Security News

In today's perilous cyber risk landscape, CISOs and CIOs must defend their organizations against relentless cyber threats, including ransomware, phishing, attacks on infrastructure, supply chain breaches, malicious insiders, and much more. One of the most effective ways for CISOs and CIOs to make the best use of their limited resources to protect their organizations is by conducting a cyber risk assessment.

Trend Micro's overall threat detections increased by 55%, and the number of blocked malicious files surged by 242% due to indiscriminate targeting by threat actors who went after both consumers and organizations in all sectors. The top three MITRE ATT&CK techniques show us that threat actors are gaining initial access through remote services, then expanding their footprint within the environment through credential dumping to utilize valid accounts.

Geopolitical instability is exacerbating the risk of catastrophic cyberattacks, according to the Global Cybersecurity Outlook 2023 report from the World Economic Forum. Over 93% of cybersecurity experts and 86% of business leaders believe "a far-reaching, catastrophic cyber event is likely in the next two years" and there is a critical skills gap that is threatening societies and key infrastructure.

"Cybersecurity as a subset of risks is sometimes overlooked. This analysis confirms the need to prioritize cyber defense in order to protect portfolio company value. The private equity space is beginning to get on track. However, we must button up the entire process to protect those vulnerable entities, as well as ramping up a cyber defense against less easily exploitable but equally damaging threats." BlueVoyant analyzed 780 portfolio companies from private equity-backed firms, with the majority headquartered in the U.S., but including companies across Europe and around the globe.

Top U.S. universities are among the worst in the world at protecting users from email fraud, lacking security measures to prevent common threat tactics such as domain spoofing or other types of fraudulent emails, researchers have found. The news is troubling, especially as email remains the most common vector for security compromises across all industries, observed Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint, in a statement.

Traditional security approaches that rely on reactive, detect-and-respond measures and tedious manual processes can't keep pace with the volume, variety, and velocity of current threats, according to Skybox Security. As a result, 27% of all executives and 40% of CSOs say their organizations are not well prepared for today's rapidly shifting threat landscape.

Pure IR retainers typically don't offer security leaders flexibility to maximize their investment, but by being permitted to use credits toward preparedness, testing, simulations and so forth, cyber risk can be mitigated. There are three key elements to achieving an effective cyber risk retainer: negotiation, structure and execution.

Oomnitza revealed a snapshot survey, conducted by Gatepoint Research, which found that siloed technology management is increasing operational blind spots and cyber risk. While 76% of enterprises employ multiple systems to oversee the underlying technology that supports their IT and business services, 71% of IT leaders anticipate increased security breaches and operational expenditures.

Kovrr and SANS Institute released their joint survey that reveals enterprise motivation and impact of cyber risk quantification in the modern cybersecurity landscape. Primary CRQ use cases include cyber budget allocation, board reporting and governance, cyber insurance and risk transfer options, M&A cyber due diligence and for capital reserve and management strategy.

Now, it is possible to look into the future and make contextual risk forecasts using cyber risk quantification. When data is collated and analyzed correctly, it can be used to provide a real-time risk score which is useful for improving the efficiency of security teams by helping them prioritize risk.