Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Our latest update incorporates risk evaluation built upon financial quantification. A critical component of the risk evaluation feature is the top risk matrix, which provides risk metrics for tracking, benchmarking, and reporting. By analyzing risk drivers through the ATT&CK MITRE framework’s initial vectors and event types, Kovrr provides a comprehensive breakdown that enables a detailed understanding of the likelihood and the potential of risks.

As cyber security threats proliferate, cyber risk conversations are no longer limited to the Security Operations Center (SOC); they command the attention of the C-suite and the boardroom. Ultimately, cyber-crime is a significant and prominent issue. The average cost of a data breach in the U.S. has soared to nearly $9.44 million this year. Since 2018, cyber insurance carriers report that incident-related claims increased by an astonishing 486%, the majority being ransomware-related.

CVE-2023-2868, a vulnerability in the Barracuda ESG was announced on May 23. On June 15th, a report surfaced, attributing the exploitation of this vulnerability to a threat actor group tracked as UNC4841, which analysts believe is conducting espionage on behalf of the Chinese government. SecurityScorecard’s STRIKE Team consulted its datasets to identify possibly affected organizations.

Maintaining an accurate overview of an organization's assets can be a challenge for any Chief Information Security Officer (CISO). You are not alone in this.

As the industry’s first automated compliance platform, Vanta includes a wealth of pre-built content, which enables customers without existing compliance processes to quickly get up and running. ‍ But more mature organizations may already have a compliance program — from the processes they follow to the definitions of their compliance and security surface area — that is built to meet their unique compliance goals, auditor requirements, and tech stack.

Cyber insurers regularly get requests for new business and increased limits. How can they determine which organizations will be a risk worth taking? In my previous blog, I discussed how understanding an applicant’s cyber hygiene is the best indicator of whether they may experience a successful ransomware or other cyber attack. In this blog, I’ll walk through how to measure an applicant's cyber hygiene and which metrics are categorically proven to stand out.

Cyber threat hunting is a proactive security strategy that involves searching for threats within a network before they can cause significant damage. Unlike traditional methods, which are reactive and wait for an alert before taking action, threat hunting seeks to actively identify and mitigate hidden threats that have evaded initial security measures. Threat hunting involves constant monitoring and data analysis to spot suspicious behavior that may indicate a cyber attack.

TrustCloud teamed up with Dansa D’Arata Soucia on our Risk Rodeo webinar, to discuss everything you need to know to wrangle up risks with confidence. Our panelists weighed in on the four things that auditors look for in risk management processes.

Every day, businesses grapple with phishing attacks, data breaches, and other cyber threats that can cause significant damage. These potential risks underscore the need for cyber security awareness training for employees. Such training isn't about identifying the weakest link, but about fostering a security-conscious culture where all staff members are informed and confident.

Cybersecurity is not an easy task. New threats are constantly emerging—in your IT infrastructure and that of your vendors and partners. But, as a cybersecurity leader, you can help your organization mitigate these threats if you adopt cyber risk exposure management practices. In this blog, we explore everything you need to know about how cyber risk exposure and management can help you reduce the risk of gaps and vulnerabilities in your network and across your third-party supply chain.