October 8, 2024 at 09:58AM A recent cyberattack on US auto dealerships highlights the need for prioritizing IT security, involving the entire C-suite, and balancing cybersecurity spending and technology. CEOs’ engagement in planning and response, conducting business analysis for cyber spending, and implementing advanced technologies are essential. Collaborating with cybersecurity experts and understanding the impact … Read more
May 28, 2024 at 11:02AM Generative AI presents new risks, prompting the SEC to introduce cybersecurity rules for publicly traded companies. Clorox incurred $49M in costs due to a cyberattack, with ongoing financial impacts. Prudential Financial voluntarily disclosed a breach, and UnitedHealth faced a massive attack that could cost up to $1.6B. Lessons emphasize visibility, … Read more
May 7, 2024 at 04:54PM The Known Exploited Vulnerabilities (KEV) list, introduced by the Cybersecurity and Infrastructure Security Agency in 2021, aims to accelerate remediation times for high-risk threats. Congressman Jim Langevin’s legislation created the list to prioritize vulnerabilities for remediation. Data shows an increase in remediation timelines, but ransomware vulnerabilities receive the highest priority. … Read more
February 15, 2024 at 09:13AM Threat actors are conducting an innovative “smishing” campaign using AWS SNS and a custom script to impersonate the US Postal Service. This abuse of cloud-based messaging platforms reflects a growing trend. The SNS Sender attack lures users with fake USPS notifications to steal personally identifiable information and payment-card details. Businesses … Read more