We all accept a certain degree of risk in our lives. So, to varying degrees, we’re all operating – to use cybersecurity parlance – with an assume breach mindset. Meaning, we accept that attacks are inevitable and, as such, we focus time and effort on protecting the assets that matter most. In short, we buckle up for safety.

The expanding attack surface of an increasingly interconnected digital world comes with a high degree of risk due to ransomware, phishing attempts, supply chain attacks, data breaches, and other cyber incidents. And while many organizations recognize the need for cyber insurance, a recent Forrester Research report found that only 55% of organizations in North America have purchased cyber insurance. 1

Vendor risk management (VRM) has become a critical component of business continuity, especially given today’s cybersecurity threat landscape. That said, VRM is challenging. Collaborating with vendors involves the sharing of sensitive information and presents difficult tasks. In particular, assessing a vendor’s role in an organization’s business operations is crucial to mitigate supply chain risks.

With the rise of remote work and shadow IT, more devices and apps (both sanctioned and unsanctioned) are connecting to your organization’s network. Today, there are approximately five million mobile apps currently in circulation: approximately three million for Android and two million for iOS. That’s great for productivity, but less than ideal when it comes to security.

If you operate in specific sectors, cybersecurity maturity is more than a best practice, it’s a regulatory requirement. These regulations are complex and constantly changing. To help you better understand your organization's regulatory environment and the standards and controls they stipulate, let's break down key cyber compliance regulations by industry.

As an enterprise leader or cybersecurity professional, you know that the threat landscape is expanding. You know that cybercriminals get smarter every day, using ever-more sophisticated weapons to attack organizations, disrupt operations, and compromise sensitive IT assets. To protect your organization from these attackers, you must assess and strengthen your cybersecurity posture. In this blog we’ll show you how to do both.

This week kicks off the 6th annual National Supply Chain Integrity Month, an initiative started by CISA and other government agencies to highlight the importance of securing our nation’s most critical systems. This year’s theme, “Supply Chain Risk Management (SCRM) – The Recipe for Resilience,” is meant to encourage all stakeholders to apply a comprehensive approach in their efforts to strengthen cyber defenses.

A risk register is a tool used to manage potential problems or risks within an organization. It helps to identify and prioritize risks, their likelihood of occurrence, and provides ways to mitigate them. Risk registers allow you to play offense and defense – you’re proactively planning for potential challenges and minimizing their impact on your project’s success in the event that the roadmap does veer off course.

Are you aware of the risks involved in doing business with parties sanctioned by the Office of Financial Assets Control (OFAC)? How does this impact your vendor management? OFAC stands for Office of Foreign Assets Control within the Treasury Department. As part of the U.S. government measure to enforce anti-money laundering/counter terrorism financing regulations, OFAC oversees economic and trade sanctions. These sanctions are against countries, individuals, or outfits engaged in disreputable actions.

There has been a lot of talk about ChatGPT since it burst onto the market several months ago. And despite its infancy and the lack of standardized regulations around intelligent automation — the OpenAI tool has exploded into the tech ecosystems of businesses everywhere. While many see significant benefits from its use, few discuss the cyber risk to the industry and our organizations.