Risk Management articles

We spoke to Brian Stuckey, a cybersecurity and risk management expert, investor, and co-founder who provided helpful insight and expertise for this article. Starting any new business is difficult and startups who are looking to be the next unicorn or IPO face many challenges as they try to grow, scale their services, and increase their customer base as quickly as possible.  These startups will undergo rigorous due diligence from investors that are considering putting money behind their company. This is […]

We’re thrilled to have a guest blog contributed by one of our technology partners, Right-Hand Cybersecurity. Right-Hand is a group of mission-oriented individuals driven to shift the power away from the adversary and back into the hands of businesses. Enjoy the article! You may relate internet attacks with large organizations. However, cybercriminal activity affects businesses of all sizes. Small and medium-sized enterprises (SMEs) are no exceptions.  On top of that, every one in five SMEs becomes a cyber victim, and […]

Security and company leaders have a difficult challenge when it comes to securing their organization and properly managing their risk. Here’s just a sampling of their challenges and what they face: The complexity is compounded for smaller companies who have to allocate resources sparingly. What options do they have and how can they prioritize actions that will make them more secure?  We’ve put together a list of 5 cybersecurity must haves for any organization, regardless of their size or industry. This […]

As cybersecurity demands increase, the available pool of talent is not keeping up with the pace. And over the last few years, the already profound talent gap has continued to expand. According to the latest (ISC)² Cybersecurity Workforce Study, there are 2.7 million unfilled infosec positions worldwide. And it’s estimated that the cybersecurity workforce needs to grow 65 percent to meet global demand. Given that cyberattacks are becoming more frequent and sophisticated, now isn’t an ideal time to be playing […]

There’s a new vulnerability making waves across the cybersecurity industry and the business media at large. It’s called log4j, it’s a zero-day exploit, remote code execution vulnerability, and is found within a number of various third-party vendors, infrastructure providers, and SaaS companies. Because these companies are major third-party providers, the number of companies, sites, and services impacted are wide. A zero-day exploit or vulnerability refers to the fact that the vulnerability is unpatched and is often discovered by hackers first, […]

The holiday shopping season is well underway and it’s often one of the busiest for retailers, eCommerce companies, and others who seek to use the holiday as an opportunity to offer discounted prices on their most popular products. Online shopping reached $8.9B on Black Friday and $10.7B on Cyber Monday and Google estimates that, on average, websites can see a traffic increase of 300% during the holiday shopping season. However, this period can also be a holiday for hackers who […]

Much to the chagrin of security professionals, cybersecurity best practices are often seen as a nuisance by employees outside of the security and IT teams. The consensus is that security slows down processes, and limits autonomy and training is one more thing to check off the list. But employees are ultimately your biggest vulnerability, so in order to move the needle and actually improve your security posture, you need participation from all teams. IT needs to patch software, employees must […]

Managing cybersecurity vendors wasn’t the daunting task it is these days. Not too long ago, organizations were bound by a perimeter, and it was simpler to piece together a set of capabilities to stay safe and secure. Businesses of all sizes followed a surefire formula that kept most of them safe. With the introduction of the cloud and the push for digital transformation, everything changed. The perimeter has largely evaporated — companies rarely own their servers and entire teams are […]

In a recent Right Hand Security, Front Lines event, SolCyber Chief Technology Officer David Emerson interviewed cybersecurity expert and friend of SolCyber, Scot Hutton, on how cyber leaders can more effectively communicate with boards to make positive changes that will increase a company’s security posture. Below are key takeaways from their conversation. You can also watch the full interview on YouTube. Much to the dismay of security professionals, implementing secure strategies doesn’t always fall under their purview. Cyber professionals can […]

Ransomware is quickly becoming the number one threat for nearly all organizations. Over the last few years, ransomware attacks have skyrocketed with COVID fueling the number of incidents levied on various organizations. In 2020, ransomware attacks rose 485% and payouts also hit a record high, reaching an average of $312,000 in 2020. This trend isn’t stopping in 2021, either. The banking industry alone saw a 1318% increase in ransomware attacks in the beginning of 2021. This evidence alone should demonstrate […]

For those of you who are just joining us, I’m retired Marine and security expert Scot Hutton and I’ve been invited by my friends at SolCyber to write a blog series on security that matters. So far, I’ve covered why ransomware has forever changed the security landscape for small and mid-sized businesses (SMEs) and explained why now is the time for SMEs to invest in cybersecurity. In this post, I’ll cover security frameworks and why in many cases, they don’t […]

‘Hi Scott, nice talking with you. We’ve got AV, some firewalls and spam filters for email…isn’t that enough?  I think we are pretty secure”  This is probably the most consistent interaction I have with customers in the mid-market. But what is ‘enough’ security? It’s a question I get asked almost every day because it’s becoming increasingly difficult to answer. Part of that is due to the changing nature of the threats organizations face, but it’s also because our security mindset […]

Up until recently, it was thought that companies only needed a detailed security program if they were handling sensitive data. If you weren’t collecting customers’ credit card information, data related to their personal health or wealth, or other private data, you were likely safe from the most persistent cyberattacks, specifically ransomware attacks. With ransomware, an attacker can lock up your business’ data or systems and demand your business pay a sizable ransom to decrypt and unlock said data. The larger […]

The MSSP market is crowded, and it’s not easy for a CISO to find the right provider for their organization. There are many factors to consider and making a mistake can be expensive, squander precious time, and may inadequately protect your organization. Here are some considerations for navigating this landscape and identifying the right MSSP for your company. Firstly, what is a CISO’s priority? Partnering with an MSSP is one of the most impactful decisions you can make for your […]