November 10, 2023 at 07:00AM The US cybersecurity agency CISA, the NSA, and the ODNI have issued new guidance to help software vendors secure the software supply chain. The guidance focuses on assessing security measures throughout the software lifecycle, managing open source software and software bills of materials, and making recommendations for different phases of … Read more
November 7, 2023 at 05:38PM London-based cyber security business Risk Ledger has raised £6.25m ($8.5m) in a series A funding round led by Mercia Ventures. The company plans to use the funding to strengthen supply chains and develop tools to combat supply chain security attacks. Risk Ledger offers a social network approach to supply chain … Read more
November 7, 2023 at 01:52AM The Securities and Exchange Commission (SEC) has implemented a new rule requiring companies to disclose cybersecurity incidents and provide annual information on their cybersecurity risk management, strategy, and governance. The rule mandates the filing of Form 8-K within four business days of determining an incident as material, with enforcement starting … Read more
November 2, 2023 at 05:30AM The Forum of Incident Response and Security Teams (FIRST) has announced CVSS v4.0, the next generation of the Common Vulnerability Scoring System standard. This update aims to provide a more accurate assessment of vulnerabilities and introduces new metrics for assessment. It also emphasizes that CVSS should not be the sole … Read more
October 30, 2023 at 03:08AM CISOs today require a combination of technical and business skills. They must be critical thinkers who can contribute to strategic business discussions. They need to educate and communicate effectively with boards and decision-makers. CISOs benefit from diverse perspectives gained through different industries and roles. They must also promote a multi-layered … Read more
October 26, 2023 at 07:57PM Small and midsize businesses (SMBs) face significant challenges in managing cyber threats, including employee mistakes, third-party compliance needs, data privacy laws, the hybrid workforce, targeted attacks, and a changing threat landscape. A study from Sage revealed that almost half of SMBs have experienced a cybersecurity incident in the past year. … Read more
October 25, 2023 at 02:49PM Cybersecurity consolidation is key to reducing complexity and improving security outcomes for organizations. Adopting a platform that supports third-party integrations and taking an incremental approach are crucial. A consolidated platform provides centralized visibility, automation, and better compliance. It also addresses challenges such as the lack of cybersecurity skills and the … Read more
October 25, 2023 at 09:21AM The Cybersecurity Resilience Quotient (CRQ) is a proposed industry-wide metric to assess and improve organizations’ cybersecurity resilience. It goes beyond traditional metrics by considering factors such as asset criticality, exposure, vulnerability, risk tolerance, architecture defensibility, business process vulnerabilities, and incident response preparedness. The CRQ can be used for benchmarking, risk … Read more
October 25, 2023 at 03:33AM Effective security patch management is crucial for enterprises to strengthen their defense against ransomware. With a large number of applications to manage and frequent patches being released by software vendors, IT teams need a risk-based approach to prioritize patching. Factors like relevance to the organization’s IT ecosystem, exploitation in the … Read more
October 16, 2023 at 10:52PM Phishing attacks have been on the rise, with a 29% increase in detections reported by Trend Micro for 2022. These attacks are becoming more sophisticated, including tactics like spear phishing, whaling, and QR code phishing. Organizations need to implement a layered approach to email security, including capabilities like email gateway … Read more