Greenbone Networks revealed the findings of a research assessing critical infrastructure providers’ ability to operate during or in the wake of a cyberattack. The cyber resilience of critical infrastructures The research investigated the cyber resilience of organizations operating in the energy, finance, health, telecommunications, transport and water industries, located in the world’s five largest economies:…

One of the most challenging executive tasks for CISOs is quantifying the success and the value of the cybersecurity function. Indeed, security leaders and their organizations have used a myriad of metrics over the years. Yet, many executives and board members have complained that those measures failed to provide them with adequate insight or understanding…

Internet-enabled devices are emerging more and more in business and personal environments. Often going unnoticed, they simply appear within network infrastructures, using wired or wireless connections and expanding the enterprise attack surface. In fact, enterprises nowadays likely have more internet of things (IoT) devices on their networks than traditional endpoints — according to Armis, by…

Which ten software vulnerabilities should you patch as soon as possible (if you haven’t already)? Recorded Future researchers have analyzed code repositories, underground forum postings, dark web sites, closed source reports and data sets comprising of submissions to popular malware repositories to compile a list of the ten most exploited vulnerabilities by cybercriminals in 2019.

It sounds simple: A scanner identifies a vulnerability, the vulnerability is patched. What happens in between, however, can be far from simple. Yet if you are not on a security team or, more specifically, a vulnerability management team, you would never know the bumpy, winding road that often stretches between scanning and patching. The Patch…

There was a time when companies were hesitant about their IT and security teams using automation to discharge some of their duties. “I think much of that was due to the feeling that if a task was automated and something went wrong, IT was not in control and did not have as much visibility,” Candace…

Cybersecurity performance is critical to achieving commercial success, according to a BitSight study. Among the study’s most interesting findings is that nearly two in five (38 percent) of enterprises admit that they have lost business due to either a real or perceived lack of security performance within their organization. Based on a survey of 207…

Like rust, risk never sleeps. As mobile devices flood the enterprise (especially for a younger generation of workers), the internet of things (IoT) expands, and cybercriminals grow in both numbers and sophistication, many security professionals think zero trust is the safest approach to defending against constantly evolving network and data security threats. Network vulnerabilities can…

For better or for worse, mainstream media is increasingly covering particularly dangerous, widespread or otherwise notable security vulnerabilities. The growing coverage has made more people aware of the risks and of the need to keep their various devices (software) up-to-date and, with the increased digitization of our everyday lives, I would say that’s a definitive…

How to build an effective vulnerability management program

The concept of vulnerability management has undergone a number of changes in the last few years. It is no longer simply a synonym for vulnerability assessment, but has grown to include vulnerability prioritization, remediation and reporting. It has also grown in scope: vulnerabilities don’t just affect IT networks and databases, but also applications, cloud infrastructures,…