Protecting the Empire State
Governor Kathy Hochul recently unveiled New York’s first-ever state-wide cybersecurity strategy, intended to protect the state’s digital systems and infrastructure from the ever-growing presence of cyber threats.
Governor Kathy Hochul recently unveiled New York’s first-ever state-wide cybersecurity strategy, intended to protect the state’s digital systems and infrastructure from the ever-growing presence of cyber threats.
Today, electricity is so ubiquitous that it’s difficult to perform even basic tasks without it. But when electricity was first introduced, it took decades for broad acceptance and adoption because it was misunderstood and misused. Slowly, the benefits began to outweigh the cons. As with any innovation, there are setbacks, but electricity has overwhelmingly been a force for good. The same can be said about cybersecurity risk ratings. Are they perfect? No.
2023 is a year of “digital forest fires.” The MOVEit and the Barracuda Networks’ email supply chain attacks underscore the massive butterfly effect a single software flaw can have on the threat landscape. Supply chain attacks spread like a forest fire. Once cybercriminals compromise widely used software, attackers gain access to potentially all organizations that use that software.
Yesterday the US Securities and Exchange Commission (SEC) voted 3-2 to issue long-awaited regulations that mandate uniform cyber incident disclosures for public companies. The SEC’s rulemaking progress has been lengthy and controversial, and cybersecurity experts and business advocates have been eagerly awaiting the release of the final rules after more than a year of public comment and lobbying from business and cyber experts.
SecurityScorecard recently joined the World Economic Forum’s Centre for Cybersecurity and UC Berkeley’s Center for Long-Term Cybersecurity (CLTC) for a private, invite-only workshop in Washington, DC alongside global leaders, CEOs, and CISOs to identify trends and insights that will most likely impact cybersecurity in the next decade of 2030 via future-focused scenarios with emerging cybersecurity challenges.
In the digital age, an organization’s cybersecurity posture is as strong as its intelligence. Open-source intelligence (OSINT) has emerged as a vital tool for businesses, non-profit organizations, and governments alike to fend off cyber threats. This guide offers a deep dive into the realm of OSINT, detailing its importance, applications, challenges, and how SecurityScorecard’s cybersecurity assessment platform empowers organizations to utilize it effectively.
CVE-2023-2868, a vulnerability in the Barracuda ESG was announced on May 23. On June 15th, a report surfaced, attributing the exploitation of this vulnerability to a threat actor group tracked as UNC4841, which analysts believe is conducting espionage on behalf of the Chinese government. SecurityScorecard’s STRIKE Team consulted its datasets to identify possibly affected organizations.
Cyber threat hunting is a proactive security strategy that involves searching for threats within a network before they can cause significant damage. Unlike traditional methods, which are reactive and wait for an alert before taking action, threat hunting seeks to actively identify and mitigate hidden threats that have evaded initial security measures. Threat hunting involves constant monitoring and data analysis to spot suspicious behavior that may indicate a cyber attack.
Threat intelligence is one of the most potent weapons we have against digital hazards. Yet, many organizations remain uncertain about what it entails, how to apply it effectively, and what threat intelligence solution to choose. This lack of understanding could be detrimental as cyber threats continue to evolve, becoming more sophisticated and disruptive. So, what is threat intelligence, and how can it help bolster an organization’s security posture?
The evolving threat landscape necessitates proactive approaches to identify, assess, and mitigate potential cyber security risks. Threat intelligence is one of the most potent weapons we have against digital hazards. Yet, many organizations remain uncertain about what it entails, how to apply it effectively, and what threat intelligence solution to choose. This lack of understanding could be detrimental as cyber threats continue to evolve, becoming more sophisticated and disruptive.