Portfolio

CHECK OUT RECENT WRITING SAMPLES

Our content out in the wild

Vendor fraud isn’t new, but it’s becoming more sophisticated and successful. In recent incidents, fraudsters combined cyber and financial crime techniques to hijack, impersonate or manipulate their victims for personal gain.

Keenly adept at managing financial risks, asset and wealth managers now need to become equally well-versed in nonfinancial risks arising from their ambitious growth plans. This means AWM (asset and wealth management) firms will need a new approach to risk management — one that’s focused on making the right adjustments to create short- and long-term value for their firms and customers.

Most insurance companies are making bold moves to modernise their technologies and business processes. Long-time masters of actuarial risk and active assessors of market and credit risk, insurers need to manage nonfinancial risks with the same rigour they use to manage their growth goals. That will require a new approach to risk management, one that involves the risk management function early in strategic decisions, establishes a clearly defined company-wide risk culture and vigourously invests in risk management technology.

Modern enterprises must embrace cloud transformation if they want to capture new opportunities and stay competitive. But the rapid pace of cloud adoption has introduced a number of new challenges for businesses. Threat detection and response are becoming increasingly complex, putting pressure on many organizations’ cybersecurity operations.

Special purpose acquisition companies (SPACs) made history last year, with over 600 SPACs raising more than US$145 billion in initial public offerings (IPOs). Over the past few years, SPACs have become a more popular method for private companies who want to go public fast by expediting the traditional IPO process, providing access to additional capital and reducing transaction costs.

In today’s economic climate, striking the right balance between cybersecurity investment risk and reward is perhaps more challenging than ever before. However, there is a path forward, and many of you are already headed in the right direction—but formalizing the process may be key for the best results.

After a merger or acquisition, your organization could end up with more baggage than you bargained for—numerous data centers, overlapping security tools or inconsistent threat-detection capabilities—which could complicate or overwhelm your existing security incident and event management (SIEM) systems. Deploying a SIEM system can be time-consuming and complex, especially when you have a variety of disparate data sources. It requires in-depth knowledge of technology infrastructures, data flows and business processes.

As cybersecurity incidents continue to soar, so too will the number and complexity of security solutions. To address the increasing and evolving threats to cybersecurity, many businesses have responded by adding best-of-breed point solutions to their repertoire.

Today most organizations work with third parties—suppliers, contractors, consultants, vendors, consumers, clients or business partners. As they become increasingly dependent on third parties for essential operations, many companies are turning to online service delivery platforms to make business transactions with third parties easier and more direct.

When cyber attackers managed to shut down the Colonial Pipeline – one of the largest oil pipelines in the United States – in 2021, it quickly prompted the widespread modernization and strengthening of cybersecurity for critical infrastructure across the nation. As these types of cyber attacks become more frequent and more severe, it begs the question: Is there too much “trust” in most organization’s cybersecurity architecture? And, should IT teams implement Zero Trust architecture to prevent these security lapses in the future?

Ransomware may be making more headlines, but cyber criminals are reaping far more rewards through Business Email Compromise (BEC). Also known as Email Account Compromise (EAC), BEC netted at least 17 times more profit per incident than ransomware, costing organizations around $2.4 billion in 2021 alone. In the first quarter of 2022 alone, BEC cases doubled from 17% of all incident response cases to 34%. Although a relatively low-tech form of financial fraud, BEC/EAC yields high returns for scammers with minimal risk. So how do BEC scams work? And how can organizations defend against them?

Short for 'robot network,' botnets are a serious issue facing enterprise security today. In June 2022, a botnet dubbed “Mantis” targeted cybersecurity company Cloudflare, executing a widespread HTTPS Distributed Denial of Services (DDoS) attack affecting over 1,000 of the company’s customers.

From AV to EPP to EDR and now XDR (extended detection response), these changing technologies reflect an ever-present truth: cyber threat actors are always evolving, and defenders should stay one – or more – steps ahead. Today, the dynamic threat landscape coupled with fast-paced business innovations has prompted most organizations to move from an on-prem world bound by a manageable network perimeter to a distributed cloud-powered infrastructure. Further complicated by remote working environments and nearly 5 billion monthly teleconferences, ensuring business continuity and operational security has arguably never been more complex. The number of threat actors, successful cyberattacks, and offensive toolsets is increasing exponentially.

Cyber attacks occur every 39 seconds and affect 1 in 3 Americans per year. Basic cybersecurity tips like encrypting data and using unique passwords aren’t enough. Your organization needs something more powerful to stay safe, think cyber threat intelligence. Threat intelligence involves collecting and analyzing information about past, current, and future cybersecurity threats. Your SOC, CSIRT, and other partners can use this data to prevent and respond to attacks.

"Cyber threats are frequently changing, as are defense and prevention tactics. Today, an increasing number of organizations implement a layered approach to cybersecurity that encompasses administrative, technical and physical security controls..."

Cybercrime is growing in volume and sophistication, and security breaches are becoming more destructive, yet both are becoming increasingly difficult for organizations to detect. Ensuring networks and systems are safe and secure is of the utmost importance, but many organizations can fall short in one key area: their endpoints.

Any account or identity can provide a digital attack path for adversaries – from an IT administrator, to HR admin, to a third-party vendor or even a customer. This is why, in identity security, organizations should be able to protect the identities of their users and the systems that manage them.

Any organization that uses information technology should conduct cybersecurity risk assessments. Every organization, however, faces a unique set of security risks, and needs to take its own approach to solving them.

Most organizations today rely on the cloud to store or manage at least some of their data and applications. If your business is considering (or already using) a cloud environment, it’s important that you know what to do if your cloud system crashes or experiences an outage. In this guide, we cover the basics of cloud computing and then outline some steps you can take in the event of a cloud crash or outage.

Vulnerability management is the practice of identifying, classifying, prioritizing, remediating, and mitigating software vulnerabilities. Vulnerability management is integral to information security and information systems — and despite the similarity in terms, it is not the same as vulnerability scanning.

Threats to an organization’s cybersecurity are on the rise, but most businesses don’t understand how to remediate those threats. Creating a system to identify and fix gaps in your IT systems is essential to a successful cyber risk management program. This process of identifying and fixing problems is called cybersecurity remediation. It’s a structured approach that your organization should create and use to intercept IT security threats before they do harm, as well as to resolve any issues that may have already occurred.

Protecting your organization against security incidents is easy enough in theory, but many businesses struggle to find the right approach when it comes to their cybersecurity. As the digital transformation takes hold of the modern business environment, implementing safeguards to your organization’s critical information is only going to become more critical for survival-and if you aren’t doing so already, it’s time for your organization to take proactive protective measures.

In our increasingly digitized world, few business processes remain untouched by digital transformation. As disruptions to commerce become more common following events such as the COVID-19 pandemic, we can expect more of these business processes to make the transition to the digital age. The digitization of one process in particular — the supply chain — has recently been catapulted to the forefront of business conversations.

Privacy by design (PbD) is the philosophy of designing privacy protections into all your business processes, protecting the information your organization collects or handles by default. First developed by Ann Cavoukian, Ontario’s former Information and Privacy Commissioner, the PbD framework was formalized in 1995 by a team including the Dutch Data Protection Authority and the Netherlands Organisation for Applied Scientific Research.

At the core of business management are the rules, practices and processes that define how your organization is directed, operated and controlled. This system, known as corporate governance, is aimed at creating more ethical business practices by aligning the interest of your organization’s stakeholders. In today’s business environment, the more ethical-and transparent-your organization is about its corporate governance practices, the more financially viable it will be.

Threat actors today will do almost anything to get hold of an organization’s sensitive information. Like most criminals, however, cybercriminals usually target the victim that requires the least effort for the most reward. Take phishing attacks as an example. There are many types of phishing attacks, but most occur via email. Typically the attack involves a cybercriminal impersonating a legitimate identity or organization, and then sending email en masse to as many email addresses as the attacker can find.

For most businesses, third-party vendors are an ever-more essential part of the business ecosystem. A study by Gartner found that in 2019, 60 percent of organizations worked with more than 1,000 third parties. As those networks continue to grow, so will the cybersecurity threats that third-party vendor relationships pose to your business. These partnerships have unprecedented access to sensitive data and systems across the supply chain network.

Cybersecurity threats abound, and the pace of cybersecurity attacks is increasing steadily year after year. At the same time, consumers are also becoming more aware of cybersecurity harms, and demanding better performance from the companies with which they do business. Regulators hear that sentiment from consumers too, and are responding with ever more stringent rules for data privacy.

As the inherent risks confronting your organization or business grow, having the proper policies, procedures, and technical safeguards in place to prevent problems and protect your assets is more important than ever before. Together, these policies, procedures, and technical safeguards are called internal controls.

Organizations today are at greater risk of a cyberattack than ever before, and that risk will only grow as new technologies are introduced in coming years. That means ever greater importance for cybersecurity risk management – the process of identifying, analyzing, prioritizing, and mitigating cybersecurity risk.

The most important element of the risk management process is the ability to identify and prioritize threats to your organization’s cybersecurity before any damage occurs. How rapidly you can identify these threats will determine how quickly you’re able to find solutions for mitigation.

Business organizations are more at risk of cyberattacks than ever before. Calculating that risk, however, is no easy task. In this post we will provide an overview of traditional calculation methods and a glimpse into what could be the future of measuring cybersecurity risk: statistical analysis.

https://reciprocity.com/blog/the-statistical-analysis-of-measuring-cybersecurity-risk/

For organizations in higher education – from academic institutions to their third-party service providers – the Higher Education Community Vendor Assessment Toolkit (HECVAT) is not new. As data protection and cybersecurity become increasingly critical for organizations across industries, HECVAT has perhaps never been more important than it is today.

For many years and across industries, enterprise risk management (ERM) has always been an important part of any successful business operation. Organizations of all types and sizes face a number of external and internal factors that make it uncertain whether they will achieve their goals; ERM can bring that uncertainty to lower levels.

Portfolio

CHECK OUT RECENT WRITING SAMPLES

Our content out in the wild

Industry leaders & Innovators we serve

JOIN SOME OF THE WORLD'S BEST BUSINESSES

Let's talk

YOU BRING THE IDEAS, WE'LL BRING THEM TO LIFE

Want more?

SIGN UP FOR OUR NEWSLETTER

ALL RIGHTS RESERVED ©2023