Most startups only consider SOC 2 certification after a request from a new or potential new client. At that point there’s a decision to make: Will the time and money spent on attaining SOC 2 certification be worth the revenue it creates in new business? Having worked as a CISO across multiple industries, I’ve managed …
Insider’s Guide to SOC 2 for Startups: Is it Really Worth It? Read More »
In a 2023 survey of cybersecurity leaders, 51% said they believe an AI-based tool like ChatGPT will be used in a successful data breach within the next year. There is no question that AI tools pose cybersecurity risks, and as such, keeping an eye on exactly how they are being used by malicious actors is …
ChatGPT Already Involved in Data Leaks, Phishing Scams & Malware Infections Read More »
As with most services in cybersecurity, costs can be difficult to predict. For firms looking to engage security services, this fact is a burden on the due diligence process. Vendors rarely publicize their costs, and clients rarely publicize their spending. Rarely is this more true than for Managed Security Service Providers. For one, the term …
How Much Do Managed Security Service Providers Cost? Read More »
How common is cybersecurity insurance in the US compared to globally? How much does it cost? How much does it actually help companies in the event of a breach? These are some of the questions we set out to answer when we took a deep dive into the state of the cybersecurity insurance market in …
23 Eye-Opening Cybersecurity Insurance Statistics (2023) Read More »
The payment Card Industry (PCI) is a set of requirements that organizations are required to be audited against to accept, process, or store any payment card information. This standard is designed to help the brand label cards (AMEX, Discovery, Visa, etc.) reduce fraud risk through the loss or compromise of credit cards. As part of …
PCI Compliance Logging Requirements & How to Meet Them Read More »
Red teaming is an advanced form of penetration testing, which is not for every organization. While it may identify vulnerabilities that exist within your environment, that is not the primary goal. Other forms of penetration testing (e.g. application, IoT, or network to name a few) focus on identifying vulnerabilities and providing a story of how …
Nearly every security framework and regulation requires risk management to be integrated into an organization’s operations. The premise is that to understand the priorities, the organization must first understand the threats and what risk or impact those threats pose. It may seem obvious, but many organizations and security practitioners lose sight of this key fundamental …
How Much Does a Cyber Security Risk Assessment Cost in 2023? Read More »
A cyber security risk assessment, not to be confused with a vulnerability assessment, is the process of evaluating and codifying the risk to your organization through a process of evaluating assets, controls, threats, and attack techniques. Many components of the risk assessment will be subjective, in that decisions will be based on opinion or experience, …
What is a Cyber Security Risk Assessment? Is it Worthwhile? Read More »
There is a saying that you can get it good, fast, or cheap, but you can only pick one. Well, when it comes to penetration testing, if you choose cheap, it might be fast, or it might be good but it won’t be deep. There are many reasons why an organization may choose a cheap …
Cheap Penetration Testing: How Much & What Do You Get? Read More »
There’s a reason it’s so hard to benchmark penetration testing costs: Every test with every firm is unique. Which is insane, because they’re all doing the same thing. They’re all finding holes in your infrastructure, exploiting them, and writing about it in a report. But just like so many things in cybersecurity, the devil is …
How Much Every Type of Penetration Testing Costs in 2023 Read More »
