Risk & Compliance News.

Nov 26th, 2022 - We saw North Korean nation-state threat actors exploiting Log4shell to hack energy providers and conduct espionage campaigns. Which direction will information technology take during the course of 2023? For example, during a time of economic downturn will organizations go back to security basics? Coming up with some predictions for Digital Journal is Sadik Al-Abdulla, CPO of Onapsis . The commentator focuses on upcoming cybersecurity trends. Their predictions include the likelihood that ... [Read More]

Nov 25th, 2022 - As government agencies continue to ward off an increasing number of cyberattacks, they are working to identify gaps and develop strategies to bolster their cyber resilience and maintain mission focus. These attacks, ranging from phishing attacks to ransomware attacks, are only increasing in scope and complexity. While adversaries' methods may vary, their goals of doing harm are the same. The term "cyber resilience" is becoming a popular way to describe the ability to quickly analyze, ... [Read More]

Nov 24th, 2022 - An advanced persistent threat (APT) is defined as a sophisticated, multi-staged cyberattack whereby an intruder establishes and maintains an undetected presence within an organization's network over an extended period of time.  The target may be a government or a private organization and the purpose may be to extract information for theft or to cause other harm. An APT may be launched against one entity's systems to gain access to another high-value target. Both private criminals and state ... [Read More]

Nov 24th, 2022 - The Common Vulnerability Scanning System (CVSS) is the most frequently cited rating system to assess the severity of security vulnerabilities. It has been criticized , however, as not being appropriate to assess and prioritize risk from those vulnerabilities. For this reason, some have called for using the Exploit Prediction Scoring System (EPSS) or combining CVSS and EPSS to make vulnerability metrics more actionable and efficient. Like CVSS, EPSS is governed by the Forum of Incident Response ... [Read More]

Nov 24th, 2022 - In March, the SEC proposed regulations to standardize the sustainability-related disclosures companies must make. These include emissions, climate-related risks and the steps the companies are taking to address each issue. If these regulations are passed, businesses will need to collect and report their sustainability data much as they do financial data. Recent Supreme Court decisions on climate efforts have complicated this proposal, and it remains unclear what version of these regulations ... [Read More]

Nov 23rd, 2022 - Defense agencies are to implement zero-trust standards by 2027. Defense agencies have until 2027 to convert their networks to architectures that continually check to make sure no one's accessing data they shouldn't.  This shift to zero trust principles is at the core of the Pentagon's new five-year plan to harden its information systems against cyberattacks. The strategy and roadmap were released on Tuesday. To get there, agencies can improve their existing environments, adopt a commercial ... [Read More]

Nov 23rd, 2022 - By Alan Peacock, GM of Delivery & Operations, IBM Cloud  With the number of malicious actors increasing, security breaches continue to dominate headlines – leaving financial institutions vulnerable to much more sophisticated and bolder schemes. As these threats grow, organizations must appropriately balance investment in innovation alongside ensuring the right investments are made in resilience, security, and compliance. Innovation cannot come at the price of compromising ... [Read More]

Nov 21st, 2022 - New study identifies critical focus areas for portfolio companies to reduce cyber risks and costs associated with breaches. NEW YORK, Nov. 21, 2022 /PRNewswire/ — , an industry-leading cyber defense company that combines internal and external cybersecurity, today released a new report, highlighting cyber risks impacting private equity portfolio companies. The study found IT management was a top concern, with many portfolio companies struggling with IT hygiene, potentially leaving them ... [Read More]

Nov 21st, 2022 - Introduction Every technology has its downside. Likewise, internet use also has its drawback of cyber threats, which we already know. All the companies are struggling to secure their virtual assets from cyber-attacks to run a successful business. But the threat possibilities are worsening with new concepts like working from remote locations and cloud computing . So, the organizations are seeking a solution that secures the company's infrastructure while simultaneously affecting the efficiency ... [Read More]

Nov 21st, 2022 - Corporate cybercrime concerns and costs are greater than ever. Cyberattackers shut down systems that halt operations as they seek to hold corporations and other organizations hostage, demanding ransomware payments that are oftentimes in the tens of millions of dollars. Global payouts exceeded $400 million in 2020, according to  The White House . The  Federal Bureau of Investigation's Internet Crime Complaint Center  recently reported that "Business E-mail Compromise (BEC) schemes ... [Read More]