Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks on state and local governments are on the rise. In 2020, more than 100 government agencies, including municipalities, were targeted with ransomware – an increasingly popular attack vector. Recently, average down time from cyber attacks on these targets is 7.3 days and results in an average loss of $64,645. These incidents are costly and disruptive. Most state cybersecurity budgets are a paltry 0% to 3% of their overall IT budget on average.

In cybersecurity, being well-versed in the wide range of resources available for protecting and enhancing your digital environment is crucial. One of the most significant and effective tools is the Mitre ATT&CK Framework. Read on for an in-depth exploration of this critical cybersecurity framework and how you can apply it to your own organization.

This week, SecurityScorecard is participating in the US Chamber of Commerce’s Cyber Security Trade Mission to Israel. This has been a valuable experience to not only share our cybersecurity knowledge, but to learn more about Israel’s cybersecurity efforts, and those of other countries.

As the Chief Information Security Officer (CISO) at Arctic Wolf, I have a deep bench of security experts I can leverage to provide the organization with robust risk management, threat detection, security awareness training, and incident response. That’s an advantage that small businesses often don’t have.

With the average cost of a data breach now at $4.35 million, organizations need to take proactive measures to protect themselves and their data against cyber threats. Having a plan in place for how to respond to cyber incidents is an important step in increasing cyber resilience, protecting sensitive data, and saving money. But where should an organization start? And who should it trust?

Following the ransomware attack on a US pipeline company in May of 2021, the Transportation Security Administration (TSA) issued a series of security directives to enhance the cybersecurity posture of US transportation systems to mitigate cyber threats.

A cyber risk management strategy is a plan for how you will secure your organization from evolving cyber threats. Your strategy is made up of key elements that work together to create a comprehensive approach to proactively mitigating risks and protecting organizational assets. Here are the basic steps you should take to develop an effective cyber risk management strategy.

This NIST CSF questionnaire template will help you understand the degree of each vendor’s alignment with the high-level function of the NIST CSF framework - Identity, Protect, Detect, Respond, and Recover. Though this assessment only offers a superficial understanding of compliance, it’s sufficient for getting a sense of a prospective vendor’s security posture, especially when coupled with an external attack surface scanning solution.

Recently, a critical vulnerability tracked as CVE-2023-27997 was identified in Fortinet Fortigate appliances. Fortinet makes some of the most popular firewall and VPN devices on the market, which makes them an attractive target for threat actors. This vulnerability has been exploited by the Chinese APT group Volt Typhoon, among others, targeting governments and organizations worldwide. As a result, Fortinet has released an urgent patch for affected systems.