Risk Management

Risk Management | News, how-tos, features, reviews, and videos

Insider threats  >  Employees suspiciously peering over cubicle walls
1798109056 decision making ciso soc

businessman data risk metering management security

PwC UK partners with ReversingLabs to bring software supply chain security to third-party risk management

PwC UK, ReversingLabs partnership aims to operationalize detection and mitigation of security threats inherent in third-party software.

Risk management concept

Top 10 open source software risks for 2023

While open source software is the bedrock of modern software development, it is also the weakest link in the software supply chain, according to a report by Endor Labs.

businessman data risk metering management security

How to de-risk your digital ecosystem

Digital ecosystems are big, complicated, and a massive vector for exploits and attackers. Santha Subramoni, global head, cybersecurity business unit at Tata Consultancy Services discusses digital ecosystems security and how businesses...

shadow stock market business laptop virtual screen with financial chart quotes and graphs attacker

Economic pressures are increasing cybersecurity risks; a recession would amp them up more

Insider threats and the rate of successful attacks coupled with corporate cost-cutting efforts have historically hurt cybersecurity programs — and would likely do so again.

Shutterstock

Cyber arms race, economic headwinds among top macro cybersecurity risks for 2023

The Bipartisan Policy Center's report on the top eight macro cybersecurity risks highlights how little progress organizations have made in dealing with them.

Social media threats / risks / dangers / headaches  >  Text bubbles bearing danger signs

Social media use can put companies at risk: Here are some ways to mitigate the danger

Using social media can expose company and employee data, and misuse could harm organizational reputation. Here are some tips that can help reduce the risk.

security system vulnerabilities - a grid of locks with several unlocked

EPSS explained: How does it compare to CVSS?

The Exploit Prediction Scoring System has its shortcomings, but it can complement CVSS to help better prioritize and assess vulnerability risk.

A gavel rests on open law book. [law / regulation / compliance / legal liability]

Guilty verdict in the Uber breach case makes personal liability real for CISOs

The conviction of Uber's former CSO could change the roles of top security leaders and raises the level of personal risk in the wake of a breach.

insurance

Cyber insurance explained: What it covers and why prices continue to rise

Cyber insurance, also referred to as cyber risk insurance or cyber liability insurance coverage (CLIC), mitigates risk exposure by offsetting costs involved with damages and recovery after a cybersecurity incident.

man with binoculars observability research spy

8 strange ways employees can (accidently) expose data

From eyeglass reflections and new job postings to certificate transparency logs and discarded printers, employees have odd ways to unintentionally expose data..

eliminate insider threats 1

Recent cases highlight need for insider threat awareness and action

Insider threats can have a devastating impact even if the harm is unintentional. Here's advice to identify and mitigate insider threat risk.

A binary mask.

The deepfake danger: When it wasn’t you on that Zoom call

Deepfakes pose a real threat to security and risk management and it’s only going to get worse as the technology develops and bad actors can access malicious offerings such as deepfakes as a service.

A man with an umbrella appears waist-deep in water against a city skyline. [multiple-exposure]

D&O insurance not yet a priority despite criminal trial of Uber’s former CISO

The cost is too high and the risk too low to offer CISOs directors-and-officers insurance at many companies. Protective governance policies might make more sense.

A multitude of arrows pierce a target. [numerous attacks / quantity / severity]

Top 5 attack surface challenges related to security operations

The growing attack surface is extending the security/software developer gap, increasing vulnerabilities, and slowing security investigations.

social media users

How posting personal and business photos can be a security risk

Image geotags, metadata, and location information can allow competitors, cybercriminals, and even nation-state threat actors to gain knowledge they can use against organizations.

API security alert / software development / application flow chart diagram

Why SBOMs alone aren’t enough for software supply chain security

Organizations must be willing to ask software vendors hard risk-based questions and be prepared for that to lengthen the purchase process.

Patch + update options  >  Pixelized tools + refresh symbol with branching paths

Why patching quality, vendor info on vulnerabilities are declining

It's getting harder to assess the impact of patching or not patching, and too many patches don't fully fix the problem. It's time to pressure vendors.

CSO > Invalidated cyber insurance

Lloyd’s of London to exclude state-backed attacks from cyber insurance policies

From March 2023, Lloyd’s of London will require all its insurer groups to exclude liability for losses arising from state-backed cyberattacks.

Load More