Risk Management

Risk Management | News, how-tos, features, reviews, and videos

security system vulnerabilities - a grid of locks with several unlocked
A gavel rests on open law book. [law / regulation / compliance / legal liability]

insurance

Cyber insurance explained: What it covers and why prices continue to rise

Cyber insurance, also referred to as cyber risk insurance or cyber liability insurance coverage (CLIC), mitigates risk exposure by offsetting costs involved with damages and recovery after a cybersecurity incident.

man with binoculars observability research spy

8 strange ways employees can (accidently) expose data

From eyeglass reflections and new job postings to certificate transparency logs and discarded printers, employees have odd ways to unintentionally expose data..

eliminate insider threats 1

Recent cases highlight need for insider threat awareness and action

Insider threats can have a devastating impact even if the harm is unintentional. Here's advice to identify and mitigate insider threat risk.

A binary mask.

The deepfake danger: When it wasn’t you on that Zoom call

Deepfakes pose a real threat to security and risk management and it’s only going to get worse as the technology develops and bad actors can access malicious offerings such as deepfakes as a service.

A man with an umbrella appears waist-deep in water against a city skyline. [multiple-exposure]

D&O insurance not yet a priority despite criminal trial of Uber’s former CISO

The cost is too high and the risk too low to offer CISOs directors-and-officers insurance at many companies. Protective governance policies might make more sense.

A multitude of arrows pierce a target. [numerous attacks / quantity / severity]

Top 5 attack surface challenges related to security operations

The growing attack surface is extending the security/software developer gap, increasing vulnerabilities, and slowing security investigations.

social media users

How posting personal and business photos can be a security risk

Image geotags, metadata, and location information can allow competitors, cybercriminals, and even nation-state threat actors to gain knowledge they can use against organizations.

API security alert / software development / application flow chart diagram

Why SBOMs alone aren’t enough for software supply chain security

Organizations must be willing to ask software vendors hard risk-based questions and be prepared for that to lengthen the purchase process.

Patch + update options  >  Pixelized tools + refresh symbol with branching paths

Why patching quality, vendor info on vulnerabilities are declining

It's getting harder to assess the impact of patching or not patching, and too many patches don't fully fix the problem. It's time to pressure vendors.

CSO > Invalidated cyber insurance

Lloyd’s of London to exclude state-backed attacks from cyber insurance policies

From March 2023, Lloyd’s of London will require all its insurer groups to exclude liability for losses arising from state-backed cyberattacks.

cso security hacker breach privacy ransomware malware attack gettyimages 1216075693 by towfiqu aham

Safe Security debuts two free risk assessment tools for businesses

Organizations can gauge their cybersecurity risk factors by using Safe Security’s new online calculators.

A shoe about to step on a banana peel, stopped by a small superhero.

How harm reduction can more effectively reduce employee risky behavior

Black Hat speaker proposes framework to reduce the negative consequences of risky user actions and encourage them to follow security's advice.

risk

5 trends making cybersecurity threats riskier and more expensive

Risks increase as the world becomes more digital, regulated, and interconnected, but you can take steps to reduce their impact.

CSO > wolf in sheeps clothing / fraud / identity theft / social engineering

How a sex worker became a defense contractor employee -- and an insider threat

An accomplished research scientist manipulated a defense contractor CEO into hiring a prostitute for a technical role. Here's how this insider threat could have been avoided.

A broken link in a digital chaing / weakness / vulnerability

Cyber Safety Review Board warns that Log4j event is an “endemic vulnerability”

The CSRB report predicts the Log4J risk will continue for years and offers best practices for mitigating the threat.

Robot Artificial Intelligence chat bot

How Code42 automates insider risk response

When insiders exhibit risky behaviors, good-natured bots reach out to provide support in this CSO50 award-winning project.

Industry 4.0 / Industrial IoT / Smart Factory

Smart factories unprepared for cyberattacks

Smart factory operators are well aware of the cyberthreats they face but acknowledge lack of readiness to defend against them.

Insider threats  >  Employees suspiciously peering over cubicle walls

MITRE's Inside-R Protect goes deep into the behavior side of insider threats

The new Inside-R program looks to collect historical insider threat data to more deeply analyze behaviors that signal risk.

Load More
You Might Also Like