Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Kroll

Aligning Legal and Information Security - State of Incident Response 2021

The State of Incident Response 2021 surveyed 400 information security and 100 legal and compliance leaders from companies with over $500M in annual revenue, identifying a lack of clarity from information security professionals about when and how to engage legal as part of an incident response. The survey also identified challenges with digital evidence preservation, breach notification readiness, a proper communication process.

Incident Response Automation Challenges - State of Incident Response 2021

With the volume and sophistication of cyber threats growing, we asked 400 information security and 100 legal and compliance leaders from companies with over $500M in annual revenue how their organizations are planning to deal with incident response. Nearly all teams plan on automating more of their IR process, but nearly half face headwinds like lack of in-house expertise, lack of proper technology, and lack of bandwidth.

Cybersecurity Budgets Increasing, But Internal Challenges Remain - State of Incident Response 2021

We surveyed 400 information security and 100 legal and compliance leaders from companies with over $500M in annual revenue and more than half reported increased cybersecurity budgets for next year and that their executive leadership is more aware of cyber threats. However, over 40% report internal obstacles with the adoption of security processes, lack of organization-wide support, and a "bare minimum" approach to security.

The Role of Managed Detection and Response - State of Incident Response 2021

Internal security teams are overwhelmed by cyber threats and finding seasoned incident response professionals is now harder and more expensive. The State of Incident Response 2021 surveyed 400 information security and 100 legal and compliance leaders from companies with over $500M in annual revenue to learn how managed detection and response vendors are incorporated into their security programs. Over 76% of organizations are relying on a third-party vendor to augment in-house capabilities, and their biggest benefit is delivering faster containment, response, and more automation capabilities.

Introducing Kroll's Third-Party Notification Platform

Kroll’s third-party breach management platform cuts through the complex logistics of coordinating breach notification for a compromised entity and the consumer-facing organizations with which they work. Watch this video to see how we help clients navigate through the complexities of breach notifications with third-parties.

Three Tactics to Bypass Multi-factor Authentication in Microsoft 365

Microsoft 365 (M365) has quickly become one of the most utilized email platforms and, thanks to a variety of productivity and communication applications deeply embedded in enterprise processes, it’s also a popular target for cyber criminals. Microsoft certainly understands that and has enabled extensive security mechanisms for M365, including multifactor authentication (MFA), which requires users to present more than one form of authentication before login.

Critical Unauthenticated SQL Injection Vulnerability Patched in WooCommerce

On July 14, 2021, WooCommerce issued an emergency patch for a critical vulnerability allowing an unauthenticated attacker to access arbitrary data in an online store’s database. WooCommerce is one of the most popular e-commerce platforms in the world and is installed on over five million websites. Additionally, the WooCommerce Blocks feature plugin, which is installed on more than 200,000 sites, was affected by the vulnerability and was patched at the same time.