Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This article was authored by Dave Burg Cybersecurity has long been framed as an arms race driven by increasingly sophisticated attacks. But that framing is increasingly outdated. The reality emerging from the front line is more uncomfortable: Today’s cyber risk is defined less by breakthrough innovation and more by the industrialization of existing weaknesses.

Enabling seamless user access without compromising security is a complex challenge. Gaurav Sheth, Cynthia Yang and Sorabh Chopra are helping to change that. As part of Kroll’s recently established team dedicated to Digital Identity, their focus is on transforming fragmented administration, manual processes and siloed identity solutions into mature programs.

This article provides an overview of Kroll’s investigation of the GARUDA C2 malware. Stay tuned for our upcoming white paper which will provide a deep dive into the malware’s architecture; command and control tradecraft; observed threat actor tactics, techniques and procedures; and actionable detection and mitigation guidance.

Author: Sadi Zane.

Operational disruptions, regulatory mandates and reputational risks now make data breach notification a strategic necessity. To ensure breach notification is truly impactful, it must be seamlessly integrated into an organization’s incident response plan, for timely, compliant and coordinated communication following cybersecurity incidents.

When a leading insurance and asset management company was impacted by a third- party data breach, it needed to act quickly and decisively to notify affected customers. Kroll’s elite breach notification, monitoring and call center services enabled the company to provide tailored information and support to more than 2.5 million people in just four months, as well as delivering in-depth tracking and reporting for complete visibility and assured regulatory compliance.

Each month, our Cyber Threat Intelligence team compiles data from our engagements to determine key industry trends. We look at the initial access methods threat actors are using to gain entry into a network, types of incidents most commonly impacting organizations, which sectors are being more heavily targeted, and which threat groups are most prevalent.

Industrial organizations face a new era of risk. As operational technology (OT) environments become more connected, the challenge of securing access and maintaining visibility continues to grow. In response, Kroll, Saviynt, Nozomi Networks and CrowdStrike have joined forces to deliver a unified solution that empowers organizations to protect their critical infrastructure without disrupting operations.

Despite cybersecurity representing a strategic and even existential risk to organizations today, stakeholder transparency and a strategic vision to manage it are often lacking. Too frequently, transparency is achieved only after a significant security incident. This is a problem.

Artificial intelligence (AI) adoption is fast becoming a strategic necessity for modern businesses. With adoption continuing at pace, a carefully considered strategy is essential for gaining or maintaining a competitive advantage, managing downside risk and addressing the continued regulatory, legal, ethical and operational complexities presented by AI.