Risk Management articles

Companies that use managed services to close key skills gaps experience a 2.4x better “performance premium” than companies that use no managed services, according to a PwC survey of 2,000 companies. This premium includes both revenue growth and profit margin. A significant skills gap, that affects two-thirds of all companies, is the perennial cybersecurity labor shortage. According to the most recent ISC2 Cybersecurity Workforce Study, the world needs 4 million cybersecurity professionals to close this gap, even though the global […]

How hard can text-based scripts really be? The fact that we’ve had to split this article into two parts probably gives you a hint at the answer: very hard indeed.

How hard can text-based malware really be? The fact that we’ve had to split this article into two parts probably gives you a hint at the answer: very hard indeed.

Businesses looking for a cybersecurity solution might feel confused about the terms used to describe various offerings. Writers often (and mistakenly) utilize the terms MDR (managed detection and response) and MSSP (managed security service provider) interchangeably, adding to the confusion. Making matters worse, one provider’s MDR service doesn’t equal another — the same goes for MSSPs. Although MDR and MSSP are umbrella terms, the way each company provides each service differs.  Each type of provider has its benefits and downsides […]

We take a look at how cybercriminals go about scamming both purchasers and suppliers, and what you can do to protect yourself and your business.

There are plenty of security “precautions” out there that simply don’t provide the protection they promise.

Learn how cybercriminals get your server to do their dirty work for them through the use of webshells.

Credential stuffing is all over the news at the moment. But who should bear the cost?

Effectively building, implementing, and operationalizing a cybersecurity strategy is no small feat, and often requires significant employee power and resources — resources that many businesses don’t have. The skills needed to develop and implement a security strategy are incredibly technical, and the security labor shortage has meant most talent is scooped up by large enterprises. That leaves many businesses with few options, including outsourcing security to a third party, delegating security tasks to IT, or skipping cybersecurity efforts altogether. While […]

Strategies for Safe and Private Communication for Organizations Malware and phishing scams aren’t the only cybersecurity risks that emails pose. The content of the emails themselves can be its own risk factor. Email content can include a treasure trove of exploitable information for cybercriminals. Employees may send passwords or social security numbers via email or share sensitive company information with no way of retracting the email once it’s sent.  John Podesta, Hillary Clinton’s campaign manager in 2016, had his Apple […]

So many breaches! Such dramatic graphs! So much malware! Such huge numbers!

As the tech landscape becomes increasingly vast yet more interconnected and bad actors utilize more advanced techniques, the process of building a security strategy and implementing that strategy is becoming ever more complex. Although new point solutions and service offerings are emerging to address some of those complexities, it doesn’t do much to help businesses that don’t have the expertise, time, or budget to operationalize a whole security tech stack. This speaks to the larger problem of operationalizing cybersecurity. As […]

Malware writeups used to tell you everything there was to know about each new threat. But life’s not like that today, and it’s not because threat researchers aren’t as smart or as diligent as they used to be!

Cybersecurity is constantly evolving. As technology changes, new threats emerge, and companies are forced to find new ways to defend their organizations against those threats. Every so often, however, changes build to the point that the old way of doing things no longer works and a seismic shift is necessary. The cybersecurity industry is currently at this inflection point where something has to change. Breaches are on the rise and attackers are increasingly successful in their efforts. Cybersecurity is becoming […]