Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Risk Management

Featured Post

Growing Digital Ecosystems, Increasing Cybersecurity Risk, Fragmented Regulations and Economic Challenges Emphasizes Need for Holistic API Security

The challenges that the global business community has faced in the last few years have been unprecedented. A pandemic, inflation, an energy crisis, war, an economic downturn, and fragmented and delayed supply chains have all created issues for organizations and have left no industry, market, or region untouched. Yet, despite these issues, our digital ecosystems and footprint grow ever bigger and increasingly complex. The global digital transformation market was worth $731.13 billion in 2022, and it is now expected to grow at a CAGR of 26.7% by 2030, driven in the main by businesses trying to gain a competitive advantage.

Minimizing public sector cybersecurity risk

The public sector is critical to national and international security. Yet, new research from SecurityScorecard and the Cyentia Institute found that 61.6% of public sector agencies have open cyber vulnerabilities, taking a median of 309 days to remediate. What’s more, 53% of public sector agencies are losing ground closing their cyber vulnerabilities, due in large part to a greater reliance on third-party vendors with less-than-optimal cybersecurity hygiene.


The Conflict Between Operational Risk and Security Risk

Let’s talk about operational risk and security risk. In the dynamic world of software development, a persistent tension exists between developers and security professionals when it comes to managing operational risk and security risk. Developers prioritize avoiding code disruptions, leading them to implement measures like version locking and reluctance to patch.


Cybersecurity Audit Checklist

Today’s corporate IT environments are complex and diverse. The security system to protect those environments can easily have hundreds of individual parts, and all of those parts need to be looked at individually and as a whole. To assure that all those parts are working as intended, you should perform a cybersecurity audit. Audits aren’t just good sense, either; many data privacy and security regulations require audits. That said, the steps for a cybersecurity audit can be long.


How to Automate Cyber Risk Quantification

The attack surface for most organizations is constantly expanding, and security teams struggle to decide which parts of that surface deserve priority for effective risk mitigation. Traditional methods of ranking risks such as malware and ransomware on a high-, medium-, low- scale have unraveled as different people interpret those categories differently. What’s needed: more accurate cyber risk assessments.


How to Identify and Mitigate Digital Transformation Risks

Market pressures and growth opportunities are accelerating digital transformation. According to Gartner, 89 percent of board directors say digital is embedded in all business growth strategies. Meanwhile 99 percent say that digital transformation has had a positive impact on profitability and performance (KPMG). The cloud, connected IoT devices, and remote work capabilities are the cornerstones of digital transformation.


6 Trends to Watch from RSA Conference 2023

Attending the RSA Conference can be an exciting time – whether you’re there representing your company or participating in the educational sessions. Just walking around the Moscone Center during RSAC 2023 provided insight into the latest trends and challenges in the risk and compliance industry. One of the most striking takeaways from the conference was the complexity and challenges involved in risk and compliance management faced by modern organizations.


The Power of Using Risk Scores to Automate Continuous Conditional Access

Co-authored by David Willis and Gary Jenkins As we wrote in an earlier blog, the concept of cybersecurity risk continues to be codified, qualified, and, finally, quantified. With the rise of RESTful API endpoint support and near-real time telemetry sharing, companies can seize the opportunity to automate the IT/security stack’s response to risky users (in addition to devices, data, and applications—to be covered in future blogs).


Improved risk assessment with EPSS scores in Snyk

The number and complexity of software vulnerabilities is continuously growing. The ability of development and security teams to assess the threat level a given vulnerability poses and prioritize fix efforts accordingly greatly depends on access to as much context as possible about the vulnerability.