The Center for Strategic and International Studies compiled a list of significant cyber incidents dating back to 2003. Compiling attacks on government agencies, defense and high-tech companies or economic crimes with losses of more than a million dollars, this list reveals broader trends in cybersecurity for the past two decades.…
Read MoreI was talking to an analyst firm the other day. They told me that a lot of organizations purchase a security information and event management (SIEM) solution and then “place it on the shelf.” “Why would they do that?” I asked. I spent the majority of my career in hardware…
Read MoreThis post was written with contributions from Joseph Lozowski. Comprehensive incident preparedness requires building out and testing response plans that consider the possibility that threats will bypass all security protections. An example of a threat vector that can bypass security protections is “shadow IT” and it is one that organizations…
Read MoreVulnerability management is the time-consuming process of finding and patching a seemingly unlimited number of potential risks. The National Institute of Standards and Technology (NIST) reports more than 23,000 new vulnerabilities for 2022, where more than 17,000 are classified as critical. For many organizations, simply prioritizing vulnerabilities becomes a monumental…
Read More