The Sarbanes-Oxley Act (SOX) requires publicly traded companies to declare and adopt a framework that the business will use to “define and assess internal controls.” In response, most publicly traded companies have adopted one of two frameworks that meet the SOX requirements: the Committee of Sponsoring Organizations (COSO) internal control framework and the IT Governance Institute’s Control Objectives for Information and Related Technology (COBIT).

In the culinary world, the adage “too many cooks spoil the broth” warns of the chaos and disarray that can arise from too many opinions and actions in the kitchen. However, this concept takes an intriguing twist in the realm of cybersecurity.

Running a business involves taking calculated risks — but unexpected events can have devastating consequences. Risk mitigation is a process that helps companies identify potential risks and take proactive measures to mitigate them. In this blog, we'll explore the importance of risk mitigation and how businesses can protect their assets, reputation, and financial stability.

SecurityScorecard is analyzing a phishing campaign that deployed the Menorah malware, which is taking aim at users in the Middle East. This sophisticated campaign is being mounted by the threat actor group tracked as APT34, which is linked to Iran. This group is known for its focus on collecting sensitive intelligence and taking on high-profile targets across the Middle East including critical infrastructure and telecommunications entities.

As the digital landscape evolves, so too must the professionals who safeguard it. Cybersecurity conferences are invaluable when it comes to networking, learning, and staying ahead of the ever-evolving threats. Whether you’re a seasoned cybersecurity professional or a newcomer to the field, attending these conferences can be a transformative experience.

The blockchain has emerged as a revolutionary technology with the potential to redefine how data is managed, stored, and shared. While initially associated with cryptocurrencies like Bitcoin, the blockchain’s applications extend far beyond finance, impacting industries ranging from healthcare to supply chain management. One of the blockchain’s key promises lies in ensuring data consistency, transparency, and privacy, critical elements in an interconnected and data-driven world.

A policy, by definition, is a statement of management intent that is mandatory for an organization. A security policy, obviously, focuses on the security of information assets.

When FedEx founder Fred Smith attended Yale in the mid-1960s, he wrote an economics paper describing the concept of overnight delivery of packages by air. His professor infamously gave him a “C” grade because he viewed it as implausible. But Smith knew something his professor didn’t—and it was an idea that would change the way the business world worked forever. I bring this story up for two reasons. For one thing, I worked for FedEx and learned a lot from my time there.

In a dramatic twist befitting a digital thriller, a malware analyst at SecurityScorecard turned the tables on cybercriminals, rescuing a company from a staggering $500,000 ransomware demand. This story isn’t just about a single incident; it’s a testament to the power of cybersecurity expertise in the ongoing battle against ransomware, a menace that recorded 493 million instances in 2022 alone.

The rise of cloud computing has been one of the most transformative technologies of the past several decades. According to research firm Gartner, public cloud services spending will increase from $313 billion in 2020 to $482 billion in 2022. Further, by 2026, it will exceed 45 percent of all enterprise IT spending, up from less than 17 percent in 2021. There’s no doubt that cloud adoption will continue to increase.