According to recent research, 92 percent of large organizations use more than one cloud. The report also predicts that by the end of 2021, 55 percent of enterprise workloads will rely on a public cloud. Clearly cloud adoption is expanding, and will continue to do so into the future. Despite its prevalence, cloud computing can be a confusing concept.

Before this particular bit of news sails downstream, internal control professionals might want to note that an SEC commissioner spoke this week about the importance of internal controls for cybersecurity. She raised a few points worth considering. The remarks came from Caroline Crenshaw, a Democratic appointee to the Securities and Exchange Commission who, in my opinion, is something of a stalking horse for SEC policy.

NIST is the abbreviated name of the National Institute of Standards and Technology. It’s one of many federal agencies under the U.S. Department of Commerce, and is one of the oldest physical science laboratories in the United States. The agency develops technology and security policies that help drive innovation in science and technology-related industries; and better prepares those industries to meet the requirements of the Federal Information Security Management Act (FISMA).

Last year, as most people were stuck at home, many of us became even more dependent on e-commerce sites than we were already. Unfortunately, that includes cybercriminals too. In 2020, scams targeting the checkout forms of online retailers rose by 20%, according to reports.

If your organization handles any type of payment processing, storage, or transmission of credit card data electronically, you’ll be very familiar with PCI DSS (formally known as the Payment Card Industry Data Security Standard). This standard exists to protect debit and credit cardholder data from unauthorized access via data breaches, ransomware, and other security breaches. However, with the rise in these breaches also comes the rise in changes and rules to the PCI DSS.

A famous 2011 article by security adviser Roger Grimes is intriguingly titled, “To beat hackers, you have to think like them.” In the article, Grimes explains that IT security professionals must view IT systems through the eyes of hackers — and search ways to break into these systems, identify weaknesses, and create robust security measures. That is exactly what penetration testing is all about.

From innocent but costly mistakes to fraudulent manipulations, all organizations are subject to significant risks that can jeopardize financial reporting or lead to the loss of corporate assets. That’s why it is imperative to establish a robust system of internal controls to reduce or prevent such threats to the organization.

Most companies know how to engage in a security risk assessment. However, the first step in the security assessment process should be engaging in a data risk assessment. While the two sound similar, they provide different insights. This guide to performing a data risk assessment explains what it is, why it’s important, and how to engage in one.

This week, the popular web host GoDaddy reported that it experienced a serious data breach impacting 1.2 million customers. Is your organization at risk, and what should you do? Here’s what you need to know.