Learn how to identify, assess, and mitigate cybersecurity risks that threaten your organization's data, systems, and operations. Our risk management articles cover frameworks, threat modeling, vulnerability prioritization, and strategies for building a resilient security posture.
posts
In April 2021, the Colonial Pipeline hadn't yet made global headlines — but the SolarWinds breach was still fresh, and the Microsoft Exchange Server vulnerabilities had just rattled tens of thousands of organizations. Every one of those incidents had something in common: the affected organizations either ignored or incompletely
The SolarWinds Breach Just Made Notification a National Crisis In December 2020, FireEye disclosed that a sophisticated threat actor had compromised SolarWinds Orion software, giving attackers access to roughly 18,000 organizations — including the U.S. Treasury, the Department of Homeland Security, and Fortune 500 companies. Weeks later, we'
The Framework 87% of Organizations Claim to Follow — But Most Get Wrong When the Change Healthcare breach exposed the records of over 100 million people in 2024, investigators found something familiar: the organization had a cybersecurity program on paper. What it lacked was disciplined execution against a proven structure. That
A $4.88 Million Average — and a Training Budget That's a Fraction of That IBM's 2024 Cost of a Data Breach Report pegged the global average breach cost at $4.88 million. That same report found that organizations with high levels of security training and awareness
When Change Healthcare suffered its catastrophic ransomware attack in early 2024 — disrupting pharmacy operations across the United States for weeks — investigators found a familiar culprit: stolen credentials and no multi-factor authentication on a critical system. The company's parent, UnitedHealth Group, eventually disclosed the breach affected roughly 100 million
