Risk Management
Risk Management | News, how-tos, features, reviews, and videos
PwC UK partners with ReversingLabs to bring software supply chain security to third-party risk management
PwC UK, ReversingLabs partnership aims to operationalize detection and mitigation of security threats inherent in third-party software.
Top 10 open source software risks for 2023
While open source software is the bedrock of modern software development, it is also the weakest link in the software supply chain, according to a report by Endor Labs.
How to de-risk your digital ecosystem
Digital ecosystems are big, complicated, and a massive vector for exploits and attackers. Santha Subramoni, global head, cybersecurity business unit at Tata Consultancy Services discusses digital ecosystems security and how businesses...
Economic pressures are increasing cybersecurity risks; a recession would amp them up more
Insider threats and the rate of successful attacks coupled with corporate cost-cutting efforts have historically hurt cybersecurity programs — and would likely do so again.
Cyber arms race, economic headwinds among top macro cybersecurity risks for 2023
The Bipartisan Policy Center's report on the top eight macro cybersecurity risks highlights how little progress organizations have made in dealing with them.
Social media use can put companies at risk: Here are some ways to mitigate the danger
Using social media can expose company and employee data, and misuse could harm organizational reputation. Here are some tips that can help reduce the risk.
EPSS explained: How does it compare to CVSS?
The Exploit Prediction Scoring System has its shortcomings, but it can complement CVSS to help better prioritize and assess vulnerability risk.
Guilty verdict in the Uber breach case makes personal liability real for CISOs
The conviction of Uber's former CSO could change the roles of top security leaders and raises the level of personal risk in the wake of a breach.
Cyber insurance explained: What it covers and why prices continue to rise
Cyber insurance, also referred to as cyber risk insurance or cyber liability insurance coverage (CLIC), mitigates risk exposure by offsetting costs involved with damages and recovery after a cybersecurity incident.
8 strange ways employees can (accidently) expose data
From eyeglass reflections and new job postings to certificate transparency logs and discarded printers, employees have odd ways to unintentionally expose data..
Recent cases highlight need for insider threat awareness and action
Insider threats can have a devastating impact even if the harm is unintentional. Here's advice to identify and mitigate insider threat risk.
The deepfake danger: When it wasn’t you on that Zoom call
Deepfakes pose a real threat to security and risk management and it’s only going to get worse as the technology develops and bad actors can access malicious offerings such as deepfakes as a service.
D&O insurance not yet a priority despite criminal trial of Uber’s former CISO
The cost is too high and the risk too low to offer CISOs directors-and-officers insurance at many companies. Protective governance policies might make more sense.
Top 5 attack surface challenges related to security operations
The growing attack surface is extending the security/software developer gap, increasing vulnerabilities, and slowing security investigations.
How posting personal and business photos can be a security risk
Image geotags, metadata, and location information can allow competitors, cybercriminals, and even nation-state threat actors to gain knowledge they can use against organizations.
Why SBOMs alone aren’t enough for software supply chain security
Organizations must be willing to ask software vendors hard risk-based questions and be prepared for that to lengthen the purchase process.
Why patching quality, vendor info on vulnerabilities are declining
It's getting harder to assess the impact of patching or not patching, and too many patches don't fully fix the problem. It's time to pressure vendors.
Lloyd’s of London to exclude state-backed attacks from cyber insurance policies
From March 2023, Lloyd’s of London will require all its insurer groups to exclude liability for losses arising from state-backed cyberattacks.