26 matches found
Scoring the Unscorables: Cyber Risk Assessment beyond Internet Scans
In this paper we present a study on using novel data types to perform cyber risk quantification by estimating the likelihood of a data breach. We demonstrate that it is feasible to build a highly accurate cyber risk assessment model using public and readily available technology signatures obtaine...
USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multifactor Authentication
Today, the Cybersecurity and Infrastructure Security Agency CISA and the U.S. Department of Agriculture USDA released Phishing-Resistant Multifactor Authentication MFA Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authenticatio...
Rapid7 completes IRAP PROTECTED assessment for Insight Platform solutions
Exciting news from Australia! Rapid7 has successfully completed an Information Security Registered Assessors Program IRAP assessment to PROTECTED Level for several of our Insight Platform solutions. What is IRAP? An IRAP assessment is an independent assessment of the implementation,...
5 Key Questions CISOs Must Ask Themselves About Their Cybersecurity Strategy
Events like the recent massive CDK ransomware attack – which shuttered car dealerships across the U.S. in late June 2024 – barely raise public eyebrows anymore. Yet businesses, and the people that lead them, are justifiably jittery. Every CISO knows that cybersecurity is an increasingly hot topic...
Unified Identity – look for the meaning behind the hype!
If you've listened to software vendors in the identity space lately, you will have noticed that "unified" has quickly become the buzzword that everyone is adopting to describe their portfolio. And this is great! Unified identity has some amazing benefits! However there is always a however, right?...
Getting off the Attack Surface Hamster Wheel: Identity Can Help
IT professionals have developed a sophisticated understanding of the enterprise attack surface – what it is, how to quantify it and how to manage it. The process is simple: begin by thoroughly assessing the attack surface, encompassing the entire IT environment. Identify all potential entry and...
Navigating Threats – Insights from the Wallarm API ThreatStats™ Report Q3’2023
The world of digital technology is perpetually evolving, positioning cybersecurity as a frontline defense in safeguarding essential digital assets. A primary challenge in this sector, accentuated by the Wallarm API ThreatStats™ report Q3’2023, is ensuring robust API security. This in-depth report...
Part III: Implementing Effective Cyber Security Metrics that Reduce Risk Realistically
We outlined some critical cybersecurity metrics in Part I of this three-part blog series. In the final blog post, we will delve into three crucial aspects outlined in Josh’s article: tactical metrics for operational teams, strategic metrics for leadership, and the metrics addressing the...
3 Steps to Automate Your Third-Party Risk Management Program
If you Google "third-party data breaches" you will find many recent reports of data breaches that were either caused by an attack at a third party or sensitive information stored at a third-party location was exposed. Third-party data breaches don't discriminate by industry because almost every...
Cybersecurity Posture & Insurance Outlook with Advisen
Trend Micro’s Eric Skinner, and Advisen, an insurance data and analytics company, discuss the current threat landscape, cyber risk management, and how vendors and cyber insurers can champion enhanced cybersecurity posture...
Preventing Cryptocurrency Cyber Extortion
Highly destructive cybercrime is on the rise, and most of it is being funded with anonymous cryptocurrency. Discover cryptocurrency trends and how enterprises can enhance their cybersecurity posture to prevent cyber extortion...
#StopRansomware: MedusaLocker
CISA, the Federal Bureau of Investigation FBI, the Department of the Treasury Treasury, and the Financial Crimes Enforcement Network FinCEN have released a joint Cybersecurity Advisory CSA, StopRansomware: MedusaLocker, to provide information on MedusaLocker ransomware. MedusaLocker actors target...
Battling Cybersecurity Risk: How to Start Somewhere, Right Now
Between a series of recent high-profile cybersecurity incidents and the heightened geopolitical tensions, there's rarely been a more dangerous cybersecurity environment. It's a danger that affects every organization – automated attack campaigns don't discriminate between targets. The situation is...
An Inside Look at CISA’s Supply Chain Task Force
When one mentions supply chains these days, we tend to think of microchips from China causing delays in automobile manufacturing or toilet paper disappearing from store shelves. Sure, there are some chips in the communications infrastructure, but the cyber supply chain is mostly about virtual...
Feds Warn of Ransomware Attacks Ahead of Labor Day
Though lots of people might be taking some time off over the Labor Day weekend, threat actors likely won’t — which means organizations should remain particularly vigilante about the potential for ransomware attacks, the federal government has warned. Citing historical precedence, the FBI and CISA...
FBI-CISA Advisory on Ransomware Awareness for Holidays and Weekends
Today, the Federal Bureau of Investigation FBI and CISA released a Joint Cybersecurity Advisory CSA to urge organizations to ensure they protect themselves against ransomware attacks during holidays and weekends—when offices are normally closed. Although FBI and CISA do not currently have any...
CISA Announces Vulnerability Disclosure Policy (VDP) Platform
CISA has announced the establishment of its Vulnerability Disclosure Policy VDP Platform for the federal civilian enterprise, which will allow the Federal Civilian Executive Branch to coordinate with the civilian security research community in a streamlined fashion. The VDP Platform provides a...
Why Zero Trust Needs the Edge
Backhauling traffic destroys performance, and backhauling attack traffic can destroy even more. Nevertheless, in a traditional security deployment model, we are faced with the lose-lose options of either backhauling all traffic to the security stack or allowing some accesses to not go through the...
Reduce End-User Password Change Frustrations
Organizations today must give attention to their cybersecurity posture, including policies, procedures, and technical solutions for cybersecurity challenges. This often results in a greater burden on the IT service desk staff as end-users encounter issues related to security software, policies, a...
Critical Patch Out for Critical Pulse Secure VPN 0-Day Under Attack
Ivanti, the company behind Pulse Secure VPN appliances, has released a security patch to remediate a critical security vulnerability that was found being actively exploited in the wild by at least two different threat actors. Tracked as CVE-2021-22893 CVSS score 10, the flaw concerns "multiple us...