Risk management

A successful risk management plan helps enterprises identify, plan for and mitigate potential risks. Learn about the components of risk management programs, including penetration tests, vulnerability and risk assessments, frameworks, security awareness training and more.

Top Stories

News 12 Jun 2026
It's time to update incident response for the AI era

Your latest cybersecurity incident might not be a threat actor, but an internal AI agent doing what it's authorized to do. Incident response must evolve to accommodate AI. Continue Reading
By
- Richard Livingston, Site Editor
Tip 11 Jun 2026
How to build AI security guardrails without blocking innovation

To take advantage of opportunities AI might present -- without opening the door to a breach -- an organization needs to put the right guardrails in the right places. Continue Reading
By
- Matthew Smith, Seemless Transition LLC

Feature 03 May 2023
Studies show ransomware has already caused patient deaths

No patient deaths have been definitively attributed to cyber attacks on hospitals, but some infosec experts say that statistical evidence shows a different, grim reality. Continue Reading
By
- Alexis Zacharakos, Student Co-op
News 26 Apr 2023
CISA aims to reduce email threats with serial CDR prototype

CISA officials at RSA Conference 2023 showed off a prototype designed to measure the risk of suspicious files and remove them from email and web services. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 26 Apr 2023
How ransomware victims can make the best of a bad situation

At RSA Conference 2023, Mandiant's Jibran Ilyas provided tips for ransomware victims that decide to pay, including a list of counterdemands to make to the threat actors. Continue Reading
By
- Alexis Zacharakos, Student Co-op
News 25 Apr 2023
RSAC panel warns AI poses unintended security consequences

A panel of experts at RSA conference 2023 warned of hallucinations and inherent biases but also said generative AI can assist in incident response and other security needs. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 25 Apr 2023
RSAC speaker offers ransomware victims unconventional advice

Triton Tech Consulting CEO Brandon Clark advised organizations to set aside the stigma of 'negotiating with terrorists' when deciding whether to pay a ransomware gang. Continue Reading
By
- Alexis Zacharakos, Student Co-op
Tip 17 Apr 2023
How to build a cybersecurity deception program

In 'The Art of War,' Sun Tzu declared, 'All warfare is based on deception.' Learn how to apply this principle in the enterprise by building a cybersecurity deception program. Continue Reading
By
- Karen Kent, Trusted Cyber Annex
Guest Post 14 Apr 2023
Pen testing amid the rise of AI-powered threat actors

The importance of pen testing continues to increase in the era of AI-powered attacks, along with red teaming, risk prioritization and well-defined goals for security teams. Continue Reading
By
- Ed Skoudis, SANS Technology Institute
Tip 07 Apr 2023
5 ChatGPT security risks in the enterprise

Whether in the hands of cybercriminals or oblivious end users, ChatGPT introduces new security risks. Continue Reading
By
- Alissa Irei, Senior Site Editor
- Ashwin Krishnan, StandOutin90Sec
Opinion 06 Apr 2023
Top RSA Conference 2023 trends and topics

Enterprise Strategy Group's Jack Poller outlines his picks for getting the most out of the 2023 RSA Conference, from keynotes to startups, AI, innovation and more. Continue Reading
By
- Jack Poller
- Omdia
  Intelligence and advice powered by decades of global expertise and comprehensive coverage of the tech markets.
Feature 03 Apr 2023
Why medical device vulnerabilities are hard to prioritize

Vulnerabilities in critical medical devices could lead to loss of life. But opinions are mixed on how serious the risk is to patient safety and how best to address the flaws. Continue Reading
By
- Alexis Zacharakos, Student Co-op
Tip 29 Mar 2023
Vulnerability management vs. risk management, compared

Vulnerability management seeks out security weaknesses in an organization, while risk management involves looking holistically at how the company is running. Continue Reading
By
- Ravi Das, ML Tech Inc.
Tip 24 Mar 2023
Use zero-trust data management to better protect backups

Backup admins looking to protect data from bad actors can implement a zero-trust strategy for added protection. However, the method is not without its downsides. Continue Reading
By
- David Weldon
News 22 Mar 2023
Cyber insurance carriers expanding role in incident response

While cyber insurance has its benefits, infosec professionals expressed concern that carriers have too much influence over incident response decisions, especially with ransomware. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
Definition 07 Mar 2023
fuzz testing (fuzzing)

Fuzz testing (fuzzing) is a quality assurance technique used to discover coding errors or bugs and security loopholes in software, operating systems and networks. Continue Reading
By
- Ben Lutkevich, Site Editor
Tip 16 Feb 2023
Web 3.0 security risks: What you need to know

Elements of the third version of the web are coming to fruition. But Web 3.0 also comes with new cybersecurity, financial and privacy threats besides the familiar risks of Web 2.0. Continue Reading
By
- Jessica Groopman, Kaleido Insights
Definition 14 Feb 2023
social media policy

A social media policy is a corporate code of conduct that provides guidelines for employees who post content on the internet either as part of their job or as a private person. Continue Reading
By
- Nick Barney, Technology Writer
- Wendy Schuchart, TechTarget
Guest Post 18 Jan 2023
How to build a cyber-resilience culture in the enterprise

Discover how organizations can build a culture of cyber resilience by reducing risk, limiting damage, having a disaster recovery plan and assuming a cyber attack is coming. Continue Reading
By
- Geoff Hancock
News 11 Jan 2023
Vulnerable software, low incident reporting raises risks

Beneath the buzz around tech innovations at CES were discussions about cybersecurity and how to prevent the next generation of tech from being just as vulnerable as the last. Continue Reading
By
- Bridget Botelho
News 10 Jan 2023
BitSight, Schneider Electric partner to quantify OT risk

The new partnership aims to provide organizations with increased visibility and risk detection capabilities for operational technology environments and critical infrastructure. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
Feature 19 Dec 2022
11 cybersecurity predictions for 2023

Analysts and experts have looked into their crystal balls and made their cybersecurity predictions for 2023. Is your organization prepared if these predictions come true? Continue Reading
By
- Kyle Johnson, Technology Editor
News 02 Dec 2022
Experts argue 'sludge' could muck up cyber attacks

Network defenders can supplement their security postures with additional settings and policies that frustrate and discourage attackers, according to a new research paper. Continue Reading
By
- Shaun Nichols, TechTarget
Guest Post 17 Nov 2022
Do companies need cyber insurance?

As cyber insurance costs rise, companies must determine whether they truly need cyber insurance to tackle their increased risk of cyber attacks. Continue Reading
By
- Mark Brown
News 10 Nov 2022
Flashpoint launches new 'ransomware prediction model'

Flashpoint's new model assigns a 'ransomware likelihood' rating for vulnerabilities contained in the VulnDB database, which contains more than 300,000 flaws. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
Feature 28 Oct 2022
Enterprise ransomware preparedness improving but still lacking

An Enterprise Strategy Group survey found enterprises are making strides in ransomware preparedness, but work remains to prevent and mitigate attacks. Continue Reading
By
- Kyle Johnson, Technology Editor
Tip 25 Oct 2022
Top security-by-design frameworks

Following a security-by-design framework, or designing one specific to your company, is key to implanting security into every step of the software development lifecycle. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
Definition 14 Oct 2022
Wi-Fi Pineapple

A Wi-Fi Pineapple is a wireless auditing platform from Hak5 that allows network security administrators to conduct penetration tests. Continue Reading
By
- Ben Lutkevich, Site Editor
Guest Post 14 Oct 2022
The role of transparency in digital trust

To retain digital trust, organizations must be transparent in the aftermath of cybersecurity attacks and data breaches. Learn more about the roles of transparency in trust. Continue Reading
By
- Sushila Nair, Nate Abbott
Feature 11 Oct 2022
LinkedIn scams, fake Instagram accounts hit businesses, execs

Even the most secure business and executive social media accounts that have strong passwords and multifactor authentication are vulnerable to cloning schemes. Continue Reading
By
- Bridget Botelho
Tip 15 Sep 2022
Use shadow IT discovery to find unauthorized devices and apps

Shadow IT may be convenient for users, but it isn't for IT -- especially where security is concerned. Shadow IT discovery finds unmanaged devices and apps. Continue Reading
By
- Karen Kent, Trusted Cyber Annex
Tip 14 Sep 2022
How to connect cyber-risk and climate risk strategies

Every business faces two global systemic risks: cybersecurity and climate change. Learn how to integrate these two areas of risk management for greater business resilience. Continue Reading
By
- Jessica Groopman, Kaleido Insights
Definition 08 Sep 2022
data integrity

Data integrity is the assurance that digital information is uncorrupted and can only be accessed or modified by those authorized to do so. Continue Reading
By
- Stephen J. Bigelow, Senior Technology Editor
News 01 Sep 2022
Researcher unveils smart lock hack for fingerprint theft

An academic researcher demonstrated how IoT smart locks could become tools for attackers to covertly steal fingerprints and potentially access more sensitive personal data. Continue Reading
By
- Shaun Nichols, TechTarget
Tip 01 Sep 2022
Cybersecurity budget breakdown and best practices

Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
Tip 22 Aug 2022
Why security chaos engineering works, and how to do it right

While 'chaos' doesn't sound like something software security managers would want, chaos engineering has an enticing amount of value when it comes to identifying potential threats. Continue Reading
By
- Tom Nolle, Andover Intel
Tip 18 Aug 2022
5 reasons to integrate ESG and cybersecurity

Every business faces global systemic risks, yet most have failed to integrate cybersecurity with ESG programs. Here are five reasons why integration makes good business sense. Continue Reading
By
- Jessica Groopman, Kaleido Insights
News 18 Aug 2022
Russian cyber attacks on Ukraine driven by government groups

Researchers with Trustwave say the cyber attacks against Ukraine are not the work of enlisted private hacking groups but Russian government intelligence agencies. Continue Reading
By
- Shaun Nichols, TechTarget
Tip 17 Aug 2022
How to create a threat profile, with template

Read five key steps on how to create a threat profile, and get started making them customized to your organization with our free template. Continue Reading
By
- Karen Kent, Trusted Cyber Annex
Tip 16 Aug 2022
How to ensure a secure metaverse in your organization

Before deploying your company's metaverse, follow these practices -- including inventorying vulnerabilities and developing T&Cs -- to proactively address metaverse security issues. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 16 Aug 2022
For cyber insurance, some technology leads to higher premiums

Though cyber insurance demand is exceeding supply and companies might receive less coverage with higher premiums, experts say there are ways enterprises can reduce risk. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 16 Aug 2022
Zero Day Initiative seeing an increase in failed patches

In a Q&A with TechTarget Editorial, Trend Micro Zero Day Initiative's Brian Gorenc and Dustin Childs discuss incomplete patches and the value of personal researcher relations. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 11 Aug 2022
Researchers reveal Kubernetes security holes, prevention

Researchers with Palo Alto Networks took the stage at Black Hat to explain how configurations and system privileges in Kubernetes clusters can allow container escape and takeover. Continue Reading
By
- Shaun Nichols, TechTarget
News 11 Aug 2022
Zero Day Initiative launches new bug disclosure timelines

The Trend Micro Zero Day Initiative's vulnerability disclosure policy will now mandate shorter disclosure windows for flaws believed to result from bypassed security patches. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 10 Aug 2022
Chris Krebs: It's still too hard to work with the government

Former CISA Director Chris Krebs offered multiple areas of improvement to the U.S. government's cyber readiness during a Black Hat 2022 keynote. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 09 Aug 2022
IT pros weigh COVID-19 risks, safety at tech conferences

Companies preparing to send employees to tech conferences should have a COVID-19 safety plan and prepare for the possibility that some workers will bring the virus back to the office. Continue Reading
By
- Antone Gonsalves, Editor at Large
Tip 05 Aug 2022
5 data security challenges enterprises face today

Data empowers enterprises to succeed. But with great power comes great responsibility -- to keep that data secure. Here are five challenges today's businesses must meet. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
Feature 05 Aug 2022
Cybersecurity lessons learned from COVID-19 pandemic

Cybersecurity lessons companies learn from the COVID-19 pandemic include having work-from-home preparations and developing disaster recovery and business continuity plans. Continue Reading
By
- Kyle Johnson, Technology Editor
Tip 02 Aug 2022
Data masking vs. data encryption: How do they differ?

Discover how the data security techniques of data masking and data encryption compare, while also learning about different types of both and their use cases. Continue Reading
By
- Michael Cobb
Tip 29 Jul 2022
SSH key management best practices and implementation tips

SSH connects key systems and the people and processes necessary to keep them functioning. Learn how to use SSH key management best practices to protect your systems and network. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Definition 22 Jul 2022
insider threat

An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets. Continue Reading
By
- Andrew Froehlich, West Gate Networks
- Katie Terrell Hanna
- Brien Posey
Feature 20 Jul 2022
VMDR: Inside vulnerability management, detection and response

VMDR offers automated asset identification, threat prioritization and patch management. But do companies need another vulnerability management tool? Continue Reading
By
- Kyle Johnson, Technology Editor
News 13 Jul 2022
Supreme Court justices doxxed on dark web

Five conservative Supreme Court justices were reportedly doxxed by threat actors that claim to have obtained credit card numbers, addresses and other information. Continue Reading
By
- Shaun Nichols, TechTarget
Feature 08 Jul 2022
Top 7 types of data security technology

These seven types of data security technologies -- from encryption to masking -- will better protect customer and enterprise data from inappropriate and unauthorized access and use. Continue Reading
By
- Kyle Johnson, Technology Editor
News 07 Jul 2022
Early detection crucial in stopping BEC scams

Cofense Intelligence studied hundreds of business email compromise attacks and found that most scams attempt to establish trust with targeted employees over multiple emails. Continue Reading
By
- Shaun Nichols, TechTarget
News 30 Jun 2022
SANS Institute: Human error remains the top security issue

The SANS Institute's annual report on security awareness found that human risk is still the biggest source of data breaches and security issues for enterprises. Continue Reading
By
- Shaun Nichols, TechTarget
Feature 29 Jun 2022
A guide to MSP patch management best practices

As software patch management challenges mount, industry experts offer advice to MSPs on prioritizing system risk levels, selecting proper tools and testing patches internally. Continue Reading
By
- Esther Shein
Tip 24 Jun 2022
Top 4 best practices to secure the SDLC

NIST's Secure Software Development Framework is a set of practices for mitigating software vulnerabilities. Learn about the top SDLC best practices included in this framework. Continue Reading
By
- Karen Kent, Trusted Cyber Annex
News 22 Jun 2022
Proofpoint: Social engineering attacks slipping past users

Executives, administrators and network defenders overlook the severity of many of the most effective social engineering tools, Proofpoint cautions. Continue Reading
By
- Shaun Nichols, TechTarget
Guest Post 21 Jun 2022
How to address security risks in GPS-enabled devices

GPS-enabled devices not only pose personal risks but also pose risks to organizations. Learn about the security risks associated with tracking devices and how to address them. Continue Reading
By
- Nabil Hannan
News 20 Jun 2022
Cleveland BSides takes heat for Chris Hadnagy appearance

The Cleveland BSides security conference is experiencing turmoil after booking a 'surprise' keynote speaker who was recently barred from DEF CON for misconduct. Continue Reading
By
- Shaun Nichols, TechTarget
News 17 Jun 2022
Hertzbleed disclosure raises questions for Intel

Hertzbleed, a family of new side-channel attacks, was first reported to Intel in the third quarter of 2021, and it's unclear why it was kept under embargo for so long. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 08 Jun 2022
SANS lists bad backups, cloud abuse as top cyberthreats

A panel of experts from the SANS Institute took the stage at RSA Conference 2022 to weigh in on some of the biggest threats and risks facing security teams. Continue Reading
By
- Shaun Nichols, TechTarget
News 07 Jun 2022
Microsoft flags common pitfalls for cyber insurance

Cyber insurance is getting more expensive and tougher to acquire. At RSA Conference 2022, Microsoft's Cynthia James discussed the common mistakes made when obtaining coverage. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
News 07 Jun 2022
Ransomware Task Force calls for better incident reporting

Michael Phillips, co-chair of the Ransomware Task Force and chief claims officer at Resilience, pointed to a 'data gap' that prohibits a complete picture of the ransomware problem. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 07 Jun 2022
DNI Avril Haines: Cybersecurity is getting harder

During her RSA Conference 2022 keynote, the U.S. Director of National Intelligence discussed the increase in cyber threats, from nation-state attacks to commercial hacking tools. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
Feature 01 Jun 2022
How to design architecture for enterprise wireless security

Learn about a five-phase design methodology that will help your company plan for and create an enterprise wireless security architecture. Continue Reading
By
- Kyle Johnson, Technology Editor
- Wiley Publishing
Feature 01 Jun 2022
Implementing wireless security in the enterprise

Learn how to properly secure your enterprise wireless network while considering UX, zero trust and commonly overlooked architectural mistakes. Continue Reading
By
- Kyle Johnson, Technology Editor
Tip 26 May 2022
Top 4 source code security best practices

Software supply chain attacks are on the rise. Follow these source code best practices to protect both in-house and third-party code. Continue Reading
By
- Karen Kent, Trusted Cyber Annex
News 26 May 2022
'Pantsdown' BMC vulnerability still present in Quanta servers

Eclypsium found that a critical security flaw first disclosed in 2019 remains exposed in many internet-facing servers, leaving networks at risk for remote code execution attacks. Continue Reading
By
- Shaun Nichols, TechTarget
Tip 19 May 2022
How to conduct a cyber-war gaming exercise

A successful cyber-war game can help organizations find weaknesses in their system but only if the right participants are involved and an after-action review is completed. Continue Reading
By
- Johna Till Johnson, Nemertes Research
News 17 May 2022
North Korean IT workers targeting US enterprises

North Korean nationals are looking to land jobs at U.S. and European companies to collect sensitive data that could help the reclusive government's military programs. Continue Reading
By
- Shaun Nichols, TechTarget
Feature 02 May 2022
Do phishing simulations work? Sometimes

Phishing simulations are becoming increasingly popular to pinpoint which employees fall victim to scams, but their effectiveness and morality have been called into question. Continue Reading
By
- Isabella Harford, TechTarget
Feature 28 Apr 2022
Case study: Why it's difficult to attribute nation-state attacks

If two attacks look similar, don't assume they're from the same attacker. It's difficult to attribute nation-state attacks, as evidenced by the notorious 2016 Odinaff malware. Continue Reading
By
- Isabella Harford, TechTarget
- No Starch Press
Feature 28 Apr 2022
Tips for using a threat profile to prevent nation-state attacks

Is your organization concerned about state-sponsored attacks? Threat profiling can help prevent nation-state attacks. Get advice on how to create an effective threat profile. Continue Reading
By
- Isabella Harford, TechTarget
News 28 Apr 2022
Phishing attacks benefiting from shady SEO practices

Cybercriminals running phishing operations are now making use of SEO specialists that break Google's rules to get themselves placed above legitimate search results to lure victims. Continue Reading
By
- Shaun Nichols, TechTarget
Feature 27 Apr 2022
How to conduct Linux privilege escalations

Learn how to conduct Linux kernel exploitation with Metasploit and manually, as well as how to identify vulnerabilities on Linux using enumeration scripts. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Feature 27 Apr 2022
Why companies should focus on preventing privilege escalation

If attackers can elevate privileges once inside a system, their access can be unlimited. Discover common privilege escalation techniques and how to mitigate them. Continue Reading
By
- Kyle Johnson, Technology Editor
Tip 27 Apr 2022
Best practices for creating an insider threat program

A thorough insider threat program includes plan preparation, threat assessment, and plan review and renewal. Learn how to implement this three-step model to protect your company. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
Feature 22 Apr 2022
An introduction to binary diffing for ethical hackers

Binary diffing is a useful tool in the ethical hacker's arsenal. This excerpt teaches aspiring penetration testers and red teamers how to get started. Continue Reading
By
- Alissa Irei, Senior Site Editor
- McGraw Hill Education
Feature 22 Apr 2022
Unethical vulnerability disclosures 'a disgrace to our field'

The cybersecurity field needs more people who use their powers for good, the lead author of Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition says. Continue Reading
By
- Alissa Irei, Senior Site Editor
News 21 Apr 2022
Zero-day vulnerability exploitation soaring, experts say

Researchers with Mandiant and Google Project Zero say they observed significant increases in exploitation of zero-day vulnerabilities over the past year. Continue Reading
By
- Shaun Nichols, TechTarget
Tip 21 Apr 2022
7 best practices for Web3 security risk mitigation

Tech builders and businesses evaluating decentralized technologies should keep these seven Web3 security best practices in mind to help mitigate traditional and novel cyber threats. Continue Reading
By
- Jessica Groopman, Kaleido Insights
Tip 20 Apr 2022
Traditional IT vs. critical infrastructure cyber-risk assessments

When it comes to critical infrastructure cybersecurity, the stakes are uniquely high. Assessing associated cyber-risk, in turn, is uniquely challenging. Continue Reading
By
- Paul Rostick
News 15 Apr 2022
Corvus: Ransomware costs, ransom payments declining

Cyber insurance provider Corvus examined how the cost of ransomware attacks declined over the past year and a half and what it means for different industries moving forward. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
Opinion 14 Apr 2022
Making sense of conflicting third-party security assessments

Third-party security assessments from different sources may not always agree, but that doesn't mean they can be ignored. Learn how Mitre ATT&CK can provide perspective. Continue Reading
By
- Dave Gruber, Principal Analyst
News 12 Apr 2022
Ukraine energy grid hit by Russian Industroyer2 malware

The 2016 malware known as 'Industroyer' has resurfaced in a new series of targeted attacks against industrial controller hardware at a Ukraine power company. Continue Reading
By
- Shaun Nichols, TechTarget
News 05 Apr 2022
German authorities behead dark web Hydra Market

Police in Germany raided facilities hosting the infamous Hydra Market site as part of an international effort to crack down on dark web forums and marketplaces. Continue Reading
By
- Shaun Nichols, TechTarget
Feature 05 Apr 2022
How effective is security awareness training? Not enough

Annual security awareness trainings do little to improve security. Learn why they aren't helpful, and discover steps to improve your organization's training program. Continue Reading
By
- Isabella Harford, TechTarget
News 29 Mar 2022
Rapid7 finds zero-day attacks surged in 2021

Cybercriminals are turning bugs into exploits faster than ever, according to Rapid7, which found that the average time to known exploitation dropped 71% last year. Continue Reading
By
- Shaun Nichols, TechTarget
Feature 29 Mar 2022
Cryptocurrency cyber attacks on the rise as industry expands

Consumers, businesses and governments are finding new ways to use cryptocurrency, but a recent string of cyber attacks has highlighted security risks and shortcomings. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
Tip 25 Mar 2022
6 types of insider threats and how to prevent them

From disgruntled employees to compromised users to third-party vendors, here are six types of insider threats and best practices to mitigate the issues. Continue Reading
By
- Sharon Shea, Executive Editor
News 24 Mar 2022
North Korean hackers exploited Chrome zero-day for 6 weeks

Google researchers say a Chrome zero-day bug stemming from a use-after-free error was exploited by North Korean hackers against both media and financial targets earlier this year. Continue Reading
By
- Shaun Nichols, TechTarget
News 16 Mar 2022
LokiLocker ransomware crew bursts onto the scene

The mysterious LokiLocker ransomware group caught the attention of BlackBerry researchers, who say the outfit could become the next cybercrime group to menace enterprises. Continue Reading
By
- Shaun Nichols, TechTarget
Guest Post 16 Mar 2022
5 cybersecurity myths and how to address them

These myths persist due to misinformation and a lack of cybersecurity awareness. Continue Reading
By
- Barry O'Donnell
News 14 Mar 2022
Cyber insurance war exclusions loom amid Ukraine crisis

Changes in insurance exemptions for acts of war reflect an increase in damages caused to enterprises related to state-sponsored cyber attacks. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
Answer 10 Mar 2022
Use microsegmentation to mitigate lateral attacks

Attackers will get into a company's system sooner or later. Limit their potential damage by isolating zones with microsegmentation to prevent lateral movement. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 09 Mar 2022
Immersive Labs: Average cyberthreat response takes 96 days

Immersive Labs' Cyber Workforce Benchmark found that some critical threats, including a zero-day vulnerability, took an average of six months to fully address. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
Feature 03 Mar 2022
How to stop malicious or accidental privileged insider attacks

How many permissions or privileges a user has will affect how big of an insider threat they are. Discover the issues surrounding privileged users and how to curtail these threats. Continue Reading
By
- Kyle Johnson, Technology Editor
Definition 02 Mar 2022
North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)

The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) plan is a set of standards aimed at regulating, enforcing, monitoring and managing the security of the Bulk Electric System (BES) in North America. Continue Reading
By
- Rahul Awati
- Ben Cole, Executive Editor
Definition 28 Feb 2022
risk assessment framework (RAF)

A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure. Continue Reading
By
- Andrew Zola
Guest Post 25 Feb 2022
4 tips for selecting cybersecurity insurance

Choosing a cybersecurity insurance provider can be a daunting and complex task. Follow this advice to select the best policy -- and provider -- for your business. Continue Reading
By
- Nate Smolenski