Nearly every day, it seems like you’re reading about another data breach in the news. Between ransomware attacks and nation-state actors, you can’t rely on the old “trust but verify” adage anymore. Cyber resilience isn’t about preventing all threats, it’s about creating a security program that allows you to identify, investigate, contain, and mitigate threats quickly and effectively.

People have long used mission statements, declarations and manifestos to publicly convey the intentions, motives or views of its issuer. While the historical political landscape has long used these actions to challenge and provoke, they are also advertisements to gain attention and to spark action.

Today I want to revisit the SEC’s proposed new rules requiring public companies to disclose more about their cybersecurity risks. Those plans would obligate companies to discuss how the board and senior management address cybersecurity risk at a strategic, enterprise level. What’s that all about?

Water Sector Cybersecurity Requirements Policymakers and regulators in Washington are bringing their attention now to water utilities’ cybersecurity. Last month, the White House announced it was expanding its public-private cybersecurity partnership to the water sector. Separately, in December of 2021, the Environmental Protection Agency (EPA) announced an evaluation of regulations related to the public water system’s cybersecurity, which will change in April.

Cyber risk has never been completely independent of world politics and international affairs, but in recent weeks, there has been a significant shift in alignment. The domain of physical war has closer ties to the digital sphere than ever before. As part of efforts to manage elevated cyber risk, it is vital to understand the short-term impact and longer-term risk of current events, and where focus should be placed to achieve the best defense.

One would be hard pressed to find anyone working today in the cybersecurity world that has not yet heard of Lapsus$, an emerging cyber-crime group with big claims of breaching the likes of high-profile companies Microsoft, Samsung, NVIDIA, and Okta amongst others.

How well do you know your organization’s attack surface? Chances are, you don’t know it as well as you think you do. According to a recent report, 2 out of 3 organizations say their external attack surface has expanded in the past 12 months, but that does not mean they’ve been keeping track of it.

Ransomware has dominated the headlines the last couple of years. But it might surprise you to hear that another scourge—business email compromise (BEC)—accounted for 49 times more in losses in 2021. As reported in the FBI’s latest Internet Crime Report, BEC cost organizations and individuals $2.4 billion versus $49.2 million for ransomware. In fact, more than a third of total cybercrime last year can be attributed to BEC.

The amount of data that municipalities deal with on an everyday basis has grown exponentially. In particular, local governments have focused on upping their cybersecurity efforts due to the sensitive information and data stored and shared with state and federal government programs. It is now more important than ever to ensure effective cybersecurity within local governments. In this blog, we will take a look at how your local government can reduce impending risks and secure innate vulnerabilities.