Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Chief Information Security Officer (CISO) is a relatively recent addition to the ranks of organizational leadership. It is a key role for businesses and organizations that possess the necessary resources and recognize the need for a robust security program. When leveraged properly, the CISO assumes a leadership position that is integral to an organization’s C-suite.

In today’s interconnected world, organizations face numerous threats from external attackers aiming to exploit vulnerabilities in their systems. Understanding how to prioritize risks in the external attack surface is crucial for mitigating potential vulnerabilities and safeguarding sensitive data. In this comprehensive guide, we will delve into the key considerations and best practices to help you effectively prioritize and manage risks in your organization’s external attack surface.

A basic Google search for the term “cybersecurity” will turn up dozens of competing advertisements for companies promising to solve all your security woes and keep attackers at bay with their version of a “technology silver bullet” – the end all be all that you must, according to them, purchase right now. It’s not that technology isn’t essential to your security strategy; it’s vital!

As a kid, keeping a secret meant not telling anyone else information that a friend chose to share with you and trusted you to protect. In the digital era, protecting customer and employee sensitive data works similarly. Although establishing privacy controls and maintaining data protection are more difficult when managing complex IT environments, the principles underlying your data protection initiatives remain the same.

The FFIEC Cybersecurity Assessment Tool (CAT) is a diagnostic test designed to help institutions identify risks and gauge cybersecurity preparedness. The tool is primarily for financial and non-depository institutions, enabling organizations to make risk-driven security decisions informed by regular cybersecurity assessments and standardized risk measurement criteria.

With the worldwide popularity of Android and its open-source software, hackers have an increased incentive and opportunity to orchestrate attacks. A Google search for “Android malware” brings up headlines like these, all from the past few days or weeks: SecurityScorecard recently analyzed a specific threat known as the AhMyth RAT (remote access trojan), which made headlines for infiltrating a popular screen recording app on the Google Play Store.

Cyberattacks on state and local governments are on the rise. In 2020, more than 100 government agencies, including municipalities, were targeted with ransomware – an increasingly popular attack vector. Recently, average down time from cyber attacks on these targets is 7.3 days and results in an average loss of $64,645. These incidents are costly and disruptive. Most state cybersecurity budgets are a paltry 0% to 3% of their overall IT budget on average.

In cybersecurity, being well-versed in the wide range of resources available for protecting and enhancing your digital environment is crucial. One of the most significant and effective tools is the Mitre ATT&CK Framework. Read on for an in-depth exploration of this critical cybersecurity framework and how you can apply it to your own organization.

This week, SecurityScorecard is participating in the US Chamber of Commerce’s Cyber Security Trade Mission to Israel. This has been a valuable experience to not only share our cybersecurity knowledge, but to learn more about Israel’s cybersecurity efforts, and those of other countries.