Tag: Risk Management

Pair of Reports Paint Picture of Enterprise Security Struggling to Keep Up

The costs associated with data breaches continue to grow at a pace that exceeds the resources available to protect the organizations dealing with the breaches. Two new reports, from IBM and EY, make that same point with different data and slightly different, but definitely related, conclusions. Together they provide a picture of security incidents that are inevitably expensive but can be made less so through careful planning.

With approaches that include working to prevent incidents and preparing to deal with incidents when they do occur, the studies show that many organizations have yet to effectively create a cybersecurity strategy that meets the needs of the business — or the incident at hand.

Read more about the findings of the two studies on DarkReading.

What is enterprise risk management? How to put cybersecurity threats into a business context

Enterprise risk management (ERM) is the process of assessing risks to identify both threats to a company’s financial well-being and opportunities in the market. The goal of an ERM program is to understand an organization’s tolerance for risk, categorize it, and quantify it.

Risks posed by the cybersecurity threat landscape are increasingly part of the ERM equation, and that poses a challenge for CISOs and other senior security professionals. Quantifying the business impact of a cybersecurity event is a very difficult, if not impossible task, and quantifying the likelihood of such an event is even harder.

Learn more about cybersecurity risk management and its challenges on CSO.

Most Fortune 50 companies unprepared for major DNS attack

ThousandEyes has found that 68% of the top 50 companies on the Global Fortune 500 rankings are not adequately prepared for the next major attack on the DNS. Additionally, researchers found similar vulnerability among 44% of the top 25 SaaS providers, as well as 72% of the FTSE 100 companies.

“Because Digital Experience is so central to a brand’s success these days, it’s critical that businesses understand that not all DNS infrastructures are created equal — performance and risk exposure varies widely between providers and geographies, so they need to be aware and base decisions on data relevant to their market,” said Craig Matsumoto, Senior Analyst at 451 Research.

Read more about the findings of the new report on Help Net Security.

Privileged account practices are poor, and IT security teams know it

One Identity released new global research that uncovers a widespread inability to implement basic best practices across identity and access management (IAM) and privileged access management (PAM) security disciplines, likely exposing organizations to data breaches and other significant security risks.

Among the survey’s most surprising findings are that nearly one-third of organizations are using manual methods or spreadsheets to manage privileged account credentials, and one in 20 IT security professionals admit they have no way of knowing if a user is fully deprovisioned when they leave the company or change their role.

Read more about these disturbing findings on Help Net Security.

Four critical KPIs for securing your IT environment

In 2018, the average cost of a data breach is more than $3.75 million, and experts expect this number to rise in the coming years. This staggering—and potentially catastrophic—cost per incident is why implementing proper security practices is so important, so it is vital that enterprises both large and small understand how to secure their IT environments successfully.

So, what should you be measuring when it comes to your security program? As the old saying goes: If you can’t measure it, you can’t manage it.

Read about four Key Performance Indicators (KPIs) that can help enterprises navigate the murky waters of cybersecurity and reduce anxiety surrounding the possibility of cyber attacks, on Help Net Security.

5 tips to secure your supply chain from cyberattacks

Last week, a bombshell Bloomberg report alleged that Chinese spies had secretly inserted microchips on servers at Apple, Amazon, the US Department of Defense, and nearly 30 other US companies, collecting data and compromising the supply chain—an act that, if true, has a number of implications for businesses.

The bad news is that it’s essentially impossible to secure supply chains from attacks like this, according to a post from Krebs on Security. Even if you identify technology vendors that have been associated with supply-chain hacks, he wrote, it’s hard to remove them from the procurement chain, because it can be difficult to tell from the brand name of a given device who actually makes the different components in it.

Despite the difficulties, there are certain things that businesses can do to mitigate the threat of supply chain hacks. Read about these on TechRepublic.

Cybercrime: The Complete Guide to All Things Criminal on the Web

The idea of using the internet to commit crimes isn’t new, but the problem continues to grow as people become more reliant on the internet for making purchases and storing personal information. Just as you’d take steps to defend yourself from crime in a major city, you should do so while using the internet. Sometimes, avoiding a questionable areas isn’t enough.

To help you out, Cloudwards has published a new guide to cybercrime that explores the most potent threats on the internet today.

Read the full overview of the common kinds of cybercrime, which includes real-world examples and suggest tools you can use to protect yourself, on Cloudwards.

Global spending on security solutions to reach $133.7 billion in 2022

Worldwide spending on security-related hardware, software, and services is forecast to reach $133.7 billion in 2022, according to IDC. Although spending growth is expected to gradually slow over the 2017-2022 forecast period, the market will still deliver a compound annual growth rate (CAGR) of 9.9%. As a result, security spending in 2022 will be 45% greater than the $92.1 billion forecast for 2018.

Security-related services will be both the largest ($40.2 billion in 2018) and the fastest growing (11.9% CAGR) category of worldwide security spending. Managed security services will be the largest segment within the services category, delivering nearly 50% of the category total in 2022.

Read more about the details of the IDC forecast on Help Net Security.

Keeping your cloud malware-free: What you need to know

This year we’ve seen massive malware attacks spanning from nation state campaigns originating in North Korea and Russia to popular restaurants and everything in between. Each new incident serves as a grim reminder to business leaders that hackers will not relent. Yet with cloud adoption growing rapidly in the enterprise, the odds of a malware infection spreading and leading to a potential breach are increasing.

According to a study conducted by the Ponemon Institute, almost 90 percent of businesses believe an increase in cloud usage will increase the probability of a data breach – and this trend isn’t going away anytime soon.

Learn how you can protect your data in the cloud on Help Net Security.

7 Steps to Start Your Risk Assessment

“Managing risk is one of the most, if not the most important, functions in an organization,” says Tony Martin-Vegue, enterprise security management strategist for LendingClub, a peer-to-peer lending company based in San Francisco. “It’s really important to have a structured, formalized process for measuring risk, managing risk, and the entire remediation process.”

Large organizations will have teams dedicated to assessing and re-assessing risk on a regular basis. Small organizations may lack the team, but they will not lack the need to understand what risks IT faces and how those risks are reflected in the rest of the business units.

Read about seven steps that apply to a variety of frameworks — and that are applicable no matter where the risk assessment process takes your organization, on DarkReading.