Security News

84% of financial institutions have been exposed to a fourth-party breach - illustrating how a vast web of unseen risks are hiding in plain sight. "If nearly 20% of the most well-resourced financial entities in the EU have grades of C or worse, then it's likely that the overall cyber resilience for other financial entities is actually much lower," said Matthew McKenna, Chief Sales Officer, SecurityScorecard.

Chinese law, specifically Article 7 of the National Intelligence Law compels all citizens and organisations to act as covert arms of state security on demand, even if overseas. Chinese owned technology companies can deny this as much as they like, in fact they have to, but the law is clear.

Even if things go well on the technical level, incident response is still a stressful and hectic process across the company; this is the reality of cyber crisis management. I recently managed a cyber incident in a large company where, on a technical level, the handling of the incident was excellent but the cooperation with the management was complex and frustrating, a real Tower of Babel.

We've got one zero-day, but perhaps even bigger than that, we say, "Thanks for the memories, Windows 7 and Windows 8.1, we hardly knew ye." There's one zero-day, which I think is an elevation of privilege, and that applies right from Windows 8.1 all the way to Windows 11 2022H2, the most recent release.

Northwave has conducted scientific research into the psychological fallout of a ransomware crisis on both organizations and individuals. The findings reveal the deep marks that a ransomware crisis leaves on all those affected.

Since then the number of unfilled cybersecurity jobs has risen by 350%. For companies that are looking to hire cybersecurity professionals, TechRepublic Premium offers a hiring kit for cybersecurity engineers. In contrast, some companies like Deloitte offer in-house cybersecurity training and skilling.

Cybersecurity has long been a concern for school districts, but these concerns have intensified in the past two years. Successful attacks can take a school district offline for several hours and severely disrupt learning environments for the student body and faculty.

An incomplete identity management strategy has a serious impact on the success of digital transformation, as well as increasing cyber risk exposure. Identity data plays a fundamental role in this, and achieving impactful results is all but impossible without effective identity management.

In this video for Help Net Security, Charles Brook, Threat Intelligence Researcher at Tessian, talks about how cybercriminals have taken advantage of the crisis in Ukraine to create charity donation scams. While there are legitimate ways to donate money and resources, scammers have started using impersonation techniques and sneaky tactics to dupe individuals into sending fake donations via emails, asking for cryptocurrency, or via fake websites.

To overcome these challenges, businesses must implement an agile risk management program that prioritizes third-party risk management. Organization-wide alignment shifts third-party vendor processes from a "Check box" compliance exercise to a consistent, thorough process that underscores the significance of having a risk management program in place.