Working as security consultants is highly rewarding. Companies depend on us to view their environment from the perspective of an attacker and find vulnerabilities that could enable threats to succeed. One of the most impactful parts of our role is when we’re the first to find a major vulnerability that could lead to a widespread compromise beyond just

Many companies around the world with industrial operations environments, commonly referred to as operational technology (OT) environments, do not invest the same resources to protect OT systems as they do to secure their corporate enterprise environments. Yet, these same companies are investing significantly to transform these environments with modern techn

One of the first questions I ask when working with an organization is “Why are you interested in making FAIR (Factor Analysis of Information Risk) a part of your standard risk management practice?” The answer is different for every client, and that truly highlights the value of risk quantification. We can apply risk quantification to a number of

Risk management and risk assessments go hand in hand, and most organizations have completed a security assessment based on maturity models at some point in their existence. However, more companies are realizing the need to complement maturity models with a risk-based approach for assessing their cybersecurity positions. One such risk-based approach is based

Zero trust remains one of the best ways for companies to reduce total risk. By knowing the potential risk of any request — both inside and outside the enterprise network — rather than assuming good intentions, companies can limit potential attacks. Deploying a zero trust framework at scale, however, may cause frustration. It increases operationa

In the post-COVID-19 economy, cyber risk and cybersecurity will play a central role in unlocking mergers and acquisitions (M&A) deal valuations. While economic uncertainty has contributed to a decline in M&A activity in the first half of 2020, many analysts expect an increase in deals during 2020-21 based on several conditions. The Mergers and Acqui

Video conferencing applications grew substantially following the outbreak of the coronavirus (COVID-19) global pandemic. According to Research and Markets article “Video Conferencing Demand Rises due to Social-Distancing,” video conferencing software experienced 62 million downloads in March 2020. This increase in use resulted from businesses ado

The global pandemic has been dictating how the whole world is reforming, businesses included. Different forums and analyst reports are increasingly calling out the future of businesses as they are moving their workloads to the cloud gradually. IDC “expects 2021 to be the year of multi-cloud” as the global COVID-19 pandemic reinforces the need for business to

The European Agency for Cybersecurity ENISA has released a tool for the mapping of international security standards to interdependencies’ indicators. ENISA has released a tool for the mapping of international security standards to interdependencies’ indicators that have been introduced and demonstrated in the report Good practices on interdependencies bet

According to the recent X-Force Threat Intelligence Index 2020, more than 8.5 billion records were exposed due to breaches in 2019, of which 86 percent were due to misconfigured assets. These issues affected only half of the records breached in 2018, and as the 2017 report stated, 70 percent of the 2.9 billion records lost that year were due to misconfigurat

In 2019, we saw a record number of information security breaches. According to the IBM X-Force Threat Intelligence Index 2020, a total of 8.5 billion records were compromised — three times the number from 2018. The healthcare industry saw its fair share of attacks and was the 10th-most targeted industry, accounting for 3 percent of all attacks last year. Th

With regard to BCSI (BES (Bulk Electric System) Cyber System Information) in the cloud, responsible entity sentiments at the moment may be akin to Prince Hamlet as he contemplated death and suicide, “bemoaning the pain and unfairness of life but acknowledging that the alternative might be worse.”As currently written and subject to enforcement, components of

The medical internet of things (IoT) is no longer a futuristic concept. It is here today, and it includes devices you may have never considered a part of the patient care ecosystem, such as elevators, beds, exit signs and clocks. Between those operational technologies and the devices the U.S. Food and Drug Administration (FDA) has already deemed critical, th

Threat modeling is a process by which potential threats can be identified, enumerated and prioritized, all from a hypothetical attacker’s point of view. The purpose of threat modeling is to provide defenders with a systematic analysis of the probable attacker’s profile, the most likely attack vectors and the assets most desired by an attacker. Ef

Let’s face it: Vulnerability management is not what it used to be a decade ago. Actually, it is not what it used to be a couple of years ago. Vulnerability management is one of those ever-evolving processes. Whether it is because of compliance mandates, board demands, an overall desire to reduce risk, all of these objectives or none, almost every organ