On March 2nd, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint Cybersecurity Advisory (CSA) – #StopRansomware: Royal Ransomware. We highly encourage everyone in a security role to read the Advisory, as it contains recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Royal ransomware.

The recent collapse of Silicon Valley Bank (SVB) has sent shockwaves through the tech industry, prompting many individuals and companies to move their bank accounts to other financial institutions. However, in the midst of this turmoil, cybercriminals are poised to take advantage of people’s fears and concerns. If you’re planning to move your bank account or have already done so, it’s important to be aware of the security risks associated with this process.

In early March, the SANS Institute, whose mission is to empower cybersecurity professionals with the practical skills and knowledge to make the world a safer place, shared some insightful findings based on their survey on ransomware and malware intrusions in 2022. The survey included participants in various roles and industries from organizations worldwide of all sizes. “In this survey, we wanted to understand what the past year looked like for our respondents.

You’ve just sat down to start your work day and you’re going through your emails, hot cup of coffee in hand. You see an email from your company’s IT department telling you to install an update ASAP. As soon as you click the link in the email, you realize you probably should have checked with IT first.

We’re proud to announce that SecurityScorecard has been named to Fast Company’s prestigious annual list of the World’s Most Innovative Companies for 2023. This list highlights companies at the forefront of their respective industries, who are rethinking business and culture, while paving the way for future innovations. We’re honored to join the ranks of other innovators, such as OpenAI, Disney, and Tiffany & Co.

While things can sometimes seem “back to normal” in the rest of the world, the devastating war is still going on in Ukraine, affecting millions of innocent civilians. Reflecting on the past year’s suffering of the Ukrainian people, we’d like to summarize the cyber warfare aspect of this conflict. In 2022, Russian government-backed cyberattacks targeted users in Ukraine more than any other country.

Today’s release of the White House’s National Cybersecurity Strategy is the result of more than a year of government and industry collaboration that sets new boundaries for the government approach needed to improve global cyber defenses. The strategy clearly represents a shift away from decades-old voluntary compliance regimes to a more aggressive regulatory construct that seeks to shift cyber burdens onto providers/developers and owners and operators of critical infrastructure.

There are two kinds of CISOs: pre-breach and post-breach. Pre-breach CISOs are overly focused on tools and thinking about investing in prevention technologies. They do this almost to the exclusion of thinking about recovery and timely restoration of services once something bad actually occurs. And something bad will happen; it’s not a matter of if, but when (and how often, I might add, so “breach cadence” seems a more suitable KPI than breach likelihood).

Third-party risk management is a well-known industry term that emphasizes the importance of looking outside yourself to identify potential risks to your organization. In the current business landscape, where you are communicating and collaborating with dozens, if not hundreds, of other organizations, focusing on your own cyber risk and that of your third parties is not enough.

On the final day of the World Economic Forum, we shared SecurityScorecard’s five key cybersecurity insights based on the discussions that dominated our time in Davos, Switzerland. Several weeks later, after gathering our thoughts from everything we saw, heard, and contributed to in Davos, we’d like to expand on our cybersecurity perspectives from the Forum and provide five additional insights.