Security Experts:

long dotted


Industry professionals comment on the Windows crypto vulnerability patched this week by Microsoft and the NSA’s decision to disclose the flaw. [Read More]
Siemens has addressed several vulnerabilities this week and warned organizations about the security risks associated with the use of ActiveX in industrial products. [Read More]
Cloudflare has announced a suite of services for the cyber-protection of political campaigns in the United States and worldwide. [Read More]
High-risk users are aware that they are more likely to be targeted by hackers compared to the general population, but many of them still have bad security habits, a Google survey shows. [Read More]
Google has simplified the enrollment process for its Advanced Protection Program and it now allows users to activate a security key on their iPhone. [Read More]
Windows 7 has reached end of life, but hundreds of millions of PCs worldwide still run the operating system, which leaves them at increased risk of cyberattacks. [Read More]
A bill introduced by Senator Tom Cotton would ban the sharing of intelligence with countries that use Huawei technologies in their 5G networks. [Read More]
Cybersecurity professionals comment on the threat posed by Iran to critical infrastructure and industrial control systems (ICS) after the US killed Iranian general Qassem Soleimani. [Read More]
MITRE released a version of its ATT&CK knowledge base that is specifically designed for industrial control systems (ICS). [Read More]
The US Department of Homeland Security has issued warnings about the possibility of cyberattacks launched by Iran in response to the killing of Qassem Soleimani. [Read More]

FEATURES, INSIGHTS // Risk Management

rss icon

AJ Nash's picture
Once we shed the shackles of “cyber” and “threat,” we free our teams to consider a full spectrum of intelligence, including support to physical security, insider threats, procurement, mergers and acquisitions, and executive decision-making.
Fred Kneip's picture
While some forward-thinking companies have created c-suite positions for IT and security personnel such as CTOs and CISOs, these are, overall, still relatively rare.
Josh Lefkowitz's picture
The successful execution of each step of the intelligence cycle relies on the successful execution of the step that came before it.
Fred Kneip's picture
Third party cyber risk management programs need to go beyond an initial scan and evaluate your third party’s security from the inside out.
Josh Lefkowitz's picture
It’s crucial to recognize that annual security predictions generally only include that which can be feasibly predicted by the final months of the prior year.
Marie Hattar's picture
The solution: every week, devote at least two hours to basic cyber hygiene. Four best practices will help your team build habit from repetition.
Joshua Goldfarb's picture
Security metrics is a topic that, while challenging, is also important and at the top of the priority list for security organizations. Here are five tips for leveraging security metrics to keep your organization out of the lion’s den.
Craig Harber's picture
As long as organizations continue to employ simplistic “set it and forget it” security approaches, they will be forced into playing reactive, catch-up defense against cyber attackers.
Fred Kneip's picture
Employing a third party adds risk, especially if that company is given some level of access to network and computing resources, or is asked to handle and protect critical or proprietary information.
Marc Solomon's picture
National Cybersecurity Awareness Month (NCSAM) is a great vehicle to raise awareness for cybersecurity and to remind every organization that the ability to improve security operations begins with contextual awareness.