The role of artificial intelligence (AI) has become increasingly prominent, particularly in the realm of cyber threat hunting. Cyber threats continue to evolve in complexity and sophistication, posing significant challenges to traditional cybersecurity measures. As a result, organizations are turning to AI-driven solutions to enhance their threat detection and response capabilities.

In an era dominated by digital advancements, the legal landscape is not exempt from the pervasive threat of cyberattacks. Law firms, entrusted with sensitive and confidential client information, must prioritize cybersecurity to safeguard both their clients and their own reputation. The consequences of a security breach can be severe, ranging from financial losses to irreparable damage to the firm’s integrity.

The reliance on third-party vendors for diverse services has become a norm in 2023. However, this dependence brings with it the need for a heightened focus on the cybersecurity posture of these external partners. It’s imperative for businesses to meticulously assess the cybersecurity risks and compliance levels of their vendors to safeguard against potential vulnerabilities that could impact their operations.

‍We are thrilled to welcome Bob Lyle to Riscosity as our Chief Revenue Officer. Bob is an accomplished executive with extensive GTM experience in scaling software and security companies. He will be responsible for the planning, development, and global execution of our revenue strategy as we continue to evolve our business.

‍ The US Securities and Exchange Commission's complaint against SolarWinds and its Chief Information Security Officer (CISO) Tim Brown has sent shockwaves through the cybersecurity community. Solarwinds and Brown have been accused of fraud, the details of which can be found in an extensive 68-page document. ‍ This complaint, in itself a bold move, has been particularly jolting to cyber professionals given the SEC’s July 2023 regulations.

More than two years after the major U.S. pipeline ransomware incident, the SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team has released a new report revealing that 90% of the largest global energy companies have experienced a third-party breach in the past 12 months. This research highlights the uphill battle faced by the energy industry in combating emerging threats across the supply chain.

The risk of data breaches has become an omnipresent concern for businesses and organizations. And as technology continues to evolve, so do the tactics of cybercriminals. One critical aspect of cybersecurity strategy involves preparing for and responding to third-party data breaches. A well-constructed response playbook is indispensable in mitigating the potential damages and ensuring a swift recovery.

Do you know what percentage of your vendors are at higher risk of ransomware attack? Can you drill-in to see exactly who? Or more importantly, why? Or how effective your vendor program has been in reducing risk to the business over the last 12 months? In the ever-connected world of partners and suppliers, vendors and even more vendors, the line between ‘their risk’ and ‘your risk’ disappeared. And what security and compliance teams need more of is not more data, but insights.

On November 25, the U.S. municipal water authority in Aliquippa, Pennsylvania confirmed that one of its booster stations had suffered an attack by a threat actor group that supports Iranian geopolitical interests. The attack by a cyber group known as CyberAv3ngers compromised a programmable logic controller (PLC) for a water pressure monitoring and regulation system. Officials, however, have made it clear that the incident did not threaten local drinking water or water supplies.

Audits are independent assessments of the security of sensitive data and computer systems or a company’s financial reporting. Audits can be time-consuming and often feel peripheral to most people’s daily workload – but they are crucial exercises. Hence, it’s essential to establish an audit management process.