%term

Evolving the Netskope Risk Exchange Ecosystem

Sep 10, 2024 By Agasthiamani Sankaran In Netskope

The adoption of cloud services, hybrid workforces, the rapid emergence and use of generative AI (genAI) along with the evolving regulatory environment are forcing security and risk management (SRM) leaders to enhance their SRM spending. Gartner forecasts global SRM spending to grow 14% in 2024. Moreover, worldwide end-user spending on SRM is projected to total $215 billion in 2024, an increase of 14.3% from 2023, according to a new forecast from Gartner, Inc.

Read Post

Netskope

Read more about Evolving the Netskope Risk Exchange Ecosystem

How to Conduct a Cyber Risk Assessment

Sep 10, 2024 By Arctic Wolf In Arctic Wolf

In 2023, 60% of incidents investigated by Arctic Wolf Incident Response involved the exploitation of a two- (or more) year-old vulnerability. These vulnerabilities were well known, and the affected organizations had anywhere from months to years to patch them prior to an incident occurring.

Read Post

Arctic Wolf

Read more about How to Conduct a Cyber Risk Assessment

Do We Need Yet Another Vulnerability Scoring System? For SSVC, That's a YASS

Sep 10, 2024 By Ben Edwards In BitSight

The security world is awash in acronyms. As a niche in the security world, vulnerability, tracking, measurement, and management is no stranger to inscrutable collections of capital letters. We’ve got NVD, CPE, CWE, CVSS, EPSS, CAPEC, KEV, and of course “CVE”. The key goal of all these frameworks is to try to help folks organize information around vulnerabilities and assess how their presence might increase an organization's exposure.

Read Post

BitSight

Read more about Do We Need Yet Another Vulnerability Scoring System? For SSVC, That's a YASS

Billington 2024: Key Cybersecurity Takeaways from the AI Age

Sep 9, 2024 By SecurityScorecard In SecurityScorecard

SecurityScorecard had the pleasure of participating in the 15th Annual Billington CyberSecurity Conference – a key convening of policymakers and industry thought leaders in our Nation’s Capital. This year’s edition – Advancing Cybersecurity in the AI Age – included over 4,000 registrants and 200 speakers participating in 40+ sessions and breakouts. It would not be an emerging tech and government conference without an extra emphasis on AI.

Read Post

SecurityScorecard

Read more about Billington 2024: Key Cybersecurity Takeaways from the AI Age

Why MSSPs Are Short on Good External Risk Management Tools

Sep 8, 2024 By Avi Mileguir In Cyberint

If you’ve worked in the Managed Security Services Provider (MSSP) industry for a while, you might remember the era when the MSSP tool set consisted only of internal risk management solutions – like software that scanned client endpoints and application source code. Those days are gone. Today, external risk management has become just as critical a part of an MSSP’s job.

Read Post

Cyberint

Read more about Why MSSPs Are Short on Good External Risk Management Tools

CISA's Secure By Design: A Year Later

Sep 6, 2024 By SecurityScorecard In SecurityScorecard

In April this year, the CISA Secure By Design initiative turned one. The initiative calls for the public and private sectors to work together to challenge and encourage software manufacturing companies to adopt principles to ensure their software is developed and produced as securely as possible. The initiative tracks seven goals that software manufacturers can pledge to develop and transparently track progress towards those goals.

Read Post

SecurityScorecard

Read more about CISA's Secure By Design: A Year Later

Understanding Risk Management in Trading for Newcomers

Sep 6, 2024 By SecuritySenses In SecuritySenses

Risk management is a crucial pillar of successful trading, especially for newcomers navigating the often volatile financial markets. At its core, risk management involves identifying, assessing, and prioritizing risks to minimize potential losses. New traders should start by determining their risk tolerance - an understanding of how much they can afford to lose without jeopardizing their financial stability. Keeping a crypto trading diary can also help in tracking decisions and outcomes, which is essential for improving one's approach to risk management.

Read Post

SecuritySenses

Read more about Understanding Risk Management in Trading for Newcomers

Vanta Delivers: Introducing New Products for the Future of Governance, Risk and Compliance (GRC)

Sep 5, 2024 By Vanta In Vanta

Empowering GRC teams to make their security and compliance continuous and automated. Announcing Report Center, enhancements to Vendor Risk Management (VRM), and market-leading milestones for integrations and frameworks.

Read Post

Vanta

Read more about Vanta Delivers: Introducing New Products for the Future of Governance, Risk and Compliance (GRC)

A Complete Guide to Security Ratings

Sep 5, 2024 By Rachel Holmes In BitSight

Security ratings are a data-driven, dynamic measurement of an organization's cyber security performance that can be used to understand and influence internal and third-party cyber risk. Sometimes referred to as cybersecurity ratings, these quantitative metrics give security teams a simple indicator of security performance across their own organization, as well as the security posture of the third-party organizations they rely on.

Read Post

BitSight

Read more about A Complete Guide to Security Ratings

ServiceNow Vulnerabilities: CVE-2024-4789 and CVE-2024-5217

Sep 5, 2024 By Nicholas Sollitto In UpGuard

In late July 2024, the US Cybersecurity and Infrastructure Security Agency (CISA) added two critical vulnerabilities (CVE-2024-4789 and CVE-2024-5217) affecting ServiceNow to its list of known exploited vulnerabilities. These vulnerabilities can allow unauthenticated users to execute code remotely, posing severe risks to organizations that use the platform. The potential for unauthorized access and severe data breaches makes addressing these vulnerabilities crucial.

Read Post