Recent federal directives on finding and reducing cyber risks correctly, along with the change from traditional cybersecurity methods to managing hybrid attack surfaces, show how complicated things are getting when it comes to federal cybersecurity.
A new source of cyber risk and attack may come from posting instructions that include a ZIP or MOV file name, with that text automatically converted into a URL leading to one of these new top-level domains.
Emerging cyber risk quantification methods are allowing boards to ask “what if” questions if operating conditions change, and to align cyber risk with what they know about the business—upcoming economic challenges, potential merger and acquisition activities, or even the effect on the company’s financial statements or stock price.
In today’s cyber security environment, organizations always strive for getting the best return on investment when shopping for cyber insurance. Companies desire low-cost policies without accurately assessing risk. Insurers want low risk and to cover as little as possible. How did we get here and where do we go?
There is a prevailing belief that employees were less safe from a cybersecurity standpoint at home rather than in their corporate workplace. In reality, while some cyber risk factors have changed, the risk is often reduced in a remote working scenario.
Nearly half of IT and business leaders said that the expanding attack surface is “spiraling out of control.” But throwing even more tooling and people at the issue doesn’t address the underlying problem which lies in a disconnect between the teams, processes and tools that a CISO probably already has in place.
A new poll from Deloitte finds there is an immediate and significant cyber risk from "harvest now decrypt later" (HNDL) attacks, in which attackers steal encrypted information and simply sit on it until quantum computing advances make it trivial to crack.
The best way to deal with a vulnerability is doing what you can to prevent them from happening in the first place. Oftentimes, cyber risk can be managed even through simple and basic security hygiene practices.
WEF's newly-released principles for board governance of cybersecurity offer a base of best practices for dealing with increasing cyber risk, with a new element being an emphasis on an organization-wide focus.
Cyber risk is ready to join the realm of Enterprise Risk Management, and it must in order to prevent the surprise shock of massive financial impact from cyber events.