Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Risk Management. Show all posts
Threat Intelligence
Cloud Security continuous monitoring Cyber Security Cybersecurity Endpoint Defense Incident response ransomware protection Risk Management SOC Operations Threat Intelligence

Continuous Incident Response Is Redefining Cybersecurity Strategy

 


With organizations now faced with relentless digital exposure, continuous security monitoring has become an operational necessity instead of a best practice, as organizations navigate an era where digital exposure is ubiquitous. In 2024, cyber-attacks will increase by nearly 30%, with the average enterprise having to deal with over 1,600 attempted intrusions a week, with the financial impact of a data breach regularly rising into six figures. 

Even so, the real crisis extends well beyond the rising level of threats. In the past, cybersecurity strategies relied on a familiar formula—detect quickly, respond promptly, recover quickly—but that cadence no longer suffices in an environment that is characterized by adversaries automating reconnaissance, exploiting cloud misconfiguration within minutes, and weaponizing legitimate tools so that they can move laterally far faster than human analysts are able to react. 

There has been a growing gap between what organizations can see and the ability to act as the result of successive waves of innovation, from EDR to XDR, as a result of which they have widened visibility across sprawling digital estates. The security operations center is already facing unprecedented complexity. Despite the fact that security operations teams juggle dozens of tools and struggle with floods of alerts that require manual validation, organisations are unable to act as quickly as they should. 

A recent accelerated disconnect between risk and security is transforming how security leaders understand risks and forcing them to face a difficult truth: visibility without speed is no longer an effective defence. When examining the threat patterns defining the year 2024, it becomes more apparent why this shift is necessary. According to security firms, attackers are increasingly using stealthy, fileless techniques to steal from their victims, with nearly four out of five detections categorised as malware-free today, with the majority of attacks classified as malware-free. 

As a result, ransomware activity has continued to climb steeply upward, rising by more than 80% on a year-over-year basis and striking small and midsized businesses the most disproportionately, accounting for approximately 70% of all recorded incidents. In recent years, phishing campaigns have become increasingly aggressive, with some vectors experiencing unprecedented spikes - some exceeding 1,200% - as adversaries use artificial intelligence to bypass human judgment. 

A number of SMBs remain structurally unprepared in spite of these pressures, with the majority acknowledging that they have become preferred targets, but three out of four of them continue to use informal or internally managed security measures. These risks are compounded by human error, which is responsible for an estimated 88% of reported cyber incidents. 

There have been staggering financial consequences as well; in the past five years alone, the UK has suffered losses of more than £44 billion, resulting in both immediate disruption and long-term revenue losses. Due to this, the industry’s definition of continuous cybersecurity is now much broader than periodic audits. 

It is necessary to maintain continuous threat monitoring, proactive vulnerability and exposure management, disciplined identity governance, sustained employee awareness programs, regularly tested incident response playbooks, and ongoing compliance monitoring—a posture which emphasizes continuous evaluation rather than reactive control as part of an operational strategy. Increasingly complex digital estates are creating unpredictable cyber risks, which are making continuous monitoring an essential part of modern defence strategies. 

Continuous monitoring is a real time monitoring system that scans systems, networks, and cloud environments in real time, in order to detect early signs of misconfiguration, compromise, or operational drift. In contrast to periodic checks which operate on a fixed schedule and leave long periods of exposure, continuous monitoring operates in real time. 

The approach outlined above aligns closely with the NIST guidance, which urges organizations to set up an adaptive monitoring strategy capable of ingesting a variety of data streams, analysing emerging vulnerabilities, and generating timely alerts for security teams to take action. Using continuous monitoring, organizations can discover latent weaknesses that are contributing to their overall cyber posture. 

Continuous monitoring reduces the frequency and severity of incidents, eases the burden on security personnel, and helps them meet increasing regulatory demands. Even so, maintaining such a level of vigilance remains a challenge, especially for small businesses that lack the resources, expertise, and tooling to operate around the clock in order to stay on top of their game. 

The majority of organizations therefore turn to external service providers in order to achieve the scalability and economic viability of continuous monitoring. Typically, effective continuous monitoring programs include four key components: a monitoring engine, analytics that can be used to identify anomalies and trends on a large scale, a dashboard that shows key risk indicators in real time, and an alerting system to ensure that emerging issues are quickly addressed by the appropriate staff. 

With the help of automation, security teams are now able to process a great deal of telemetry in a timely and accurate manner, replacing outdated or incomplete snapshots with live visibility into organisational risk, enabling them to respond successfully in a highly dynamic threat environment. 

Continuous monitoring can take on a variety of forms, depending on the asset in focus, including endpoint monitoring, network traffic analysis, application performance tracking, cloud and container observability, etc., all of which provide an important layer of protection against attacks as they spread across every aspect of the digital infrastructure. 

It has also been shown that the dissolution of traditional network perimeters is a key contributor to the push toward continuous response. In the current world of cloud-based workloads, SaaS-based ecosystems, and remote endpoints, security architectures mustwork as flexible and modular systems capable of correlating telemetrics between email, DNS, identity, network, and endpoint layers, without necessarily creating new silos within the architecture. 

Three operational priorities are usually emphasized by organizations moving in this direction: deep integration to keep unified visibility, automation to handle routine containment at machine speed and validation practices, such as breach simulations and posture tests, to ensure that defence systems behave as they should. It has become increasingly common for managed security services to adopt these principles, and this is why more organizations are adopting them.

909Protect, for instance, is an example of a product that provides rapid, coordinated containment across hybrid environments through the use of automated detection coupled with continuous human oversight. In such platforms, the signals from various security vectors are correlated, and they are layered on top of existing tools with behavioural analysis, posture assessment and identity safeguards in order to ensure that no critical alert goes unnoticed while still maintaining established investments. 

In addition to this shift, there is a realignment among the industry as a whole toward systems that are built to be available continuously rather than undergoing episodic interventions. Cybersecurity has gone through countless “next generation” labels, but only those approaches which fundamentally alter the behavior of operations tend to endure, according to veteran analysts in the field. In addressing this underlying failure point, continuous incident response fits perfectly into this trajectory. 

Organizations are rarely breached because they have no data, but rather because they do not act on it quickly enough or cohesively. As analysts argue, the path forward will be determined by the ability to combine automation, analytics, and human expertise into a single adaptive workflow that can be used in an organization's entirety. 

There is no doubt that the organizations that are most likely to be able to withstand emerging threats in the foreseeable future will be those that approach security as a living, constantly changing system that is not only based on the visible, but also on the ability of the organization to detect, contain, and recover in real time from any threats as they arise. 

In the end, the shift toward continuous incident response is a sign that cybersecurity resilience is more than just about speed anymore, but about endurance as well. Investing in unified visibility, disciplined automation, as well as persistent validation will not only ensure that the path from detection to containment is shortened, but that the operations remain stable over the longer term as well.

The advantage will go to those who treat security as an evolving ecosystem—one that is continually refined, coordinated across teams and committed to responding in a continuity similar to the attacks used by adversaries.
Read more »
Vulnerabilities and Exploits
Healthcare Firm Risk Management Threat Management User Security Vulnerabilities and Exploits

Healthcare Firms Face Major Threats from Risk Management and Legacy Tech, Report Finds

 

With healthcare facilities scrambling to pinpoint and address their top cyber threats, Fortified's report provides some guidance on where to begin. The report identifies five major security gaps in healthcare organisations: inadequate asset inventories, a lack of unified risk management strategies, a lack of focus on supply-chain vulnerabilities, a preference for installing new technology over maintaining legacy systems, and poor employee training.

Major cyberattacks in recent years have demonstrated how these threats are linked. Weak supply-chain oversight is an especially critical issue given the interconnected framework of the healthcare ecosystem, which includes hospitals, pharmacies, and specialty-care institutions.

The 2024 Change Healthcare hack highlighted the industry's reliance on a few obscure but ubiquitous vendors. Outdated asset inventories exacerbate these flaws, making it more difficult to repair the damage after a supply-chain attack. And these attacks frequently target the very legacy technologies that have been overlooked in favour of new products.

While securing old systems remains a persistent challenge for healthcare organisations, Fortified discovered that it was the most significant area for improvement in the previous year, followed by recovery process improvements, response planning, post-incident communications, and threat analysis maturity.

Identity management, risk assessment maturity, and leadership involvement were further areas that needed improvement. Since many attacks start with credentials that have been stolen or falsified, the latter is particularly critical. 

A spokesperson stated that Fortified's study is predicated on client interactions, including incident engagements and security ratings derived from the Cybersecurity Framework, that took place between 2023 and June 2025. Fortified serves all of its clients in North America, including major university medical centres, integrated delivery networks, and small community hospitals.
Read more »
Risk Management
Cyber Defenses cyber resilience Cyber Security cybersecurity concerns CyberThreat Organization security Risk Management

Integrated Threat Management: A Unified Strategy for Modern Business Security

 

Organizations today face increasingly complex threats that span across digital, physical, and operational domains. With risks becoming more sophisticated and faster-moving, traditional siloed approaches to security are no longer effective. 

Companies now require a unified strategy to protect their assets and maintain resilience. Although the concept of “security convergence” gained traction years ago, many businesses struggled to truly integrate their physical and cyber defenses. Systems remained isolated, and threat response strategies often lacked coordination. 

As a result, organizations missed the opportunity to build enterprise-wide resilience. The need for a more connected approach has become urgent. Microsoft’s 2024 threat report noted it is tracking over 1,500 active threat groups, including cybercriminals and nation-state actors. These attackers target different parts of a business simultaneously, requiring defense strategies that span multiple domains. 

Integrated Threat Management (ITM) offers a solution. Similar in concept to multidomain operations used in the national security sector, ITM aligns physical, cyber, and operational security into one coordinated system. This approach ensures that when a threat emerges, every relevant team is alerted and ready to act—whether the threat is digital, physical, or both. 

Without ITM, one type of threat can trigger widespread disruption. For example, a ransomware attack may begin in an email inbox but quickly affect physical access systems or interrupt critical business operations. Companies in sectors like energy, finance, or healthcare are especially vulnerable, as they provide essential services that ripple across industries. To adopt ITM effectively, businesses must first evaluate their current threat posture. Are different departments operating in silos? Do alerts in one area trigger responses in another? Understanding these gaps is key to creating an integrated defense model. 

The next step is to break down internal barriers. Cybersecurity, physical security, and operational teams must work together to develop joint response plans. Manual communication methods should be replaced with automated alerts and real-time system-level notifications that improve speed and accuracy. Executive teams need full visibility into ongoing risks. Security officers should use robust analytics tools to monitor threats and share insights with leadership. 

This allows for trend analysis, faster response times, and continuous updates to security plans. Finally, organizations must regularly test their systems. Like disaster recovery drills in finance, threat simulations help identify vulnerabilities before a real crisis occurs. Smaller companies should test plans annually, while larger enterprises should do so more frequently.

As threats evolve, so must the strategies to combat them. Integrated threat management is not just a forward-thinking solution—it’s a necessary one.
Read more »
Risk Management
Cloud Cyber Security cybersecurity best practices cybersecurity posture Enterprise enterprise cybersecurity Google Cloud Platform Infrastructure Risk Management

Posture Management Emerges as Strategic Cybersecurity Priority Amid Cloud and Data Fragmentation

 

Posture management is rapidly evolving into a cornerstone of enterprise cybersecurity as organizations grapple with increasing digital complexity. With infrastructures now sprawling across cloud platforms, identity services, and data environments, the traditional model of siloed risk monitoring is no longer sustainable. As a result, cybersecurity leaders are embracing posture management not only to gauge exposure but also to orchestrate defenses in real time. 

This shift reflects a broader industry movement toward unifying visibility and control. “From a business perspective, large organizations have M&A — they have rollups; they have multiple divisions. They’re not centralized; they’re across globes,” said Erik Bradley, chief strategist and director of research at Enterprise Technology Research. “There’s no way that we’re ever going to see a consolidation on one platform.” 

Bradley shared these insights during a conversation with theCUBE’s Jon Oltsik and Dave Vellante at the RSAC 2025 Conference, hosted by SiliconANGLE Media. The discussion focused on how posture management is becoming integral to modern security operations by improving visibility, minimizing tool sprawl, and enabling strategic risk reduction across complex IT environments. Security teams are increasingly recognizing the limitations of point solutions. 

Instead, they’re exploring how posture management can serve as a foundational layer across enterprise-wide platforms. “We’re carving up terminology and confusing the market,” said Oltsik. “IT is moving so quickly and it’s so specialized that you need specialized posture management tools for cloud, identity, and data.” Leading cybersecurity vendors like CrowdStrike and Palo Alto Networks are embedding posture management into broader security suites, aligning it with automation, identity access controls, and even password management. 

These integrations aim to reduce operational overhead while enabling faster, more accurate threat detection. According to Bradley, these vendors view posture management as both a preventive control in peacetime and a readiness tool in active cyber warfare scenarios. However, challenges persist—particularly around data fragmentation. Although many vendors tout strong telemetry capabilities, few offer complete visibility across all domains. 

This leaves enterprises vulnerable to gaps in their defenses, especially as they try to consolidate vendors and reduce redundancy. “No CSO is going to go all-in with one provider,” Bradley emphasized. “They’re focused on consolidating redundant vendors and streamlining operations without sacrificing visibility or security.” 

As cybersecurity evolves, posture management is no longer a niche function—it’s becoming the backbone of a resilient, scalable defense strategy.
Read more »
Risk Management
Business Continuity Cyber Security Cybersecurity IT disruptions Ransomware Risk Management

Cyber Risks Dominate Global Business Concerns for Fourth Consecutive Year

 

Cybersecurity threats, including ransomware, data breaches, and IT disruptions, have remained the leading concern for businesses globally and in the U.S. over the past year, as revealed by the Allianz Risk Barometer.

For the fourth year in a row, cyber incidents have ranked as the top global business risk, cited by more than one-third of respondents in the survey. The gap between cyber risks and the next major concern—business interruption—was the largest ever recorded, with a 7% margin.

The findings are based on responses from nearly 4,000 risk management professionals across 106 countries and territories, including risk managers, brokers, CEOs, and insurance experts. Among these, 60% identified data breaches as their primary cyber-related worry, while 57% expressed concerns over attacks on critical infrastructure and physical assets.

Operational resilience has emerged as a priority for business leaders, focusing on maintaining business continuity during cyberattacks and other disruptive events. Business interruption was ranked as the second-biggest global concern, with supply chains facing significant challenges over the past year.

A notable example underscoring the critical nature of IT security was the widespread disruption in July 2024, when a faulty CrowdStrike software update affected millions of Microsoft computer systems worldwide.

“While many organizations strive to implement comprehensive strategies for disaster recovery and business continuity, there remains a concern that contingency plans themselves may be overly dependent on technology, highlighting the need for diverse and adaptable solutions,” said Michael Bruch, global head of risk advisory services at Allianz Commercial, in the report.

Ransomware continues to be a dominant issue, representing the largest cause of cyber insurance losses. During the first half of 2024, ransomware accounted for 58% of the value of significant cyber insurance claims, the report revealed.

For U.S. companies, cyber risks replaced business interruption as the top concern in 2024, reflecting the growing challenges organizations face in safeguarding their operations against evolving threats.
Read more »
Risk Management
AI Attacks AI Policy AI Risks Company Security Cyber Safety Cyber Security Cybersecurity Crisis Risk Management

Addressing AI Risks: Best Practices for Proactive Crisis Management

 

An essential element of effective crisis management is preparing for both visible and hidden risks. A recent report by Riskonnect, a risk management software provider, warns that companies often overlook the potential threats associated with AI. Although AI offers tremendous benefits, it also carries significant risks, especially in cybersecurity, which many organizations are not yet prepared to address. The survey conducted by Riskonnect shows that nearly 80% of companies lack specific plans to mitigate AI risks, despite a high awareness of threats like fraud and data misuse. 

Out of 218 surveyed compliance professionals, 24% identified AI-driven cybersecurity threats—like ransomware, phishing, and deepfakes — as significant risks. An alarming 72% of respondents noted that cybersecurity threats now severely impact their companies, up from 47% the previous year. Despite this, 65% of organizations have no guidelines on AI use for third-party partners, often an entry point for hackers, which increases vulnerability to data breaches. Riskonnect’s report highlights growing concerns about AI ethics, privacy, and security. Hackers are exploiting AI’s rapid evolution, posing ever-greater challenges to companies that are unprepared. 

Although awareness has improved, many companies still lag in adapting their risk management strategies, leaving critical gaps that could lead to unmitigated crises. Internal risks can also impact companies, especially when they use generative AI for content creation. Anthony Miyazaki, a marketing professor, emphasizes that while AI-generated content can be useful, it needs oversight to prevent unintended consequences. For example, companies relying on AI alone for SEO-based content could risk penalties if search engines detect attempts to manipulate rankings. 

Recognizing these risks, some companies are implementing strict internal standards. Dell Technologies, for instance, has established AI governance principles prioritizing transparency and accountability. Dell’s governance model includes appointing a chief AI officer and creating an AI review board that evaluates projects for compliance with its principles. This approach is intended to minimize risk while maximizing the benefits of AI. Empathy First Media, a digital marketing agency, has also taken precautions. It prohibits the use of sensitive client data in generative AI tools and requires all AI-generated content to be reviewed by human editors. Such measures help ensure accuracy and alignment with client expectations, building trust and credibility. 

As AI’s influence grows, companies can no longer afford to overlook the risks associated with its adoption. Riskonnect’s report underscores an urgent need for corporate policies that address AI security, privacy, and ethical considerations. In today’s rapidly changing technological landscape, robust preparations are necessary for protecting companies and stakeholders. Developing proactive, comprehensive AI safeguards is not just a best practice but a critical step in avoiding crises that could damage reputations and financial stability.
Read more »
Risk Management
ATM Cyber Security Cyber Threats Digital Banking IT risks RBI Risk Management

RBI Issues Advisory to Support Cybersecurity in Banks


 

Amid escalating cyber threats, the Reserve Bank of India (RBI) has released a comprehensive advisory to all scheduled commercial banks. This advisory, disseminated by the Department of Banking Supervision in Mumbai, stresses upon the paramount importance of robust cybersecurity measures in the modern digital banking infrastructure.

The advisory highlights the crucial role of Corporate Governance in maintaining accountability within banks, emphasising that IT Governance is a key component of this framework. The RBI stresses that effective IT Governance necessitates strong leadership, a clear organisational structure, and efficient processes. Responsibility for IT Governance, the advisory states, lies with both the Board of Directors and Executive Management.

With technology becoming integral to banking operations, nearly every commercial bank branch has adopted some form of digital solution, such as core banking systems (CBS) and alternate delivery channels like internet banking, mobile banking, phone banking, and ATMs. In light of this, the RBI provides specific guidelines to banks for enhancing their IT Governance.

The RBI recommends that banks clearly define the roles and responsibilities of their Board and Senior Management to ensure effective project control and accountability. Additionally, it advises the establishment of an IT Strategy Committee at the Board level, comprising members with substantial IT expertise. This committee is tasked with advising on strategic IT directions, reviewing IT investments, and ensuring alignment with business goals.

The advisory also suggests structuring IT functions based on the bank’s size and business activities, with dedicated divisions such as technology and development, IT operations, IT assurance, and supplier management. Each division should be headed by experienced senior officials to manage IT systems effectively.

Implementing IT Governance PractiPracticehe RBI stresses the importance of implementing robust IT Governance practices aligned with international standards like COBIT (Control Objectives for Information and Related Technologies). These practices focus on value delivery, IT risk management, strategic alignment, resource management, and performance measurement.

Information Security Governance

Recognizing the critical nature of information security, the RBI advises banks to develop comprehensive security governance frameworks. This includes creating security policies, defining roles and responsibilities, conducting regular risk assessments, and ensuring compliance with regulatory requirements. The advisory also recommends that the information security function be separated from IT operations to enhance oversight and mitigate risks.

Risk Management and Compliance

The RBI underscores the necessity of integrating IT risks into banks’ overall risk management frameworks. This involves identifying threats, assessing vulnerabilities, and implementing appropriate controls to mitigate risks. Regular monitoring and oversight through steering committees are essential to ensure compliance with policies and regulatory standards.

The RBI’s advisory serves as a crucial reminder for banks to strengthen their cybersecurity defences amidst growing digital threats. By adopting robust IT Governance and information security frameworks, banks can enhance operational resilience, protect customer data, and safeguard financial stability. Adhering to these guidelines not only ensures regulatory compliance but also bolsters trust and confidence in the banking sector.

As technology continues to play an increasingly pivotal role in banking, the RBI urges banks to remain vigilant against emerging threats. Proactive measures taken today will help secure the future of banking operations against cybersecurity challenges. For detailed guidelines, banks are encouraged to refer to the official communication from the Reserve Bank of India.


Read more »
UnitedHealth
Clorox Cyber Security Data Compromise Prudential Financial cyberattack Risk Management SEC UnitedHealth

SEC Tightens Cybersecurity Regulations for Public Companies

 



In 2023, the Securities and Exchange Commission (SEC) significantly tightened its cybersecurity regulations for publicly traded companies. This move, aimed at enhancing investor protection and ensuring market transparency, responds to the increasing prevalence of cyber threats and their potential to disrupt business operations and financial stability.

New Rules for Incident Disclosure

The SEC's updated regulations require companies to disclose cybersecurity incidents within four days of determining their material impact. Companies must swiftly evaluate the scope and severity of any cyberattack, including the nature and amount of data compromised and the potential business, legal, or regulatory impacts. The goal is to provide timely and accurate information about incidents that could affect a company's financial health or market performance.

Case Studies: Clorox, Prudential Financial, and UnitedHealth

Recent cyber incidents involving Clorox, Prudential Financial, and UnitedHealth offer insights into how companies handle these new requirements.

Clorox: In August 2023, Clorox faced a major cyberattack that disrupted its automated order processing system, leading to significant delays and product shortages. This disruption is expected to cost the company between $57 million and $65 million in fiscal year 2024, largely for IT recovery and professional services. Additionally, Clorox’s Chief Information Security Officer (CISO) left the company following the attack, which revealed long-standing security issues that had previously been flagged in audits.

Prudential Financial: In February 2024, Prudential Financial reported a cyber breach involving unauthorised access to its infrastructure, affecting administrative and user data. The breach, linked to the ALPHV ransomware group, compromised the personal information of 36,545 individuals. Prudential took a proactive approach by disclosing the incident to the SEC before determining its material impact, indicating a possible new trend toward early transparency.

UnitedHealth: UnitedHealth’s subsidiary, Change Healthcare, experienced a significant cyberattack that compromised millions of patient records and disrupted prescription and claims processing. Initially attributing the attack to a nation-state, UnitedHealth focused on restoring operations without immediately assessing its materiality. The incident has led to substantial financial repercussions, including at least 24 lawsuits and potential costs up to $1.6 billion. Following the disclosure, UnitedHealth’s stock price dropped by nearly 15%.

Key Takeaways for Risk Management

These examples highlight several important lessons for companies under the new SEC regulations:

1. Visibility and Accountability: Companies must continuously oversee their digital assets and promptly address security vulnerabilities. Ignorance is no longer a viable defence, and businesses must be able to explain the details of any breaches.

2. Transparency and Proactive Measures: Transparency is crucial. Companies should adopt conservative and proactive cybersecurity policies and be prepared to update disclosures with more detailed information as it becomes available.

3. Information Sharing: Sharing information about cyber breaches and effective security strategies benefits all sectors. This collaborative approach enhances overall security practices and accelerates the adoption of best practices across the industry.

The SEC’s new cybersecurity regulations shift towards more stringent oversight, pushing the growing need for robust cybersecurity measures to protect market stability and investor interests. As companies adjust to these requirements, the experiences of Clorox, Prudential Financial, and UnitedHealth provide valuable lessons in effective risk management and transparency.


Read more »
Subscribe to: Comments (Atom)