Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

NIS 2 Directive: Leveraging regulatory compliance and technology to reduce risk

Cyber threats pose a significant risk to organizations due to today's increasingly interconnected digital landscape. To address these challenges and ensure the security and resilience of critical infrastructure and digital services, the European Union introduced the Directive (UE) 2022/2555, commonly known as NIS 2 - which was actually approved on the same day as DORA, both being critical in how the EU is leveraging regulatory compliance and technology to reduce cyber risk.

4 Ways To Improve Your Cloud Security Posture Management

The cloud can be cost-effective, scalable, flexible and – mostly – secure. So, it’s not surprising that 94 percent of enterprises use cloud services, 67 percent of enterprise infrastructure is cloud-based, and 92 percent of businesses have a multi-cloud strategy in place (source). But that doesn’t mean that breaches can’t happen.

Supply Chain Resilience: 4 Ways to Get Ahead of Third-Party Cyber Risk

Recent events, including the 2020 COVID-19 pandemic, shifts in demand, and labor shortages have shone a spotlight on supply chain resilience – or lack thereof. In response, business leaders recognize that becoming more resilient is a necessity and are looking at strategies for doing so. As a best practice, Gartner recommends that companies diversify their manufacturing networks, utilize regional or local supply chains, add buffer capacity, and more.

What Role Does Procurement Play in Supply Chain Risk Management?

Thanks to globalization and rapidly developing technology, enterprise involves more connections than ever before, and more connections means more risk in the supply chain. Supply chain risk extends past those suppliers with whom you’re doing business directly. Beyond your third-party suppliers are their suppliers, and the supply chain continues branching out from there. In today's connected world, organizations must not isolate their supply chain risk management.

Road to DORA and PS21/3 Compliance: Leveraging Technology to Reduce Risk

In today's interconnected and digital world, businesses face increasing risks, particularly in the realm of cybersecurity. To address these risks and ensure the operational resilience of financial institutions, industries and governments push for regulatory frameworks. Two prominent examples are the EU's Digital Operational Resilience Act (“DORA”) and the UK's Prudential Standard PS21/3 (“PS21/3”).

The SEC's New Cybersecurity Regulations: Understanding the Impact for Companies & Their Shareholders

The increasing sophistication and frequency of cyber threats have exposed companies to significant risks, including data breaches, financial losses, and reputational damage. Investors have become deeply concerned that these risks can negatively impact their investment decisions. As we have previously discussed, companies and their shareholders must tackle the significant and constantly changing challenge of understanding cybersecurity risk.

3 Best Practices for External Attack Surface Management

Your external attack surface is growing rapidly. The adoption of cloud technologies, business growth, a remote workforce, IoT, and a growing supply chain of digital vendors creates an enormous digital footprint and increased cyber risk. External attack surface management (EASM) can help you mitigate and manage this risk—proactively and at scale.

What is Cybersecurity Risk and How Can You Manage It?

In the world of risk management, risk is commonly defined as threat times vulnerability times consequence. The objective of risk management is to mitigate vulnerabilities to threats and the potential consequences, thereby reducing risk to an acceptable level. When applied to cybersecurity risk, this equation provides a great deal of insight on steps organizations can take to mitigate risk.

New SEC cybersecurity rules: Five things every public company CISO should do now

By now you’ve heard about the new cybersecurity rules from the U.S. Securities and Exchange Commission (SEC) requiring public companies to report material cybersecurity incidents and disclose critical information related to cybersecurity risk management, expertise, and governance. Companies will be required to disclose risks in their annual reports beginning on December 15, 2023.

What is a Whaling Attack and How to Prevent It

A whaling attack is a type of phishing attack that targets senior executives. The act of whaling is usually perpetrated via email and involves deceiving victims into initiating actions that put the organization and its assets at risk. In this blog, we explore how a whaling attack works, why executives are targeted, examples of successful whaling attacks, and steps you can take to prevent them.