Rapid7’s 2018 Fortune 500 Cyber-Exposure Report

Available at: https://www.rapid7.com/info/industry-cyber-exposure-report-fortune-500/ Key report takeaways: Fortune 500 organizations reviewed expose from 500 to 2500 systems/devices or more to public attackThe average Fortune 500 organization exposes 5-10 telnet or Windows file-sharing services, despite their known vulnerabilitiesOf the appraised Fortune 500 organizations, 330 have week or non-existent anti-phishing defensesThe Fortune 500 companies examined exposed which cloud … Continue reading Rapid7’s 2018 Fortune 500 Cyber-Exposure Report

Alert Logic’s 2018 Critical Watch Report

Available at: https://www.alertlogic.com/resources/industry-reports/2018-critical-watch-report/ Key report takeaways: The initial phases of the cyber killchain are merging to accelerate targeted attacksIndustry and size are no longer reliable predictors of threat riskAttack automation and “spray and pray” techniques are aiming at everything with an IP addressCryptojacking is now rampantWeb applications remain the primary point of initial attack Impacts … Continue reading Alert Logic’s 2018 Critical Watch Report

Bridging the risk gap with management

A "how to" risk presentation at a recent security conference I attended highlighted to me why getting leadership to understand cyber risk continues to be such an issue for security leaders and CISOs. While the presentation itself was excellent, the common approach presented of using an industry security framework as the basis for evaluation of … Continue reading Bridging the risk gap with management