There are two kinds of CISOs: pre-breach and post-breach. Pre-breach CISOs are overly focused on tools and thinking about investing in prevention technologies. They do this almost to the exclusion of thinking about recovery and timely restoration of services once something bad actually occurs. And something bad will happen; it’s not a matter of if, but when (and how often, I might add, so “breach cadence” seems a more suitable KPI than breach likelihood).
Third-party risk management is a well-known industry term that emphasizes the importance of looking outside yourself to identify potential risks to your organization. In the current business landscape, where you are communicating and collaborating with dozens, if not hundreds, of other organizations, focusing on your own cyber risk and that of your third parties is not enough.
On the final day of the World Economic Forum, we shared SecurityScorecard’s five key cybersecurity insights based on the discussions that dominated our time in Davos, Switzerland. Several weeks later, after gathering our thoughts from everything we saw, heard, and contributed to in Davos, we’d like to expand on our cybersecurity perspectives from the Forum and provide five additional insights.
Unless you’ve been avoiding your inbox like a cybercriminal avoids sunlight, you’ve probably seen something like this before: That right there is a classic example of a phishing email. Most security-aware individuals can spot a phishing email from a mile away. In the past, it used to be the misspellings, such as in this email, that gave it away. Now, misspellings and poor grammar aren’t ideal indicators of phishing attempts.
The city government of Oakland has declared a state of emergency after it was hit by a ransomware attack. The attack, which began in the evening of February 8th, has forced the city to take all its IT systems offline, and has affected many non-emergency services, including the ability to collect payments, issue permits, and process reports.
Info-stealers are malicious software designed to extract sensitive information, such as passwords, from victim systems. Info-stealers have become one of the most discussed malware types in cybercriminal underground forums. Let’s see how info-stealers have evolved recently to become the threat that they are. Then, we’ll look at a specific stealer freely available as open-source that could be used in future attacks.
In the wake of Killnet’s latest DDoS attack on U.S. hospitals on January 30, SecurityScorecard has made its KillNet open proxy IP blocklist available to the public. This list is the product of the SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team’s ongoingresearchintoKillNet. We released this list to help organizations better defend themselves against KillNet and other groupslike it by preventing traffic from exploitable assets.
How geopolitics and hacktivism is causing trouble for the healthcare industry
With organizations becoming increasingly digitally connected, a lack of visibility into their vendors’ security diligence has made exploiting these relationships a go-to tactic for cybercriminals. So, what can organizations do to minimize risk stemming from their business ecosystems?
