Tag: metric
-
Singapore’s cybersecurity paradox: Top firms rated A, yet all breached
Tags: access, attack, china, cybersecurity, espionage, exploit, group, incident response, infrastructure, intelligence, malicious, metric, mfa, network, resilience, risk, router, service, supply-chain, threat, update, vulnerabilitySingapore faces targeted threats: Beyond statistical exposure, Singapore is also facing targeted campaigns against its critical infrastructure. One such operation involves China-linked threat group UNC3886, recently observed exploiting vulnerabilities in Juniper (Junos OS) routers to infiltrate telecom and service provider networks.Gilad Maizles, threat researcher at SecurityScorecard, said, “The campaign appears to be operated through a…
-
Singapore’s cybersecurity paradox: Top firms rated A, yet all breached
Tags: access, attack, china, cybersecurity, espionage, exploit, group, incident response, infrastructure, intelligence, malicious, metric, mfa, network, resilience, risk, router, service, supply-chain, threat, update, vulnerabilitySingapore faces targeted threats: Beyond statistical exposure, Singapore is also facing targeted campaigns against its critical infrastructure. One such operation involves China-linked threat group UNC3886, recently observed exploiting vulnerabilities in Juniper (Junos OS) routers to infiltrate telecom and service provider networks.Gilad Maizles, threat researcher at SecurityScorecard, said, “The campaign appears to be operated through a…
-
The rise of the compliance super soldier: A new human-AI paradigm in GRC
Tags: ai, automation, awareness, compliance, control, governance, grc, jobs, law, LLM, metric, regulation, risk, skills, strategy, threat, tool, training, updateRegulatory acceleration: Global AI laws are evolving but remain fragmented and volatile. Toolchain convergence: Risk, compliance and engineering workflows are merging into unified platforms. Maturity asymmetry: Few organizations have robust genAI governance strategies, and even fewer have built dedicated AI risk teams. These forces create a scenario where GRC teams must evolve rapidly, from policy monitors to strategic…
-
From Insight to Action: How Tenable One KPIs Drive Exposure Management Success
Tags: attack, breach, business, cloud, compliance, cyber, data, detection, group, metric, mitigation, monitoring, risk, service, technology, tool, vulnerabilityTenable One empowers security teams to go beyond surface-level risk tracking and drive measurable improvements across their security programs. With unified visibility and customizable dashboards, Tenable One makes it easy to monitor the KPIs that matter most, helping teams shift from reactive firefighting to proactive, strategic exposure management. The importance of KPIs in exposure management…
-
How Secure Login Enhances the Accuracy of Your Marketing Dashboards
A clean login flow does more than protect your data”, it keeps every metric on your dashboard trustworthy. Discover how authentication choices go through attribution, segmentation and forecasting. Learn which secure-login practices deliver the biggest lift in reporting accuracy for lean marketing teams. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/how-secure-login-enhances-the-accuracy-of-your-marketing-dashboards/
-
Anton’s Security Blog Quarterly Q2 2025
Tags: ai, automation, breach, ciso, cloud, cyber, defense, detection, google, governance, guide, metric, office, RedTeam, siem, soc, software, supply-chain, threat, vulnerability, vulnerability-management, zero-trustAmazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, and our Cloud Security Podcast (subscribe). Top 10 posts with the most lifetime views (excluding paper announcement blogs): Anton’s Alert Fatigue: The Study [A.C.”Š”, “Šwow, this…
-
How Exposure Management Helps Communicate Cyber Risk
Tags: access, attack, awareness, best-practice, business, cio, cyber, cybersecurity, data, framework, metric, risk, risk-management, threat, tool, update, vulnerability, vulnerability-managementEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. This week, Tenable experts discuss best practices for communicating cyber risk. You can read the entire Exposure Management Academy series here. Despite headline-grabbing incidents and keen interest from C-suites and boardrooms, many security…
-
The SAVE database was already a headache for states. Now it’s fueling Trump’s voter fraud allegations.
Experts believe lawsuits are first steps in a larger plan by the White House to create new metrics that lend support to the president’s unproven claims that noncitizens are voting en masse for Democratic politicians. First seen on cyberscoop.com Jump to article: cyberscoop.com/voter-citizenship-verification-trump-save-database/
-
10 tough cybersecurity questions every CISO must answer
2. How can we achieve the right security balance for our company’s risk tolerance?: To play that consultative role, CISOs also need to ask and answer that question, says Vandy Hamidi, CISO of public accounting and advisory firm BPM.”My role is to reduce risk in a way that enables the business to operate confidently while…
-
8 things CISOs have learned from cyber incidents
Tags: apt, attack, authentication, backup, breach, business, ciso, compliance, cyber, data, defense, detection, endpoint, exploit, incident, incident response, infection, insurance, jobs, malicious, malware, metric, network, ransom, ransomware, RedTeam, risk, skills, tool, training, update, virus, vulnerability, vulnerability-management, zero-trust2. You’ll need shift from defense to offence: The role and the CISO won’t be the same after an incident.”My job on December 11 was very different from my job on December 12 and beyond, says Brown.Following an incident, some organizations need to change to such an extent that they need a different CISO with…
-
The path to better cybersecurity isn’t more data, it’s less noise
In cybersecurity, there’s an urge to collect as much data as possible. Logs, alerts, metrics, everything. But more data doesn’t necessarily translate to better … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/11/cybersecurity-data-overload/
-
How to Use Risk-Based Metrics in an Exposure Management Program
Tags: attack, business, cloud, control, cybersecurity, data, exploit, guide, intelligence, iot, metric, mobile, monitoring, risk, service, threat, tool, update, vulnerability, vulnerability-managementEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, Tenable security engineers Arnie Cabral and Jason Schavel share how you can use risk-based metrics. You can read the entire Exposure Management Academy series here. We’re information security engineers at…
-
Cybersecurity Snapshot: Experts Issue Best Practices for Migrating to Post-Quantum Cryptography and for Improving Orgs’ Cyber Culture
Tags: access, attack, best-practice, business, cio, ciso, communications, computer, computing, conference, corporate, crypto, cryptography, cyber, cybersecurity, data, defense, email, encryption, finance, government, group, ibm, identity, incident, incident response, infrastructure, jobs, lessons-learned, metric, microsoft, mitre, monitoring, nist, risk, service, strategy, technology, threat, tool, training, update, vulnerability, vulnerability-management, warfareCheck out a new roadmap for adopting quantum-resistant cryptography. Plus, find out how your company can create a better cybersecurity environment. In addition, MITRE warns about protecting critical infrastructure from cyber war. And get the latest on exposure response strategies and on CISO compensation and job satisfaction. Dive into five things that are top of…
-
Posture ≠Protection
CSPM, DSPM, ASPM, SSPM, ESPM, the alphabet soup of Security Posture Management (SPM) tools promises visibility into risk. They map misconfigurations, surface exposure paths and highlight policy gaps. That can be useful. But let’s not confuse awareness with action. They don’t block threats.They don’t enforce controls.They don’t prevent breaches. SPMs detect, then delegate. A ticket.…
-
Week in review: NIST proposes new vulnerabilities metric, flaws in NASA’s open source software
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Vulnerabilities found in NASA’s open source software Vulnerabilities in open … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/01/week-in-review-nist-proposes-new-vulnerabilities-metric-flaws-in-nasas-open-source-software/
-
Will AI agent-fueled attacks force CISOs to fast-track passwordless projects?
Tags: access, ai, api, attack, authentication, breach, business, ciso, cloud, credentials, cyber, cybersecurity, data, fido, finance, framework, google, Hardware, identity, login, metric, microsoft, okta, passkey, password, phishing, privacy, risk, risk-management, service, technology, threat, tool, update, zero-trustPasswordless options: In retiring passwords, security leaders will need to consider their options, passkeys, biometrics, and third-party login services, looking for the best technical, usability, and security fit. There are pros and cons for each option, and in many cases CISOs may be guided towards one based on their existing environment.Passkeys, used by Microsoft, Samsung,…
-
NIST Introduces New Metric to Measure Likelihood of Vulnerability Exploits
The US National Institute of Standards and Technology (NIST) published a white paper introducing a new metric called Likely Exploited Vulnerabilities (LEV) First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nist-metric-lev-likelihood/
-
NIST proposes new metric to gauge exploited vulnerabilities
NIST has introduced a new way to estimate which software vulnerabilities have likely been exploited, and it’s calling on the cybersecurity community to help improve and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/26/nist-likely-exploited-vulnerabilities/
-
Police Tout Darknet Global Takedown ‘Operation RapTor’
Global Collaboration Leads to Drug, Firearm Bust. U.S. and European officials Thursday touted a global operation to disrupt the criminal darkweb, announcing the arrest of 270 accused darkweb vendors and buyers across 10 countries. Operation RapTor resulted in the confiscation of more than $200 million and more than two metric tons of drugs. First seen…
-
New NIST Security Metric Aims to Pinpoint Exploited Vulnerabilities
Researchers from the National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA) have introduced a new security metric designed to improve vulnerability management. The proposed Likely Exploited Vulnerabilities (LEV) metric aims to enhance organizations’ ability to identify which vulnerabilities are most likely to be exploited, enabling more efficient remediation…
-
Top 12 US cities for cybersecurity job and salary growth
Tags: access, ai, apple, attack, blockchain, business, country, crowdstrike, cyber, cybersecurity, data, defense, finance, fintech, government, group, infrastructure, insurance, iot, jobs, metric, microsoft, nvidia, office, okta, privacy, software, startup, strategy, supply-chain, technology, training, warfareWhile major hubs like San Francisco naturally come to mind, and perform well based on the metrics we evaluated, there are many lesser-known cities that may be just as promising, if not more. These emerging destinations can offer easier access to job opportunities, more sustainable career paths, higher pay, and a lower cost of living.Here’s…
-
Why Your MTTR Is Too Slow, And How to Fix It Fast
SLASH YOUR MTTR! Join Us for a Live Webinar on Faster Incident Response & Reduced Downtime. MTTR (Mean Time to Response) isn’t just a buzzword, it’s a crucial metric that can make or break your organization’s ability to bounce back from incidents quickly. But here’s the thing: most teams misunderstand what MTTR really means…. First…
-
We’re Answering Your Exposure Management Questions
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this Exposure Management Academy FAQ, we help CISOs understand exposure management, look at how advanced you might be and outline how to structure a program. You can read the entire Exposure Management…
-
How to Develop and Communicate Metrics for CSIRPs
A well-documented cybersecurity incident response program (CSIRP) provides the transparency needed for informed decision-making, protecting the organization in a constantly changing threat environment. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/develop-communicate-metrics-csirps
-
A Unified Approach to Exposure Management: Introducing Tenable One Connectors and Customized Risk Dashboards
Unified visibility and context are the keys to an effective exposure management program. Learn how the new Tenable One connectors and unified dashboards give you a comprehensive view of your attack surface, help you streamline decision-making and empower your teams to uncover hidden risks, prioritize critical exposures and respond to threats with confidence. In 2022,…
-
CVE funding crisis offers chance for vulnerability remediation rethink
Tags: access, ai, awareness, best-practice, cisa, cve, cvss, cybersecurity, data, exploit, Hardware, healthcare, intelligence, iot, kev, least-privilege, metric, mfa, microsoft, network, open-source, penetration-testing, risk, software, threat, tool, training, update, vulnerability, vulnerability-managementAutomatic for the people: AI technologies could act as a temporary bridge for vulnerability triage, but not a replacement for a stable CVE system, according to experts consulted by CSO.”Automation and AI-based tools can also enable real-time discovery of new vulnerabilities without over-relying on standard CVE timelines,” said Haris Pylarinos, founder and chief executive of…