Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Being part of a governance, risk, and compliance (GRC) team is no easy task, as you have to stay on top of evolving expectations and laws, while connecting different business units together in a way that makes sense to other stakeholders. One area that’s been particularly tough to manage recently has been cybersecurity. From new data security standards to heightened risks around areas like ransomware, GRC teams have their hands full.

‍ With new data privacy regulations going into effect across the globe, small and medium-sized businesses struggle with addressing them effectively. This blog recaps nine key components you should include in your organization’s data privacy program.

If you blinked, you might have missed it… On October 25th 2022, the new standard for the Information Security Management System, ISO27001 was released. Without fuss, and without fanfare. But, to quote a famous movie, “There was a great disturbance in the force.” ISO27001 is possibly one of the world's best-known standards for Information Security Management because it has broken out of the realms of the cybersecurity industry and into the world of business.

The United States Department of Defense (DoD) discovered in February that one of its servers had been sharing U.S. military emails openly on the internet for over two weeks without anyone noticing. This vulnerability affected U.S. Special Operations Command and other DoD customers. Shockingly, plain-text email conversations were exposed and accessible to anyone who knew the IP address of the unsecured server.

When cybersecurity experts speak about a cyber attack, they often refer to actions taken “left of boom” and “right of boom.” In this analogy, the boom is the breach, and the actions organizations take in the aftermath, such as utilizing their incident response plan or working with their cyber insurance company on a claim, are what happens “right of boom.” But it’s the things that happen “left of boom” that can make the difference between proactive and

On Friday, March 10, 2023, California state regulators took possession of Silicon Valley Bank (SVB) and appointed The Federal Deposit Insurance Corporation (FDIC) as receivers. SVB was a 40-year-old commercial bank that was an important lender for the tech and venture capital sector. It’s estimated that half of US venture-backed start-ups were customers of the bank.

Today, many organizations are governed by various types of industry regulations. To name a few: General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA) and California Consumer Privacy Act (CCPA). These regulations are subject to regular and complex amendments, and many compliance officers expect proactive compliance from every regulated company.