A challenging dynamic exists between the CISO and the Board of Directors. While both stakeholders focus on risk management, their approaches to risk and the language they use are notably different. Though regulations like the NIS2 directive and SEC cybersecurity disclosure rules have given CISOs a bigger seat at the table, the legal requirements and operational prioritization to meet them have exposed a difference in perspective and understanding between the two roles.

Almost a decade after their emergence, Progressive Web Apps (PWAs) finally went mainstream in 2024. Their MO? To compete with, and in some cases replace native apps. To do this, PWAs promise to combine the best features of web and native mobile apps, delivering seamless, reliable, and engaging experiences across all devices and platforms. Cross-platform compatibility, direct distribution, cost and maintenance advantages – it all sounds very alluring.

Balancing robust security with user-friendly access is no small feat. As security professionals, you’ve shared the challenges you face—managing security across a diverse workforce, visibility into security issues, streamlining onboarding and offboarding processes, and ensuring compliance with regulatory requirements. And we’ve listened.

You may be asking, “why are they changing the questions?” Well, the threat landscape is always changing, so the way we react to those threats needs to change too. This is the only way to make sure that your business stays secure, in addition to it bringing the scheme up-to-date with current security practices. Cyber Essentials will still continue to focus on the five key technical controls which are the best first line of defence against a potential threat.

Ransomware incident response is the need of the hour. Let me explain you why- Ransomware attacks have evolved to become a critical threat in 2024, while recovery from such an attack increased drastically from $1.82 million in 2023 to a whopping $2.73 million this year—which is sans any ransom paid out. Healthcare organizations have fallen victim quite badly, where the cost of data breaches increased by 53.3% since 2020.

In today's complex business landscape, effective executive reporting is not just about sharing information; it's about using the insights to take action and demonstrating the value of your compliance and security efforts. This blog outlines five essential practices to help you refine your reporting skills and ensure your insights resonate with key stakeholders and support informed decision-making. ‍

In the first of our blog series on international data protection, I’m taking a look at how companies can ensure compliance with notice and consent requirements in the USA, China, and Canada. In a world where digital footprints are as common as physical ones, the governance of personal data has become a pressing issue.

SecurityScorecard had the pleasure of participating in the 15th Annual Billington CyberSecurity Conference – a key convening of policymakers and industry thought leaders in our Nation’s Capital. This year’s edition – Advancing Cybersecurity in the AI Age – included over 4,000 registrants and 200 speakers participating in 40+ sessions and breakouts. It would not be an emerging tech and government conference without an extra emphasis on AI.

Around two years ago, memN0ps took the initiative to create one of the first publicly available rootkit proof of concepts (PoCs) in Rust as an experimental project, while learning a new programming language. It still lacks many features, which are relatively easy to add once the concept is understood, but it was developed within a month, at a part-time capacity.