Security News

Top U.S. universities are among the worst in the world at protecting users from email fraud, lacking security measures to prevent common threat tactics such as domain spoofing or other types of fraudulent emails, researchers have found. The news is troubling, especially as email remains the most common vector for security compromises across all industries, observed Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint, in a statement.

Traditional security approaches that rely on reactive, detect-and-respond measures and tedious manual processes can't keep pace with the volume, variety, and velocity of current threats, according to Skybox Security. As a result, 27% of all executives and 40% of CSOs say their organizations are not well prepared for today's rapidly shifting threat landscape.

Pure IR retainers typically don't offer security leaders flexibility to maximize their investment, but by being permitted to use credits toward preparedness, testing, simulations and so forth, cyber risk can be mitigated. There are three key elements to achieving an effective cyber risk retainer: negotiation, structure and execution.

Oomnitza revealed a snapshot survey, conducted by Gatepoint Research, which found that siloed technology management is increasing operational blind spots and cyber risk. While 76% of enterprises employ multiple systems to oversee the underlying technology that supports their IT and business services, 71% of IT leaders anticipate increased security breaches and operational expenditures.

Kovrr and SANS Institute released their joint survey that reveals enterprise motivation and impact of cyber risk quantification in the modern cybersecurity landscape. Primary CRQ use cases include cyber budget allocation, board reporting and governance, cyber insurance and risk transfer options, M&A cyber due diligence and for capital reserve and management strategy.

Now, it is possible to look into the future and make contextual risk forecasts using cyber risk quantification. When data is collated and analyzed correctly, it can be used to provide a real-time risk score which is useful for improving the efficiency of security teams by helping them prioritize risk.

A systemic cyber risk is one where a single failure somewhere in cyberspace could result in catastrophic results that span a country or spread around the world and impacting societies, governments and entire cyber infrastructures. The US Cybersecurity and Infrastructure Security Agency last year kicked off the Systemic Cyber Risk Reduction Effort to focus on the issue, including developing metrics and tools to measure and address the risks to the nation's infrastructure.

Cyber perils are the biggest concern for companies globally in 2022, according to the Allianz Risk Barometer. Cyber incidents tops the Allianz Risk Barometer for only the second time in the survey's history, Business interruption drops to a close second and Natural catastrophes ranks third, up from sixth in 2021.

A Trend Micro report predicts global organizations will emerge more alert and better prepared in 2022 thanks to a comprehensive, proactive, cloud-first approach to mitigating cyber risk. Research, foresight, and automation are critical for organizations to manage risk and secure their workforce.

ENISA has announced the release of its report - Railway Cybersecurity - Good Practices in Cyber Risk Management for railway organizations. European railway undertakings and infrastructure managers need to address cyber risks in a systematic way as part of their risk management processes.