How do I select a security assessment solution for my business?

A recent research shows high-risk vulnerabilities at 84% of companies across finance, manufacturing, IT, retail, government, telecoms and advertising. One or more hosts with a high-risk vulnerability having a publicly available exploit are present at 5… Continue reading How do I select a security assessment solution for my business?

How security theater misses critical gaps in attack surface and what to do about it

Bruce Schneier coined the phrase security theater to describe “security measures that make people feel more secure without doing anything to actually improve their security.” That’s the situation we still face today when it comes to defending against c… Continue reading How security theater misses critical gaps in attack surface and what to do about it

How to Build the Right Security Assessment

While ISO/IEC 27000, the NIST Cybersecurity Framework, the Shared Assessment SIG, Cloud Security Alliance CAIQ, the Center for Internet Security Top 20 and other standards now prevail in the cybersecurity industry, the third-party risk management disc… Continue reading How to Build the Right Security Assessment

A proactive approach to cybersecurity requires the right tools, not more tools

The key challenge facing security leaders and putting their organizations at risk of breach is misplaced confidence that the abundance of technology investments they have made has strengthened their security posture, according to a study conducted by F… Continue reading A proactive approach to cybersecurity requires the right tools, not more tools

Court Allows Cybersecurity Fraud Case Under Federal False Claims Act

Claim alleges aerospace company committed fraud under the False Claims Act because it failed to meet information security requirements A California federal court in May permitted a lawsuit to go forward alleging a government contractor’s failure to ad… Continue reading Court Allows Cybersecurity Fraud Case Under Federal False Claims Act

Google introduces many G Suite security enhancements

Last week, the big news from Google Cloud Next 2019 was that phones running Android 7.0 or higher can be turned into a security key for G Suite account 2-step verification. But at the event Google also announced a number of G Suite enhancements, many o… Continue reading Google introduces many G Suite security enhancements

Third-party cyber risk management a burden on human and financial resources

Organizations and third parties see their third-party cyber risk management (TPCRM) practices as important but ineffective. There are four major takeaways for key decision makers: Current practices and technologies used to support TPCRM and assess thir… Continue reading Third-party cyber risk management a burden on human and financial resources

Smarter Vendor Security Assessments: Tips to Improve Response Rates

I have been on the receiving end of many vendor security assessments from customers and prospects.  Here are some tips to increase the likelihood that you’ll get a timely, usable response to the next vendor security assessment that you send … Continue reading Smarter Vendor Security Assessments: Tips to Improve Response Rates

Cyber preparedness essential to protect EU from large scale cyber attacks

The possibility of a large-scale cyber-attack having serious repercussions in the physical world and crippling an entire sector or society, is no longer unthinkable. Preparing for major cross-border cyber-attacks To prepare for major cross-border cyber… Continue reading Cyber preparedness essential to protect EU from large scale cyber attacks

New Service Scans Chrome Extensions for Vulnerabilities and Privacy Risks

Over the past few years, hackers have increasingly abused Google Chrome extensions to steal people’s data, inject rogue ads into websites or hijack CPU power to mine cryptocurrency. Now, a new online scanning service aims to shed more light on t… Continue reading New Service Scans Chrome Extensions for Vulnerabilities and Privacy Risks