Leaders from the SEC, Cyber Threat Alliance, and National Association of Corporate Directors recently joined with SecurityScorecard to share their insights on the state of cybersecurity risk management today. Earlier this month, the New York Department of Financial Services (NY DFS) announced efforts to modernize their supervision process, with the creation of the Cybersecurity and Information Technology Baseline Risk Questionnaire (CIBRQ).

It might sound confusing at first, but knowing who your third parties also rely on for their day-to-day business operations is key to building out a smarter and more informed vendor risk management program. Commonly known as fourth-party concentration risk, the ability to determine the fourth-party vendors in your digital supply chain that serve a majority of your third-party vendors can help organizations avoid potentially catastrophic supply chain risk from such a dependency.

SOC analysts suffer from alert fatigue caused by too many data sources and platforms, too little context in investigations, too few people, and too little time. Mature cybersecurity teams manage this challenge by leveraging an integrated set of data analytics capabilities from best-of-breed solutions to establish an end-to-end experience — from data collection to response.

CrowdStrike believes that continuous testing and evaluation by third-party organizations is critical in helping customers make informed decisions about which security solution best fits their needs. This is why CrowdStrike continues to participate in more third-party testing than any other next-gen endpoint cybersecurity vendor.

As the internet grows, so does the sophistication and capabilities of cyber attacks. Cybercriminals constantly develop new ways to exploit even the most complex networks and servers. One of the newer types of attacks caused major headlines in 2020 and continues to be a force to be reckoned with for even the largest companies and organizations. It's called a double extortion ransomware attack. Becoming a victim of these vicious attacks can lead to devastating consequences.

Hiring is hard. If you're a remote company like we are, you already have a head start. A larger pool of applicants, more practical benefits over a "fun office", etc. That doesn't mean that when the time comes to hire for a new role, you will immediately find the perfect candidate. When we were hiring for our recent frontend developer role, we were surprised how hard it ended up being. Not for lack of candidates, but instead for the right fit within our existing team.

Cloud computing is an effective solution for large and small companies across every industry. There has been rapid adoption due in large part to its accessibility, flexibility, and reliability. The cloud environment brings a significant amount of benefits, but at the same time, it can expose businesses to various alarming cybersecurity risks. A study conducted by Thales and 451 Research revealed that 40% of respondents have experienced a data breach within their cloud environments.

This past March we posted an analysis of a vulnerability in the Apache HTTP Server mod_sed filter module, CVE-2022-23943, in which a Denial of Service (DoS) can be triggered due to a miscalculation of buffers’ sizes. While analyzing this Apache httpd vulnerability and its patch, we suspected that although the fix resolved the issue, it created a new unwanted behavior. Our suspicion turned out to be true: we discovered that another way to cause a DoS was introduced.

Every year Verizon releases the Data Breach Investigations Report (DBIR), covering some of the biggest trends in data breaches across industries, highlighting the common causes for breaches as well as trendy attack vectors. And every year, when it is released, my inbox is immediately hit with questions from colleagues and customers asking how Netskope can mitigate each of the issues raised. So this year I thought I would share my analysis more widely.

This blog is a part of our new series 5 Strategies for Building Resilience to Financial Crimes and Cyber Attacks in 2022. Access to the right data at the right time is the foundation of an efficient payment fraud prevention strategy. At INETCO, we like to say that not all insights are created equal: if you are missing some key pieces of the puzzle you won’t get a clear picture of the threat landscape.