2020 — with shoppers spending $14.13 billion online last year on Black Friday.