Cyber Insurance and Proactive Security: Not an either or proposition.
Earlier last month, CNA Financial reportedly paid a $40 million ransom after a ransomware attack and the CEO of Colonial Pipeline Co. admitted that his firm paid $4.4 million to a criminal gang after a ransomware attack led the company to shut down its 5,500 mile-long pipeline for nearly a week. It’s not clear whether Colonial Pipeline and CNA […]
Guidance on preventing or limiting the impact of ransomware attacks.
In view of two major ransomware attacks, the Colonial pipeline and JBS, it’s time to refocus on proactive cyber security as time and again reactive security controls have failed to prevent large scale and targeted ransomeware attacks. Here is a glimpse of the state of things when it comes to ransomware attacks: (Courtesy: Combating Ransomware – Ransomware Task Force […]
APJ Webinar: “Inside-Out” Third Party Security Assessments – A New Approach
Webinar: “Inside-Out” Third Party Security Assessments – A New Approach
Imbalance between proactive and reactive cybersecurity
NIST Cybersecurity Framework (aka Framework for Improving Critical Infrastructure Cybersecurity) is an excellent resource for all organizations. There are 3 components to the framework as below: Core – Provides a set of desired cybersecurity activities and outcomes using common language that is easy to understand. Tiers – These implementation Tiers help assist organizations by providing […]
Third Party Cyber Risk Management (TPCRM) is incomplete!
Overview In this blog article, let us take a look at the current approach to Third Party Cyber Risk Management (TPCRM), what it leaves on the table and what is really desirable. Most organizations today work closely with their business ecosystem which is key for business continuity. This business ecosystem includes but is not limited […]
Proactive Security of your AWS Cloud
Cloud adoption has increased exponentially over the years. 94% of enterprises use the cloud already. There used to be two main camps of cloud users as below: Cloud users who were skeptical of security of public cloud in the first place. Cloud users who believe that public cloud takes care of all security aspects automatically […]
Gartner Top Security Projects for 2020-21
Security and risk folks are constantly trying to improve security without impacting business productivity. It is key to determine which projects will drive most business value while reducing risk. In September 2020, Gartner published their recommendations for Top 10 Security Projects for 2020-21 that security and risk management leaders should focus on. Here is a […]
Frictionless Vulnerability Assessment
Vulnerability assessment and management is a critical piece in the cybersecurity program for any organization. Most organizations perform periodic vulnerability scans. However, traditional vulnerability scanning tools have largely resulted in a painful experience for customers. This is due to multiple reasons as below: Need to install agents or scanner appliances across the fleet These agents […]
Vulnerability management for your remote workforce using ThreatWorx
In an earlier blog article, we had a look at the challenges that organizations are facing with vulnerability management (VM) for their remote workforce. We briefly described what a Next Generation Vulnerability Management solution should look like for these scenarios. To summarize a Next Generation VM needs to be a cloud-based service which can provide […]