Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI risk and security management is unsurprisingly Gartner’s number one strategic technology trend for 2024. But you might be less familiar with number two: Continuous Threat Exposure Management (CTEM). Coined by Gartner in 2022, CTEM isn’t just another buzzy acronym – it’s a powerful process that can help continuously manage cyber hygiene and risk across your online environment.

In March 2022, when the not-so-new-anymore SEC cybersecurity regulations were initially drafted, some argued that smaller reporting companies, defined by having a public float of less than $250 million or an annual revenue of less than $100 million, should be exempt, given the "outsized costs" they faced. Others proposed that these smaller organizations should have a longer disclosure deadline, helping to alleviate the chances of non-compliance.

At the end of May 2024, the largest ever operation against botnets, dubbed Operation Endgame, targeted several botnets including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot. This operation significantly impacted the botnets by compromising their operations and shutting down their infrastructure. Although Latrodectus was not mentioned in the operation, it was also affected and its infrastructure went offline.

Ongoing monitoring is a key step in effective Third-Party Risk Management (TPRM) that helps ensure continuous compliance, cybersecurity performance, and risk management of external vendors and service providers. It’s a necessary step that reinforces how vendors are managing their cybersecurity processes to prevent potential data breaches or reputational damage.

A recent Gartner survey shared that, “61% of companies said their governance goals included optimizing data for business processes and productivity but only 42% of that group believed they were on track to achieve it.” Data governance is often viewed as a prohibitive, controlling, and time consuming process designed to slow down work. Traditional approaches to data governance can make it a complicated effort, detouring teams from implementing it, but it doesn’t have to be.

The Australian Signals Directorate (ASD) is a government agency responsible for providing foreign signals intelligence and ensuring information security for Australia’s national interests. The ASD also significantly enhances the nation’s cybersecurity through strategic advice, standards, and protective measures.

In an age of increasingly complex cyber threats, New Zealand has implemented robust cybersecurity standards to secure the online environment for individuals, businesses, and government entities. New Zealand's cybersecurity approach is unique and effective, from the overarching strategies laid out by national cybersecurity policies to specific regulatory requirements that impact sectors like healthcare and finance.

Digital relationships with third-party vendors increase opportunities for growth, but they also increase opportunities for cyberattacks — a recent study found that 61% of U.S. companies said they have experienced a data breach caused by one of their vendors or third parties (up 12% since 2016). Implementing a vendor risk management strategy aligned with frameworks like the NIST security framework can help mitigate these risks.

As we move further into 2024, the cyber threat landscape continues to evolve, presenting new challenges and opportunities for small businesses. At Obrela, we understand the importance of staying ahead of these threats and securing your digital assets. Here are some cyber security tips for small businesses to help your enterprise to enhance its cybersecurity measures this year and stay ahead of cyber criminals.