Security News

Coalfire released its fourth annual Securealities Penetration Risk Report which analyzes enterprise and cloud service providers internal and external attack vectors, application development and mobile app security, social engineering and phishing, and PCI- and FedRAMP-specific findings, with data segmented by industry and company size. Long-term data shows that cyber risk significantly shifts year over year based on company size, vertical market, and many other factors.

As attackers rely on a range of automated offensive testing tools to scan their targets' attack surfaces and propagate inside their network, a purely reactive defensive stance based on detection and response is increasingly likely to be overwhelmed by an attack. The logical tactical move is to emulate attackers' TTPs and behaviors beforehand by integrating attack simulation tools to continuously validate the impermeability of the attack surface as a whole, the efficacy of security controls, as well as access management and segmentation policies, etc.

The number of organizations that will be either unable to afford cyber insurance, be declined cover, or experience significant coverage limitations is set to double in 2023, according to Huntsman Security. This Help Net Security video uncovers why so many organizations are losing cyber insurance as an important risk management tool.

As last week's hacker summer camps would down it's clear that attendee numbers are still well down on the pre-COVID days, although things are recovering. Risk management is a key tenet of security and there was much discussion in the weeks and months before the shows about whether flying into Las Vegas and spending a week in crowded hotels was worth the risk.

In this Help Net Security video, CEO/CISO Josh Sokol, showcases SimpleRisk, a fully integrated GRC platform that can be used for all of your governance, risk management, and compliance needs. If you're at Black Hat USA 2022, you can learn more about SimpleRisk.

In this Help Net Security video, Etai Hochman, CTO at Mirato, talks about Shift Left, a concept that means to find and prevent defects early in the software delivery process. Shifting application security left to engage developers earlier in the software development lifecycle results in faster fixes and less wasted energy prioritizing and fixing vulnerabilities that pose little to no risk.

The National Institute of Standards and Technology has updated its guidance document for helping organizations identify, assess and respond to cybersecurity risks throughout the supply chain. "The guidance helps organizations build cybersecurity supply chain risk considerations and requirements into their acquisition processes and highlights the importance of monitoring for risks. Because cybersecurity risks can arise at any point in the life cycle or any link in the supply chain, the guidance now considers potential vulnerabilities such as the sources of code within a product, for example, or retailers that carry it," NIST notes.

The global operational risk management solution market size is expected to grow from $1,656. 0 million by 2028; operational risk management solution market share is estimated to grow at a CAGR of 9.4% from 2021 to 2028, according to ResearchAndMarkets.

Between cloud proliferation, new tech infrastructure and tools and an increasingly distributed workforce, organizations are struggling to implement proper risk management practices. They often ignore one of the most important components of a solid risk management strategy: efficient communication between the "Front and back of the house."

The network presents our best opportunity to understand the interactions which link our application of risk management strategy. Step 2: Create a library of activities and associate it with every risk management initiative that touches the in-scope resources.