During the last week of December, a threat actor who goes by the name “Ryushi”, claimed to be selling public and private data of 400 million Twitter users, which was scrapped in 2021, using an API vulnerability which was fixed by Twitter in 2022. Since then, Ireland’s Data Protection Commission (DPC) notified that it "will examine Twitter's compliance with data-protection law in relation to that security issue".
Even maintaining current budgets can be hard as companies look for cost savings in non-revenue-generating areas. But you don’t have to wait for a cyber attack to occur to prove that you need to invest in cybersecurity. Instead, CISOs can demonstrate the ROI of their current spend, and potentially convince other leaders to increase budgets, by using cyber risk quantification (CRQ).
I am yet to meet a CISO who has been given unlimited resources to secure the organization, and in almost all cases, there is more work that can be done to improve security. So given infinite time and resources, how to prioritize the next strategic initiative or project? The increasing maturity of security control frameworks such as those developed by NIST and CIS provide a good structure for maturing a cyber security programme, mapped to preventing common tactics, techniques and procedures .
In recent times it has become clear to organizations that the handling of data is a very important matter, as the exposure or misuse of data are both a serious threat to an organization's financial standing and reputation, and must be accounted for in each organization's risk posture. In terms of high-profile data breaches, this year has been no different than previous years, seeing its fair share of ransomware attacks and data exposure.
Custom Damage Types provide users with the ability to add specific types of damages that will be taken into consideration as part of the modeling process when quantifying financial exposure. This means, organizations now have a unified view of costs that consider company specific data alongside out of the box modeled costs. Users will need to provide a range of possible costs and create a scenario that triggers assigned costs.
To get a handle on increased cybersecurity threats, businesses need to know what’s at stake. If you don’t know what you’re defending and what the implications of a cyber event could be, then it’s hard to make cybersecurity decisions. For example, you could be spending time and money on cybersecurity awareness training while your biggest vulnerabilities stem from third-party exposure.
Third party cyber risk can be a lot like the wild wild west - it’s hard to predict where your next loss will come from. We know that third-party cyber events can lead to millions of dollars of loss revenue, remediation costs, regulatory fines & more. That’s why Kovrr has made significant updates to their platform to help put a financial quantification on risk derived from your organization’s third parties.
