Separation of duties is a critical factor for effectively managing business risk. Executives understand the importance of financial oversight and hire CPA firms to double check the work of their CFO. The same rules apply to managed IT service providers and cyber security oversight. There is a troubling trend among IT service providers as they...Read More
Ransomware and other types of cyber incidents are now commonplace discussion topics in boardrooms for companies large and small. Fear of exposure, disruption, and financial loss are leading contributors to the conversation. In fact, nearly three quarters of US CEOs in Price Waterhouse Coopers 24th Annual Global CEO Survey said they are “extremely concerned” about...Read More
Recent world events in Ukraine have once again focused the business on the potential impact of cyber-attacks as a means of disrupting business. This trend is particularly troubling for the automotive supply chain because the symbiotic nature of these relationships means one attack could ultimately interrupt product shipments for many companies. Looking across the supply...Read More
It’s an age-old question what came first, the chicken or the egg? This paradigm illustrates the challenge organizations face when contemplating a risk assessment. Should they fix known issues before an assessment…or should they complete the assessment and follow the prescribed recommendations. It’s an interesting question. One that can be overshadowed by the internal team’s...Read More
It’s no secret that the world gets smaller every year. Globalization of industry and trade has created ever-expanding opportunities, sometimes to the detriment of businesses and individuals. The internet is a critical variable in this equation as it delivers instant access to resources worldwide and produces a growing industry focused on cyber-crime. There is a...Read More
A risk management framework (RMF) is an organization’s security controls road map for managing its cyber risks. RMFs define how the people in an organization utilize processes to manage technology, ensure oversight, and reduce risk exposure. The framework often serves multiple purposes, from evaluating the maturity of security controls to demonstrating due diligence in securing...Read More
The recent discovery of Log4J and its widespread impact on businesses highlights the importance of scanning networks to identify and mitigate software vulnerabilities. But periodically scanning networks is the easy part of building an effective vulnerability management program. Since these “programs” aim to identify and fix software vulnerabilities, ongoing management must include a schedule of...Read More
Let’s face it everyone wants to keep things as simple as possible. n a perfect world, there would be a “single” cyber security technology that protected every organization from all cyberthreats. but, unfortunately, the complex nature of building and managing an effective cyber security program cannot be done with a single technology…simply stated there is...Read More
Working from home has settled in as the new normal, so there are many new risks that enter your business data protection equation. Cyber risk in your company is growing. Don’t kid yourself…it’s not just the big companies that are the targets of attacks. Companies just like yours are being attacked daily (link to https://cyware.com/category/breaches-and-incidents-news)....Read More
Every workplace has made changes during the COVID-19 pandemic. With employees struggling to balance changing business dynamics, many companies are pushing cybersecurity concerns down on the list of priorities. Deprioritizing cybersecurity is a mistake. The migration to work from home environments introduces new variables that increase exposure to malware attacks, phishing, and other cybercrime. In...Read More
