Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Risk Management

Exploit of Log4Shell Vulnerability Leads to Compromise of Major South American Vaccine Distributor

On June 23, The Cybersecurity and Infrastructure Security Agency (CISA) and the United States Coast Guard Cyber Command (CGCYBER) released a joint Cybersecurity Advisory (CSA) warning network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers.

How to Determine Your Risk Tolerance Level

All the risk management measures an organization might take to address cybersecurity threats depend on one critical question: What is the organization’s risk tolerance? Risk tolerance is a concept borrowed from investment strategy and is part of various risk assessment methodologies. Investors with high risk tolerance are willing to endure volatility in the stock market and engage in risky investments; those with a low risk tolerance are more cautious.

What is a Chief Risk Officer (CRO) & Why Does Your Organization Need One?

All organizations have a team of C-suite executives to set strategy and run the business. Typically that group looks quite similar from one organization to the next, with the chief executive officer, chief technology officer, and chief financial officer among the most important. But do you also have a chief risk officer? Do you even need a “CRO”? What are the CRO’s responsibilities, anyway; and what is his or her role in enterprise risk management (ERM)?

How to Develop a Risk Culture at Your Organization

Risk is inseparable from the modern business landscape – and therefore, every company needs an effective risk management program to identify, assess, manage, and mitigate risk. Robust processes, solid internal controls, and an enterprise risk management framework can help an organization identify best practices, share knowledge, and track metrics to meet these strategic objectives. But another critical element to risk management binds all those other components together: risk culture.

How COVID-19 Affected and Caused Cyberattacks on Hospital Systems

Healthcare organizations such as hospitals and clinics are vulnerable to all manner of cyberattacks, particularly phishing and business email compromise (BEC) scams, man-in-the-middle (MitM) attacks, and data breaches. Third-party risks and ransomware risks are also serious security problems in healthcare, especially in the post-COVID era. The medical world had already noted such cyberattacks years ago. The COVID-19 pandemic only underlined those worries about cyber attacks.

Meeting the 3rd-Party Risk Requirements of The NY SHIELD Act

The Stop Hacks and Improve Electronic Data Security (SHIELD) Act is designed to protect the personal data of all New York residents. This act broadens the data privacy and protection standards stipulated in the Gramm-Leach-Bliley Act (GLBA) and the New York Department of Financial Services (NYDFS). What makes this particular data protection law unique is its inclusion of biometric information, usernames, and passwords in the category of personal information.