GRC programs are often viewed as cost centers. But, they can in fact be profit drivers by contributing to sales acceleration, cost and time savings, and risk reduction. The real question is, how can you prove that to the board? TrustCloud teamed up with ISSA to discuss.

The NIS2 Directive, published in December 2022, sets out a series of measures for improving cyber risk management throughout the European Union. All EU member states must apply the Directive as part of national law by October 2024. By the same date, all applicable organizations must comply with the measures set out in NIS2.

Backdoor attacks are on the rise. In 2022, this relatively little known cyberattack vector overtook ransomware as the top action deployed by cybercriminals. According to the IBM Security X-Force Threat Intelligence Index 2023, nearly a quarter of cyber incidents involved backdoor attacks. But what is a backdoor attack and how can you protect your organization from becoming a victim? Let’s explore this stealthy threat.

Yesterday the US Securities and Exchange Commission (SEC) voted 3-2 to issue long-awaited regulations that mandate uniform cyber incident disclosures for public companies. The SEC’s rulemaking progress has been lengthy and controversial, and cybersecurity experts and business advocates have been eagerly awaiting the release of the final rules after more than a year of public comment and lobbying from business and cyber experts.

The financial services sector is one of the highest performing in terms of cybersecurity. One factor that contributes to this performance is regulation. Laws such as FFIEC IT, the Gramm-Leach-Bliley Act, NYDFS, GDPR, and SOC2 have placed pressure on financial services companies to build and enforce some of the strongest cyber risk management programs across any industry. You should consider another factor, which is money.

On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) voted to adopt new cybersecurity requirements for publicly traded companies, creating new obligations for reporting “material” cybersecurity incidents and requiring more detailed disclosure of cybersecurity risk management, expertise, and governance. Companies will be required to disclose risks in their annual reports beginning on December 15, 2023.

Network vulnerabilities can leave an organization’s entire IT environment compromised. Sensitive data can be lost or (even worse) stolen by cybercriminals. A data breach can severely harm your company’s reputation and bring substantial financial losses. Worse, these vulnerabilities are constantly evolving. Hackers have proven methods to infiltrate a seemingly secure network, and they employ various tricks, devices, and information to get the job done.

Data privacy has become a paramount concern in the digital age, as organizations collect and process vast amounts of personal information. As a result, governments are increasingly enacting data privacy laws. While the European Union’s General Data Protection Regulation (GDPR) sets a global benchmark for data protection, the United States lacks a comprehensive federal data privacy law. Instead, businesses operating in the U.S.

SecurityScorecard recently joined the World Economic Forum’s Centre for Cybersecurity and UC Berkeley’s Center for Long-Term Cybersecurity (CLTC) for a private, invite-only workshop in Washington, DC alongside global leaders, CEOs, and CISOs to identify trends and insights that will most likely impact cybersecurity in the next decade of 2030 via future-focused scenarios with emerging cybersecurity challenges.