Tag: risk-management
-
Europäische Unternehmen haben keinen (Krisen)-Plan
by
in SecurityNewsEine aktuelle Studie zeigt Defizite im Risikomanagement von Unternehmen auf beiden Seiten des Atlantiks.Internationale und nationale, politische und unternehmerische Krisen häufen sich. Gleichzeitig sind viele Unternehmen nicht ausreichend darauf vorbereitet. Zu diesem Ergebnis kommt eine Studie von Economist Impact im Auftrag von FTI Consulting, die im März 2025 veröffentlicht wurde.Für die Studie (PDF) wurden 600…
-
Australian financial firm hit with lawsuit after massive data breach
by
in SecurityNews
Tags: access, awareness, breach, ciso, cyber, cybersecurity, data, data-breach, finance, firewall, infrastructure, malware, monitoring, network, resilience, risk, risk-management, software, threat, training, updateproperly configuring and monitoring firewalls to protect against cyber-attacksupdating and patching software and operating systems consistently and in a timely mannerproviding regular, mandatory cybersecurity awareness training to staffallocating inadequate human, technological, and financial resources to manage cybersecurity.As a result of those failures, ASIC said in its court filing, “A FIIG employee inadvertently downloaded a .zip…
-
Cyber-Risikomanagement in der Supply Chain – Eskalierende Bedrohungslandschaft für Lieferketten
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/supply-chain-angriffe-schutz-lieferkette-a-11630a1cbc64b1e9b6d7a65efd5e83d4/
-
KnowBe4 research reveals a confidence gap in cybersecurity, putting organisations at risk
by
in SecurityNewsKnowBe4, cybersecurity platform that comprehensively addresses human risk management, has released new research indicating that while 86% of employees believe they can confidently identify phishing emails, nearly half have fallen for scams. The study, which surveyed professionals across the UK, USA, Germany, France, Netherlands, and South Africa, reveals a growing gap between confidence and competence…
-
Data-Driven Analysis With a Managed CRQ Platform – Kovrr
by
in SecurityNewsArticles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/data-driven-analysis-with-a-managed-crq-platform-kovrr/
-
How CISOs are tackling cyber security challenges
by
in SecurityNewsSecurity chiefs at the recent Gartner Security and Risk Management Summit in Sydney share insights on navigating board communication, organisational resilience and the importance of understanding business needs First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366620535/How-CISOs-are-tackling-cyber-security-challenges
-
CISOs and CIOs forge vital partnerships for business success
by
in SecurityNews
Tags: advisory, ai, attack, breach, business, ceo, cio, ciso, cloud, communications, corporate, cybersecurity, data, data-breach, finance, firewall, framework, ibm, infrastructure, resilience, risk, risk-management, service, strategy, technology, threatVikram Nafde, EVP and CIO, Webster Bank Webster BankAs is the case at many companies, Webster Bank’s CISO Patty Voight reports into the CIO. While there is a direct line between the executive functions, Nafde says the structure is collaborative, not hierarchical, a significant evolution as the intensity of threats escalate, raising the bar for…
-
Cybersecurity Snapshot: CSA Outlines Data Security Challenges and Best Practices, While ISACA Offers Tips To Retain IT Pros
by
in SecurityNews
Tags: advisory, ai, awareness, banking, best-practice, business, cloud, compliance, corporate, crime, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, exploit, extortion, finance, fraud, governance, government, group, healthcare, infrastructure, iot, jobs, mail, malicious, microsoft, mitigation, monitoring, network, nis-2, privacy, qr, ransom, ransomware, regulation, resilience, risk, risk-assessment, risk-management, scam, service, strategy, technology, threat, tool, vmware, vulnerability, vulnerability-management, zero-dayCheck out best practices for shoring up data security and reducing cyber risk. Plus, get tips on how to improve job satisfaction among tech staff. Meanwhile, find out why Congress wants federal contractors to adopt vulnerability disclosure programs. And get the latest on cyber scams; zero-day vulnerabilities; and critical infrastructure security. Dive into six things…
-
What is risk management? Quantifying and mitigating uncertainty
by
in SecurityNews
Tags: breach, business, cio, ciso, compliance, control, cyber, cyberattack, data, finance, flaw, framework, governance, healthcare, infosec, infrastructure, insurance, international, jobs, mitigation, monitoring, nist, risk, risk-analysis, risk-assessment, risk-management, software, strategy, technology, tool, vulnerabilityHow do organizations structure risk management operations?: Risk management has in some organizations traditionally been multicentric, with different departments or individuals within the org implementing risk management techniques in their work: Risk management is a component of good project management, for instance. IT leaders in particular must be able to integrate risk management philosophies and…
-
KnowBe4 Wins Cybersecurity Company of the Year at the 2025 teissAwards
by
in SecurityNewsKnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today announced that it has been awarded first place in this year’s teissAwards Cybersecurity Company of the Year category for enterprise organisations. The teissAwards celebrate excellence in cyber and information security, recognising the outstanding contributions of vendors and technologies over the past year. Winning first place…
-
CISA Cuts: A Dangerous Gamble in a Dangerous World
by
in SecurityNewsThe Cybersecurity and Infrastructure Security Agency’s role in risk management needs to expand, not shrink. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/cisa-cuts-dangerous-gamble-dangerous-world
-
Aussie businesses ramp up security spending
by
in SecurityNewsAustralian organisations are set to spend A$6.2bn on security and risk management in 2025, a 14.4% jump from the previous year, driven by the rise of AI and a growing threat landscape First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366619878/Aussie-businesses-ramp-up-security-spending
-
Juggling Cyber Risk Without Dropping the Ball: Five Tips for Risk Committees to Regain Control of Threats
by
in SecurityNewsBy dismantling silos and enabling continuous visibility, organizations can strengthen their cybersecurity posture and align risk management with long-term business success. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/juggling-cyber-risk-without-dropping-the-ball-five-tips-for-risk-committees-to-regain-control-of-threats/
-
Key Takeaways from the CSA Understanding Data Security Risk Survey
by
in SecurityNews
Tags: access, ai, attack, automation, business, cloud, compliance, control, data, encryption, Hardware, intelligence, monitoring, network, regulation, risk, risk-management, software, strategy, switch, tool, update, vulnerabilityKey Takeaways from the CSA Understanding Data Security Risk Survey madhav Tue, 03/04/2025 – 04:32 As hybrid and multi-cloud environments become increasingly popular, identifying, prioritizing, and mitigating data security risks becomes increasingly complex. How can we tackle this complexity? By gaining insight into how organizations handle risk. That’s the goal of the latest Cloud Security…
-
US Cybercom, CISA retreat in fight against Russian cyber threats: reports
by
in SecurityNews
Tags: apt, blizzard, china, cisa, cyber, cybersecurity, data, government, group, hacker, infrastructure, international, iran, lockbit, microsoft, ransomware, risk, risk-management, russia, threatPurported shift at CISA away from reporting on Russian threats: Shortly after The Record issued its report, The Guardian reported that the US Cybersecurity and Infrastructure Security Agency (CISA) sent an internal memo setting out new priorities for the agency, including China but excluding Russia. One source said analysts at the agency were verbally informed…
-
What CISOs need from the board: Mutual respect on expectations
by
in SecurityNews
Tags: business, ceo, ciso, compliance, control, cyber, cybersecurity, finance, framework, governance, metric, risk, risk-management, skills, strategy, technology, threat, update, vulnerabilityPart 500. While this legislation was groundbreaking for being very prescriptive in what cyber controls are required, there was in earlier drafts indications that each board should have suitably cyber-qualified members.Similar guidelines were established with the Australian Institute of Company Directors (AICD) drafting its Cyber Governance Principles, which were recently refreshed. The timing of this…
-
What Is Cybersecurity Performance Management? – Kovrr
by
in SecurityNewsArticles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/what-is-cybersecurity-performance-management-kovrr/
-
Asset-Exposure-Management reduziert Cyber-Risiken
by
in SecurityNewsZscaler stellt mit Zscaler-Asset-Exposure-Management eine Lösung für das Asset-Risikomanagement in Unternehmen vor, die zur Kategorie von Cyber-Asset-Attack-Surface-Management (CAASM) zählt. Diese Lösung bildet die Grundlage für das umfassende Continuous-Threat-Exposure-Management (CTEM) -Angebot von Zscaler und bietet Unternehmen durch Konsolidierung und Korrelation von Daten aus einer Vielzahl von Quellen ein genaues Inventar ihrer Assets. Darauf aufbauend lassen sich…
-
Why Internal Audit Services Are Key to Risk Management in Today’s Business Landscape
by
in SecurityNews
Tags: business, compliance, cyber, finance, fraud, governance, risk, risk-management, service, threatNowadays, organizations face a multitude of risks ranging from financial fraud and cyber threats to regulatory non-compliance and operational inefficiencies. Managing these risks effectively is critical to ensuring business continuity, regulatory adherence, and financial stability. Internal audit services enable organizations to plan and decrease risks through independent assessments of operational standards and governance systems. Internal……
-
Der trügerische Komfort des Risikomanagements
by
in SecurityNewsGefahrenmanagement statt Risikomanagement: Cybersicherheit erfordert Dringlichkeit und Entschlossenheit.Herkömmliches Risikomanagement basiert auf Wahrscheinlichkeiten und statistischen Berechnungen doch in einer zunehmend komplexen und aggressiven Bedrohungslandschaft sind solche Prognosen unzuverlässig. Daher ist ein Umdenken nötig: Anstatt dem Risikomanagement sollten Organisationen Gefahrenmanagement als neues Konzept einführen.Risikomanagement impliziert, dass man die Wahrscheinlichkeit eines Cyberangriffs vorhersagen kann. Doch die Realität sieht…
-
What Is the Board’s Role in Cyber-Risk Management in OT Environments?
by
in SecurityNewsBy taking several proactive steps, boards can improve their organization’s resilience against cyberattacks and protect their critical OT assets. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/board-role-cyber-risk-management-ot-environments
-
Cybersecurity Predictions for 2025: Platforms, Convergence and the Future of Risk Management
by
in SecurityNewsHello, I’m Fernando Montenegro and I recently joined Futurum Research as Vice President and Practice Lead for Cybersecurity Research. You may have seen the video from my colleague Krista Case, so this is a bit of a complement to that. I also encourage you to check out our eBook. We want to highlight several crucial..…
-
Cybersecurity as a Business Imperative: Embracing a Risk Management Approach
by
in SecurityNewsCybersecurity is much more than just a technical challenge. It’s now a critical business imperative that requires a strategic risk management approach. By integrating cybersecurity into broader risk management frameworks, you can proactively address threats, improve resilience, and align your security efforts with your core business objectives. Shifting your organization’s collective mindset around this concept…
-
Cyber Security GRC and Quantifying ROI – Kovrr
by
in SecurityNewsArticles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/cyber-security-grc-and-quantifying-roi-kovrr/
-
How to evaluate and mitigate risks to the global supply chain
by
in SecurityNews
Tags: access, business, ceo, ciso, communications, compliance, control, cyberattack, cybersecurity, data, framework, governance, government, intelligence, international, ISO-27001, kaspersky, microsoft, mitigation, monitoring, office, resilience, risk, risk-assessment, risk-management, russia, service, soc, software, supply-chain, technology, threat, tool, update, vulnerabilityMaintain a diversified supply chain: Organizations that source from international technology suppliers need to ensure they are not overly reliant on a single vendor, single region or even a single technology. Maintaining a diversified supply chain can mitigate costly disruptions from a cyberattack or vulnerability involving a key supplier, or from disruptions tied to regulatory…
-
CISO success story: How LA County trains (and retrains) workers to fight phishing
by
in SecurityNews
Tags: ai, awareness, breach, business, chatgpt, cio, ciso, cloud, compliance, computing, control, corporate, cybersecurity, data, dos, election, email, endpoint, government, hacker, healthcare, incident response, jobs, law, lessons-learned, malicious, marketplace, network, phishing, privacy, regulation, risk, risk-management, service, software, strategy, supply-chain, tactics, technology, threat, tool, training, vulnerability(The following interview has been edited for clarity and length.)At first glance, LA County’s reporting structure who reports to whom seems, well, fairly complex.We have a federated model: I report to the county CIO. Each department acts as an independent business and has its own department CIO and information security officer. Their job is to…
-
CISOs lavieren zwischen Datenschutz und Business-Support
by
in SecurityNewsGar nicht so einfach, die richtige Balance zwischen Datenschutz und Business-Support zu finden.Die wenigsten Führungskräfte im Bereich Security & Risk Management (SRM) schaffen eine ausgewogene Balance zwischen Datenschutz und Business-Unterstützung. Das hat eine Umfrage von Gartner ergeben. Demzufolge priorisieren 35 Prozent der Befragten den Schutz von Datenbeständen, während gut jeder fünfte (21 Prozent) seinen Fokus…