Risk Management articles

One common misconception about cybersecurity is that small businesses mean small cyber risks; but, in fact, businesses of all sizes need to stay vigilant in the face of cyber threats. As distressing as those stats are, the worst news comes after a cyberattack. It is estimated that 60% of small businesses closed their doors within 6 months of a breach – meaning the hack was so bad that it left irreparable damage in its wake. Getting to a level of […]

The Cybersecurity & Infrastructure Security Agency (CISA) recently released its latest report — covering 2022 Cross-Sector Cybersecurity Performance Goals (CPGs). These goals demonstrate a continued focus on the cybersecurity and risk management of small to medium-sized companies. These businesses are dealing with budgetary and resource constraints yet fall victim to the same kind of attacks that bedevil enterprise companies. In this article, we’re going to talk about the report, why it’s important for organizations of all sizes, and share our […]

According to a McKinsey survey, the COVID-19 pandemic sped up digital transformation — or digitalization — by several years. Digital interactions between customers and organizations soared to 58%, three years ahead of expectations. And the percentage of businesses that now offer some form of digital product or service is at 55%, seven years ahead of expectations! Digitalization greatly improves efficiency. For example, bookkeeping software connects directly with bank accounts so that a company can track all its expenditures and income […]

As a small business, you probably think you’re small potatoes to hackers. Unfortunately, the opposite can often be true. Smaller businesses that are part of supply chains are frequently chosen by hackers because they are an easy target as a valuable foot in the door to a substantially larger company. In fact, in 2022, businesses reported that about 1 in 5 data breaches came from a supplier. You want to be seen as an asset to the companies you serve, […]

In our previous two articles in this series, we talked about what an Incident Response (IR) plan is and how to get your team familiar with its steps and the process using tabletop exercises. In this article, we’re going to go into detail on what happens during IR and the nitty-gritty of what makes an IR plan work. An IR plan and robust IR strategy are both vital to ensure that a company recovers properly from an incident. Even companies […]

The thought of the Rams going onto the field with the 49ers without first spending months practicing would be unheard of. And the same is true of responding to cyberattacks in a company. Firefighters do fire drills. Actors do dress rehearsals. And IT and security teams do tabletop exercises. Tabletop exercises are a low-stress rehearsal of what might arise during an emergency situation. In this case, a cyberattack. Participants sit and discuss a scenario and their potential responses to it. […]

A swift and adequate response to an active cybersecurity threat can mean the difference between your company surviving the incident or going under. Small to mid-sized enterprises (SMEs) are especially at risk because they are looked upon as low-hanging fruit by hackers and they tend to have fewer defense and response mechanisms in place than larger corporations, especially because of budget constraints. According to IBM’s Cost of a Data Breach Report for 2021, the average cost of a breach was […]

The year 2021 saw ransomware attacks rising by a jaw-dropping 92%. And 22 billion records were exposed across 4,145 publicly disclosed attacks. Considering that a breach will cost companies an average of $4.5 million, the need for cyber insurance has never been so high. But what is cyber insurance exactly, and is it right for your business and industry? In this article, we will try and answer the questions most frequently asked about cyber insurance. 1. What exactly is cyber […]

In September 2022, an 18-year-old hacker leveraged sophisticated social engineering techniques to smash into Uber’s network. Once inside, the hacker rummaged through a file share and found privileged credentials that gave access to enormous swathes of Uber’s source code and corporate cloud platforms. Luckily, no trip data was taken, according to Uber. But trusting luck is a terrible strategy for cybersecurity. How did the Uber hack happen? According to an official statement by Uber, the breach was carried out when […]

As organizations mature, they are exposed to ever-increasing internal and external risks. Internally, from the danger of executing projects with the same entrenched and unsecured processes. Externally, from the threat of cyberattacks that take advantage of any chink in the security armor. Few initiatives sit at the intersection of these concerns as the creation of a Security Operations Center (SOC). Building a SOC requires new tools and technology, diligent work with partners and vendors, as well as successful recruitment and […]

“A lock only keeps honest people out.” With the current cybersecurity threat landscape, SMEs need to secure their organization to lower their exposure to risk. While there are a lot of tools available that are designed to mitigate or prevent threats, employing the proper framework and approach that aligns with your cybersecurity goals will make the most difference in your planning efforts. Modern threats require modern approaches, and we can only prevent what we can anticipate. Because of this, it’s […]

Why oh why is cybersecurity so complex? I was at an event recently and the keynote speaker talked about how security is unique in its incredibly minimal consolidation. In the cloud, you have arguably three major players (Amazon, Microsoft, and Google). In mobile phones a few. In almost any area of life, consolidation happens (auto’s maybe 10, TV’s 3-4, etc). Yet, in information security, no one company has greater than 5% of the market. The equivalent of cyber security is […]

Software vulnerabilities are a fact of life with more identified every day. In 2021, 28,695 new vulnerabilities were discovered in production software. These vulnerabilities can potentially create a backdoor to companies, letting attackers come in and out as they please. However, some vulnerabilities are significantly more dangerous than others with widespread impact. Many of these high-impact vulnerabilities — such as Log4j and Follina — are zero-days, where vulnerabilities are exploited by cyber threat actors in the wild before they become […]

Risk management is a core part of any organization’s business processes. Without the ability to manage risk, an unforeseen event could put the company out of business. Effective and comprehensive risk management requires an understanding of what can go wrong, how to minimize the probability of a risk event occurring, and how to recover if something does go wrong. In many ways, managing risk for the business is similar to owning a car. Car ownership comes with significant risks and […]