Cyber insurers increase scrutiny of policyholders

Cyber insurers increase scrutiny of policyholders

COVID-19 has changed our world in many ways, and the Wall Street Journal reports that due to the heightened security risk from the increased remote workforce, commercial insurers are taking a closer look at their policyholders and new applicants for cyber coverage....
Demystifying SOC Opinions and Exceptions

Demystifying SOC Opinions and Exceptions

The difference in how well a SOC 2 organization measures up is in the details. CPA firms who audit for SOC 2 compliance use exceptions and opinions, so it’s important to understand how these apply. Exceptions Audit exceptions are simply deviations from the...
Is your SOC ready for the future?

Is your SOC ready for the future?

A reported by Ponemon on The Economics of Security Operations Centers: What Is the True Cost for Effective Results” included a number of key findings to consider if you are looking at setting up a SOC, reviewing the value of your current SOC or considering...
What does this story about celebrity data mean for you?

What does this story about celebrity data mean for you?

A ransomware attack has hit a prominent NYC law firm with a client list that includes top celebrities, musicians, sports stars and media companies.  The attackers are demanding an undisclosed ransom or they will begin leaking data in a phased approach, putting the...
Should You Rely On Your Cyber Insurer for Incident Response?

Should You Rely On Your Cyber Insurer for Incident Response?

If your business suffered a fire, who would you want to call first, your commercial insurer to file a claim or the fire department to come put out the flames?  When a cyber incident occurs, the same thinking should apply, but it is being complicated by organizations...
What is MITRE ATT&CK?

What is MITRE ATT&CK?

MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations of cyberattacks. They’re displayed in matrices that are arranged by attack stages, from initial system access to data theft or machine...