As companies continue to face new and increasing cybersecurity risks, the National Institute of Standards and Technology (NIST) has developed a cyber risk scoring methodology that helps organizations to assess, quantify, and manage their cybersecurity posture effectively. The NIST Cyber Risk Scoring solution improves NIST’s security and privacy assessment processes by providing real-time contextual risk data, enhancing awareness, and prioritizing necessary security actions.

Data breach attacks are serious problems for companies, organizations and institutions all over the world. For example, in the US one data breach costs on average 9.4 Million USD, which is the highest worldwide. To handle—or ideally, prevent—these attacks, we need to understand first the “why” and “how” of an attack. With this objective in mind, Bitsight analyzed more than 17,000 data breach events from the last seven years affecting 23 sectors in the US.

When it comes to securing your enterprise and keeping it safe, your success depends on effective communication. How can you explain cyber risks to the board in a way that's easy to understand, yet still packs a punch? Cyber Risk Quantification (CRQ) is a methodological approach that allows security teams to measure and quantify cyber risks in financial terms.

In recent years, social media platforms have become invaluable tools for businesses to engage with their customers, reach a wider audience and enhance their brand visibility. From TikTok’s viral challenges to Instagram’s visually appealing content — and the ever-present Twitter and Facebook — these platforms offer unparalleled opportunities for organizations to connect with their target market. However, with great opportunities come great risks.

s cyber threats evolve and business models change, maintaining a mature cybersecurity program can be challenging. You need to be confident that your organization’s current security tools and techniques are effective. A single error or postponement in resolving a software problem can create weaknesses in your IT infrastructure, increasing the likelihood of cyber attacks.

2023 is a year of “digital forest fires.” The MOVEit and the Barracuda Networks’ email supply chain attacks underscore the massive butterfly effect a single software flaw can have on the threat landscape. Supply chain attacks spread like a forest fire. Once cybercriminals compromise widely used software, attackers gain access to potentially all organizations that use that software.

IT risk assessments are vital for cybersecurity and information security risk management in every organization today. By identifying threats to your IT systems, data and other resources and understanding their potential business impacts, you can prioritize your mitigation efforts to avoid costly business disruptions, data breaches, compliance penalties and other damage.

Risk management is a team sport. So whether we are assessing health risks during a pandemic, understanding the effect of natural disasters, or trying to block a cybersecurity attack, risk communication serves a vital purpose. Risk communication aims to inform and educate individuals so they can make informed decisions and take appropriate actions in the face of uncertainty.

As expected, the Securities and Exchange Commission adopted new rules today requiring publicly traded companies to make more disclosures about the cyber risks they have and the specific cyber attacks they suffer.

Misconfigured security settings can be disastrous for a company’s cybersecurity. In 2019, for example, a researcher discovered a security misconfiguration in the popular project management tool Atlassian JIRA that allowed him to access a vast amount of confidential data from companies that used JIRA. Unfortunately, Atlassian’s error is all too common.