Candid Chats: Does a risk-based approach really make a difference?
In this episode of #CandidChats, we ask if a risk-based approach to #cybersecurity really makes a difference - or is it just hype?
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Risk Management
In The Clouds: What Can Risk Management Do for You?
If your company runs into hidden risks, will you sink or sail? ⛵️ Risk management is the key to steering clear of disaster and keeping your business afloat. About TrustCloud: Our mission is to make it effortless to earn trust in every business relationship. TrustCloud's Trust Assurance platform democratizes every company's ability to quickly and cost-effectively set up, test and get audited for security and compliance certifications, automatically respond to security questionnaires, and confidently share its compliance program with enterprise customers.
Cybersecurity Risks in Hybrid Working Environments
Many companies now operate in a hybrid work environment. The term encompasses any number of specific workplace arrangements, but ultimately refers to a more flexible environment where employees spend a significant amount of time not in the office. So what are the implications of that shift for cybersecurity? Clearly hybrid work environments have a greater reliance on technology. That can increase your organization’s risk of a cybersecurity attack.
Properly Explaining Risk Appetite to the C-Suite
In the first part of this series, we looked at some common issues when a Chief Information Security Officer (CISO) is communicating with the Board. At the heart of many of these issues is how the CISO and upper management view security. As one CISO recently told me, "It's a catch-22 situation: If the business leaders don't consider this to be a business problem, they are unlikely to listen to people they don't consider to be business leaders telling them it is.".
Updated Fraud Risk Guidance Available
Auditors and other anti-fraud professionals have fresh guidance this week on how to manage fraud risk, with an emphasis on data analytics, internal reporting hotlines, and discussion of how effective fraud risk management can deter fraudsters from trying their schemes in the first place. Said guidance comes from COSO and the Association of Certified Fraud Examiners, who released the document earlier this week.
ATO Attacks: What You Should Know About Protection and Prevention
Among all the cyber attack techniques gaining prominence, account takeover (ATO) attacks are perhaps the most unnerving for businesses. Even though financial institutions seem like an obvious target, e-commerce storefronts and online entertainment platforms are also becoming popular targets. For example, online betting website DraftKings fell victim to an ATO attack in 2022, where the perpetrators made off with $300,000.
CISO Health and Wellness: An Unconventional Solution to a Systemic Challenge
At a swanky steak house on Manhattan’s Upper West Side, I sat with 100 other security professionals in a dimly lit wood-panelled room, its walls lined with photographs of famous and near-famous patrons. Nearly all of us were at least one cocktail into our evening of high gustation, storytelling, and network building. (Old Fashioneds were the drink of choice that evening).
Top Emerging Cybersecurity Threats (and How to Mitigate Them)
Just as your organization thinks it is prepared, new cyber threats appear. In March 2023, the European Union Agency for Cybersecurity (ENISA) published its list of the 10 top cybersecurity threats to emerge by 2030.
3 Ways "GRC as Usual" Holds You Back
The world of business has changed dramatically over the past few years. Today, it’s more digital and connected than ever, leaving security and technology teams stretched even thinner. Privacy and data regulations are increasing on a state and national level; threat actors are learning and evolving; and cybersecurity has finally become a boardroom priority! Now that you have leadership’s attention — what will you do? If your answer is “GRC as usual,” it may hold you back.