-In the hours after news broke that Lapsus$ claimed to have breached Okta, an enterprise identity and access management firm, SecurityScorecard’s Threat Research and Intelligence team conducted a rapid investigation into Lapsus$ to provide customers and partners with the very latest in actionable security intelligence and insights related to this emerging cybercrime group. -Lapsus$’s targets have quickly evolved from Brazilian and Portuguese organizations to high-profile U.S.

On March 9, 2022, the Securities and Exchange Commission (SEC) announced proposed rules and amendments to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting. These proposed amendments impact all public companies subject to the reporting requirements of the Security Exchange Act of 1934. To summarize this proposal and learn how to successfully prepare for them, read on.

Comparing and contrasting the effectiveness of Vulnerability Assessment (VA), Vulnerability Management (VM), Risk-Based Vulnerability Management (RBVM), and Managed Risk®. Performing a vulnerability assessment (VA), implementing a vulnerability management (VM) program, and upgrading your proactive security program with a risk-based vulnerability management (RBVM) approach may help your organization effectively deal with cybersecurity vulnerabilities.

As you have probably heard, 3G is phasing out. On February 22, AT&T shut down its 3G network. T-Mobile Sprint will retire its 3G network next week on March 31, 2022. Verizon, the last of the pack, will retire 3G by the end of 2022. What does this mean for your business and your security? The obvious answer is that older phones should be replaced as soon as possible, but the 3G shutdown’s impact will reach beyond phones, and that reach may affect your organization’s security.

Early in the morning of March 22nd a threat group known as LAPSUS$ posted screenshots on their Telegram account that allegedly show access to Okta internal systems such as Slack, Cloudflare, Jira, Salesforce and other “Okta cards.” Okta’s CEO Todd McKinnon apparently confirmed an event in January in a tweet:: “In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors.

Businesses are constantly adapting to changing circumstances. Yet, many are strapped for resources and view compliance as nothing more than a checklist of requirements to satisfy regulators or auditors which could short-change their business. At the same time, the pandemic has highlighted the necessity of risk management for every organization, and exposed the gaps that exist in many governance, risk, and compliance (GRC) programs today.

The average company can’t do business without their third parties. Vendors, suppliers, partners, distributors, and contractors — third parties make it so much simpler to build, distribute and sell a product or service.

ISO 27001 compliance provides greater assurance that an organization is adequately managing its cybersecurity practices, such as protecting personal data and other types of sensitive data. Third-party risk management (TPRM) programs can benefit immensely from implementing the relevant ISO 270001 controls to mitigate the risk of significant security incidents and data breaches.

Senior-level executives handle sensitive data and information daily – making them an enticing target for cybercriminals. One of the most complex schemes to date is the whaling attack, in which hackers impersonate high-ranking employees to gain access to computer systems and networks. Whaling attacks have seen a dramatic 131% increase between Q1 2020 and Q1 2021, costing enterprises around $1.8 billion in damages.

It’s out there. In the deep, dark corners of your IT estate, it’s been hiding. Maybe it’s that “killer app” one of the department heads brought back from a trade show. Or maybe it’s that campaign microsite that marketing had a contractor develop for a “skunkworks” launch. Shadow IT is more than an asset management problem. It’s a security problem because you can’t secure what you can’t see.