-
A painful reality: Vulnerabilities are not created equal!
Vulnerabilities should be looked at in perspective and considered very discreetly. What is a critical vulnerability for one organization may be less so for another, we must treat them accordingly. The recent Progress Software MOVEit’s breach proved once again the necessity for that level of examination and analysis within organizations. The hack of this managed…
-
Back to the Basics; The Latest CISO Thriller!
We must get back to the basics! Even now we still don’t cover the basics. In many cases, the foundational pieces are not in place, starting with policies and procedures. Any program first needs to set rules of the game, and the world of cybersecurity is no different. We need to establish policies that will…
-
Do you have a security plan in place?
It may seem clear-cut that organizations should have a security plan in place, but the reality is that many don’t. When we talk about protecting an organization, we are typically looking at its risk exposure. If we do not have a first-rate way to identify and quantify the risk, then it is exceedingly difficult to…
-
To be or not to be: determining materiality
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requires companies operating in critical infrastructure sectors to report covered cyber incidents within 72 hours of their reasonable belief that a cyber incident has occurred and report within 24 hours after a ransom payment. Critical infrastructure sectors, as defined in a 2013 presidential policy…
-
The Supply Chain Cyber Risk Conundrum: A Practical Approach
We are business leaders. When we talk about supply chain, we are tasked to expand our focus beyond cyber risks to look at things that have a larger impact on our organizations, such as: the diversification of supply and suppliers, reducing carbon footprints, governance issues, and other matters of importance in the business world. But…
-
The Cure To The Symptom Syndrome
CISA — the U.S. Department of Homeland Security agency responsible for strengthening cybersecurity and infrastructure protection — recently put out an advisory about the malicious use of legitimate remote monitoring and management software. By gaining access to this software, hackers have the power to pull files, look at what you are doing, turn on your…
-
Mitigating Symptoms Instead Of The Root Cause
I am a firm believer in concerted industry action. One thing we might want to put our collective muscle behind is doing more to address the roots of some of the problems we face, rather than the symptoms. Take email phishing, for example. It’s still very, very prevalent, and the global shift to remote work…