Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Cyber Risk Retainers: Not Another Insurance Policy

The costs associated with a cyberattack can be significant, especially if a company does not have an Incident Response plan that addresses risk. The one-two punch of a cyberattack can be devastating. There is the breach and then the related mitigation costs. Implementing a comprehensive Incident Response (IR) game plan into a worst-case-scenario should not be a post-breach scramble. And when that IR strategy includes insurance, it also must address a business’s level of cyber risk.

Cyber Risk and CFOs: Over-Confidence is Costly

Our CFO cybersecurity survey has shown that Chief Financial Officers are highly confident in their companies’ abilities to ward off cyber security incidents, despite being somewhat unaware of the cyber vulnerabilities their business faces. Almost 87% of the surveyed executives expressed this confidence, yet 61% of them had suffered at least three significant cyber incidents in the previous 18 months.

Guide to Cloud Penetration Testing: What It Is and Why You Need It

Odds are, you are already in the cloud. According to the Flexera 2021 State of the Cloud Report, 99% of people surveyed are using at least one cloud service in their business, and 97% of respondents are using at least one public cloud. The rewards of moving into the cloud are significant. In the cloud, you can build and launch new services and add computing capacity more easily than you can on premises, and in a more cost-effective manner.

How Penetration Testing Can Better Prepare You for a SOC 2 Audit

The goal of a SOC 2 audit is to evaluate and verify how a service provider, whether an IT provider, Software-as-a-Service (SaaS) platform, or other outsourced solution, handles sensitive customer data. Companies are pursuing SOC 2 certification because it is an industry-recognized way to show customers that their security program is worthy of their trust. When thinking about how to prepare for a SOC 2 audit, cyber risk assessment and penetration testing should be on your list.

What Is Application Security? Trends, Challenges & Benefits

Application security is integral to software development, and the majority of organizations now have dedicated AppSec programs. In the past five years, there has been a marked cultural shift, with application security becoming a strategic initiative that spans departments rather than an activity, like periodic scanning, code reviews, or testing or a transactional event related to a security assessment.

Q2 2022 Threat Landscape: Ransomware Returns, Healthcare Hit

In Q2 2022, Kroll observed a 90% increase in the number of healthcare organizations targeted in comparison with Q1 2022, dropping the final nail in the coffin for the “truce” some criminal groups instituted earlier in the COVID pandemic. Ransomware helped to fuel this uptick against healthcare as attacks increased this quarter to once again become the top threat, followed closely by email compromise.

How to Assess Your Organization's Application Security

Application security assessments are more critical than ever before. Digital transformation is required to meet the expectations of customers in many industries, meaning that companies are looking for software products to help them modernize their operations and meet those demands. However, choosing a piece of software is an expression of trust: by bringing your software into their network, customers are looking to accomplish their goals without letting attackers in.

Optimizing the CISO and Board Roles in Heightened Risk Periods

With companies in virtually every industry facing persistent and increasing cyber security threats, federal regulators are taking steps to protect customers and investors. In March, the SEC proposed new cyber security transparency rules that would require publicly traded companies to disclose, among other things, the cyber security expertise—or lack thereof—among their board members. This is despite the evidence that it is a recognized risk within businesses.

The Rise of Vishing and Smishing Attacks - The Monitor, Issue 21

Kroll has observed an increase in two social engineering tactics known as “vishing” and “smishing.” These tactics use phone calls, voice altering software, text messages and other tools to try to defraud unsuspecting people of valuable personal information such as passwords and bank account details for financial gain. These types of attacks use similar techniques to the common infection vector, phishing.