Enterprise Security Risk Management

Shadow IT risk: A dangerous connection

Mon, 23 Jan 2023 00:00:00 -0500

The connected nature of today’s IT ecosystems increases the risks associated with shadow IT, the act of using unapproved third-party apps and software.

5 minutes with Meredith Wilson – How to prepare for geopolitical risks

dahhanl@bnpmedia.com (Layan Dahhan) — Thu, 21 Oct 2021 10:00:00 -0400

New report examines security threats and risk management trends in 2021

Mon, 21 Dec 2020 12:09:00 -0500

Risk management firm Crisis24, a GardaWorld company, released its annual Global Forecast report and Risk Maps that provide expert insight and analysis of various threats for 2021 for businesses and organizations seeking to protect their people and operations, no matter their location or circumstances.

Executives believe cyber warfare is most dangerous threat to the enterprise

Thu, 17 Dec 2020 10:55:00 -0500

A new survey of technology executives found that most believe state-sponsored cyber warfare is the most dangerous threat to their enterprise.

70% of U.S. employees believe it’s their company’s job to defend against workplace hacks

Tue, 15 Dec 2020 08:00:00 -0500

Dashlane announced the findings of its new Workplace Security Survey which looked at employee sentiment and habits around workplace security practices—and who the responsibilities should fall on. As many companies continue to grapple with a remote workforce, overall employee security measures become more critical, especially as many are relying on personal devices and networks for work. The online survey, conducted by The Harris Poll on behalf of Dashlane among over 1,200 employed U.S. Americans, sheds light on how employees view and manage company security—and reveals they aren’t necessarily taking the security of their work accounts as seriously as they should.

New research highlights challenges to adoption of zero trust framework

Tue, 15 Dec 2020 06:00:00 -0500

One Identity released global survey results that revealed that 37% of IT professionals rated rapid changes in their AD/AAD environment as the key impact of COVID-19 on their organization’s identity management team. Given the unique challenges of the sudden shift to remote work amidst COVID-19, businesses should look toward integrating AD/AAD with a strong privileged access management (PAM) solution in order to harness the full value of AD and AAD, dramatically increasing the security of their IT environments.

83% of top 30 US retailers have online vulnerabilities, posing cybersecurity threats

Thu, 10 Dec 2020 10:00:00 -0500

Cyberpion released research today showing that most (83%) of the top U.S. retailers have connections to a vulnerable third-party asset, and nearly half of them (43%) have vulnerabilities that pose an immediate cybersecurity risk.

COVID-19 related scams continue to increase shows new research

Wed, 09 Dec 2020 11:10:33 -0500

According to new research, network attacks swelled to more than 3.3 million in Q3, representing a 90% increase over the previous quarter and the highest level in two years.

Rise in physical threats and harm put enterprise leaders under unprecedented pressures

Tue, 08 Dec 2020 08:00:00 -0500

Physical threats are rising and increasingly unmanageable, putting unprecedented financial, reputational and liability pressures on business leadership and security teams, according to the “2021 State of Protective Intelligence Report: A Mandate for Proactive Protective Intelligence in the Era of Exponential Physical Security Threats,” a new study commissioned by the Ontic Center for Protective Intelligence.

K-12 schools have been hit hard with cybersecurity breaches this fall with no end in sight

Fri, 04 Dec 2020 10:59:53 -0500

The past couple of weeks, K-12 schools were hit hard with ransomware attacks. This week follows a tumultuous fall, full of cyber breaches and ransomware attacks that have hit schools across the U.S. and it has garnered government attention.

Attack surface management is critical but few organizations do it well

Fri, 04 Dec 2020 09:50:00 -0500

CyCognito announced new research in partnership with Enterprise Strategy Group (ESG) that revealed most security professionals recognize that attack surface protection is important, but their operational practices and tools used aren’t up to the challenge.

Outbound emails a business threat according to new report

Tue, 01 Dec 2020 00:00:00 -0500

According to a new report, more than three quarters of respondents (75%) cite situational factors as responsible for their most severe email data breach, for example remote working or an employee feeling stressed/tired.

Deaths from terrorism reach five-year low, but new risks emerge

Mon, 30 Nov 2020 10:15:00 -0500

The 2020 Global Terrorism Index (GTI) has found that deaths from terrorism fell for the fifth consecutive year since peaking in 2014. The number of deaths has now decreased by 59% since 2014 to 13,826. Conflict remains the primary driver of terrorism, with over 96% of deaths from terrorism in 2019 occurring in countries already in conflict.

Commercial construction company Webcor implements managed services to improve its security posture

Thu, 26 Nov 2020 00:00:00 -0500

Webcor, a provider of commercial construction services throughout California needed a way to find and mitigate threats, and reduce the company’s cyber risk profile. The company implemented a managed services approach to augment its existing IT and security staff and improve its security posture.

Workforce risk outlook reaches five-year high

Wed, 25 Nov 2020 07:44:00 -0500

The risk level to the global workforce has reached its highest since 2016 according to the findings of the International SOS Risk Outlook 2021. Unsurprisingly, around eight in 190 risk professionals believe the health and security risks faced by the workforce increased in 2020 (specifically for “domestic employees” (85%), “assignees” (81%), “student and faculty” (80%), “business travelers” (79%) and “remote workers” (77%)). Around half believe that this will increase further in 2021.

Tim Wiseman, UW's chief risk officer, elected to National Higher Education Risk Management Association board

Tue, 24 Nov 2020 09:42:00 -0500

Tim Wiseman, the University of Wyoming’s chief risk officer, has been elected to the University Risk Management and Insurance Association (URMIA) Board of Directors. Wiseman is one of two new board members selected for a three-year term.

If your password is 123456, it's time for an update

Fri, 20 Nov 2020 11:02:00 -0500

A new report from NordPass finds that more than 2.5 million people are using 123456 as their password.

CESER’s Clear Path Exercise tests energy sector’s earthquake response

Fri, 20 Nov 2020 00:00:00 -0500

On November 19 and 20, more than 200 industry and government officials exercised the energy sector’s response and recovery to a Wasatch earthquake during CESER’s Clear Path VIII. This year’s scenario impacted critical energy infrastructure within Utah and the surrounding states with cascading impacts across the Western United States. The regional, all hazards Clear Path Exercise series brings together energy sector partners on an annual basis to update policies and procedures, identify areas for collective improvement, and strengthen relationships and cooperation.

A methodology for public safety organizations to digitally transform

Tue, 17 Nov 2020 00:00:00 -0500

Cellebrite recently published a new white paper with IDC, “Policing 2025: Envisioning a New Framework for Investigations.” In the IDC White Paper, IDC proposes a methodology for public safety organizations to digitally transform.

Remote workers consider security tools detrimental to productivity

Fri, 13 Nov 2020 11:28:00 -0500

Nearly 70% of remote workers in the U.S. and U.K. surveyed report that security products make their job harder.

Insider threats present big risk to financial institutions

Thu, 12 Nov 2020 00:00:00 -0500

In new research from HelpSystems interviewing chief security officers in financial institutions about the security challenges they face, more than a third (35%) of survey respondents cite insider threats as one with potential to cause the most damage in the next 12 months.

OCC reports key risks, effects of COVID-19 in federal banking system

Wed, 11 Nov 2020 00:01:00 -0500

The Office of the Comptroller of the Currency (OCC) reported the key issues facing the federal banking system and the effects of the COVID-19 pandemic on the federal banking industry in its Semiannual Risk Perspective for Fall 2020.

CISA releases analysis report on COVID-19 impact to ICT global supply chains

Mon, 09 Nov 2020 09:15:00 -0500

The Cybersecurity and Infrastructure Security Agency (CISA) and government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force released an analysis report on the impact of COVID-19 on global supply chains. Building A More Resilient ICT Supply Chain: Lessons Learned During The COVID-19 Pandemic examines how ICT supply chains have been logistically impacted by the pandemic and provides practical recommendations to increase supply chain resiliency from future risks.

NOAA to enhance weather forecasting and research with artificial intelligence

Thu, 05 Nov 2020 09:48:00 -0500

NOAA’s Satellite and Information Service (NESDIS) has signed an agreement with Google to explore the benefits of Artificial Intelligence (AI) and Machine Learning (ML) for enhancing NOAA’s use of satellite and environmental data.

NARUC releases cybersecurity tabletop exercise guide and Gridex V case study

Fri, 30 Oct 2020 00:00:00 -0400

The National Association of Regulatory Utility Commissioners Center for Partnerships & Innovation announced the release of the Cybersecurity Tabletop Exercise Guide and Public Utility Commission Participation in GridEx V: A Case Study. These new publications highlight the need for public utility commissions and utilities to coordinate on cybersecurity preparedness efforts.

CISA and FBI release joint advisories regarding Russian and Iranian APT actors

Fri, 23 Oct 2020 10:22:00 -0400

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released two joint cybersecurity advisories on widespread advanced persistent threat (APT) activity. Joint Cybersecurity Advisory: AA20-296A Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets Joint Cybersecurity Advisory: AA20-296B Iranian State-Sponsored Advanced Persistent Threat Actors Threaten Election-Related Systems

Ransomware trends in Q3: a new attack every day

Fri, 23 Oct 2020 10:12:00 -0400

Digital Shadows released its quarterly research report focusing on the latest trends in ransomware. Unfortunately, for vulnerable organizations everywhere, Digital Shadows Photon Research team found that ransomware as a market and community on the dark web has expanded since Q2.

NSA releases advisory on Chinese state-sponsored actors exploiting publicly known vulnerabilities

Wed, 21 Oct 2020 09:10:00 -0400

The National Security Agency (NSA) has released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. This advisory provides 25 Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks.

NSA announces SkillTree, an approach to implementing application training

Tue, 20 Oct 2020 08:01:00 -0400

The National Security Agency (NSA) announced the release of SkillTree, an internally-developed open source solution for gamifying user training. SkillTree provides a systematic and interactive way to promote user proficiency of an existing application. The service is based on industry best practices using gamification to provide awareness of tool features, promote best practices, and document user progression and expertise. By reducing an application’s training curve, SkillTree reduces traditional comprehensive training costs while providing a more enjoyable experience for the user.

Federal executives reveal remote work challenges with risk mitigation in new survey

Tue, 20 Oct 2020 00:00:00 -0400

In a new survey, federal executives identified a number of challenges associated with remote work; safely returning to the workplace; and guarding against fraud, waste, and abuse.