Press Mentions Archive

Healthcare Under Attack: Ransomware Groups Increasingly Target Hospitals and Clinics

Jan 22, 2025

Black Kite, a provider of third-party cyber risk intelligence, has released new data revealing a disturbing trend: ransomware groups are disproportionately targeting healthcare organizations. The research, conducted by the Black Kite Research Intelligence Team (BRITE), identifies specific ransomware groups and their preferred targets within the healthcare sector, highlighting the urgent need for enhanced cybersecurity measures.https://blackkite.com/wp-admin/post-new.php?post_type=press-mentions#

Filtered view of companies with FortiGate Leakage FocusTag™ on the Black Kite platform.

Jan 22, 2025

Research shows that healthcare is now the third-most targeted ransomware victim, and attacks against physician practices as well as hospitals are on the rise.

Ransomware scum blow holes in Cleo software patches, Cl0p (sort of) claims responsibility

Dec 16, 2024

Supply chain integration vendor Cleo has urged its customers to upgrade three of its products after an October security update was circumvented, leading to widespread ransomware attacks that Russia-linked gang Cl0p has claimed are its evil work.

Cleo vulnerability attacks claimed by Clop ransomware gang

Dec 16, 2024

The Clop ransomware group has claimed responsibility for attacks exploiting a critical vulnerability in Cleo managed file transfer platforms Harmony, VLTrader and LexiCom.

Mitigating third-party risk in today’s cyber ecosystem [Q&A]

Nov 17, 2024

As third-party risk continues to be a critical concern for enterprises, the need for effective risk management strategies has never been more pressing. We spoke with Bob Maley, CISO of third-party risk management specialist Black Kite, to get his insights into effective strategies for managing this challenge along with the nuanced risks and necessary tactics to secure enterprise environments against sophisticated threats.

Amazon Employee Data Compromised in MOVEit Breach

Nov 12, 2024

The data leak was not actually due to a breach in Amazon's systems but rather that of a third-party vendor; the supply chain incident affected several other clients as well.

Data Vigilante Leaks 8 Million Employee Records from Amazon, HP and Others

Nov 12, 2024

Aftermath of MOVEit vulnerability: Data vigilante ‘Nam3L3ss’ leaks nearly 8 million employee records from industry giants like Amazon, 3M, HP, and Delta, exposing cybersecurity flaws across major firms.

Research Finds 80% of Manufacturers Have Critical Vulnerabilities

Nov 04, 2024

Black Kite, a leading provider of third-party cyber risk intelligence, recently published the 2024 report: The Biggest Third-Party Risks in Manufacturing, which revealed that 80 percent of manufacturing companies have critical vulnerabilities putting them at high risk for exploitation. In creating the report, the Black Kite Research Team (BRITE) examined nearly 5,000 companies across 10 sub-categories in the manufacturing industry.

Building An Effective Security Team: 5 Key Questions To Ask

Oct 29, 2024

Well-trained security teams are crucial for every organization in protecting against costly attacks that can drain time and money and damage their reputation. However, building the right team requires thoughtful planning and consideration based on size, budget and goals—there is no one-size-fits-all approach.

Black Kite Achieves ISO 27001:2022 Certification, Reinforcing Commitment to Information Security Excellence

Oct 15, 2024

Milestone is a testament to Black Kite’s continuous investment in its cybersecurity infrastructure and its proactive approach to managing risk in an increasingly complex digital landscape.

Why third-party risk is the new biggest business risk

Sep 25, 2024

Business leaders are well-acquainted with risk—operational, financial, geographic, and regulatory/compliance. Organizations have long adapted their services to manage these challenges effectively. However, as the risk landscape evolves, cyber risk has emerged as a rapidly growing concern.

Black Kite Bridge Enables Industry-First Risk Collaboration Across Vendor Ecosystem

Sep 17, 2024

Black Kite introduced Black Kite Bridge, the industry's first solution that enables customer and vendor collaboration for real-time risk mitigation and remediation throughout the supply chain. This innovative, streamlined approach helps organizations prevent business disruptions and enhance resiliency.

Black Kite Bridge enables risk collaboration across vendor ecosystem

Sep 17, 2024

Black Kite today introduced Black Kite Bridge, a solution that enables customer and vendor collaboration for real-time risk mitigation and remediation throughout the supply chain. This innovative, streamlined approach helps organizations prevent business disruptions and enhance resiliency.

Addressing the Complexities of Compliance in Financial Services

Sep 10, 2024

As the financial services industry undergoes constant change, managing the complexities of compliance presents a challenge. Compliance teams are overwhelmed with many regulations, each with unique controls and requirements. These often encompass over 100 compliance sets and thousands of controls, making it difficult to balance regulatory demands with business objectives, especially in an environment where regulations continue to evolve and overlap. What are the strategies that financial services teams can use to manage security and compliance regulations for the best business outcomes?

Planned Parenthood confirms Montana cyberattack claimed by RansomHub

Sep 05, 2024

Planned Parenthood on Sept. 5 confirmed it was the target of a cyberattack on IT systems at its Montana organization that forced the women’s health advocacy non-profit to take parts of it technology infrastructure offline.

Ransomware hackers threaten Montana branch of Planned Parenthood

Sep 05, 2024

The Montana branch of Planned Parenthood confirmed that it suffered a cyberattack after a ransomware group threatened to leak sensitive data taken from the organization.

Infosec products of the month: July 2024

Aug 01, 2024

Here’s a look at the most interesting products from the past month, featuring releases from: AttackIQ, AuditBoard, Black Kite, BlueVoyant, Druva, GitGuardian, Invicti Security, IT-Harvest, LogRhythm, LOKKER, NordVPN, Pentera, Permit.io, Prompt Security, Quantum Xchange, Regula, Rezonate, Scythe, Secure Code Warrior, and Strata Identity.

How Continuous Cyber Assessment Can Improve Third-Party Cyber Risk Management

Jul 30, 2024

Single, point-in-time cybersecurity assessments have become outdated in today's digital landscape, especially when it comes to managing third-party cyber risk. The dynamic nature of cyber threats demands a continuous, real-time approach to assessments.

Ransomware Awareness Month 2024: Industry Experts Share Their Thoughts

Jul 30, 2024

As July 2024 marks Ransomware Awareness Month, the cybersecurity community is once again shining a spotlight on one of the most prevalent and costly threats facing organizations today. This annual observance serves as a crucial reminder of the ever-evolving landscape of digital threats and the critical importance of proactive defense strategies. Ransomware, a form of malicious software that encrypts data and demands payment for its release, continues to pose a significant risk to businesses of all sizes across various industries.

Black Hat USA 2024 Q&A: Black Kite Will Showcase the Industry’s First Cyber-aware AI Engine Designed for Cybersecurity Compliance Automation – Black Kite Parser 2.0

Jul 22, 2024

Are you getting ready for the upcoming Black Hat USA 2024 event, an internationally recognized cybersecurity event providing the most technical and relevant information security research, now in its 27th year. The event is quickly approaching, taking place August 3-8, 2024, returning to the Mandalay Bay Convention Center in Las Vegas, NV with a 6-day program.

IT-Harvest incorporates security scores from Black Kite into its dashboard

Jul 10, 2024

IT-Harvest announced the integration of Black Kite‘s cyber third-party risk intelligence into the IT-Harvest Dashboard.

Three Ways Tech Leaders Can Use AI For Security In 2024

Jul 03, 2024

AI has made its impact across nearly all industries, making work faster, smarter and more efficient. I see this being most evident in security. With threats growing more sophisticated and vulnerabilities carrying higher stakes, AI has become an indispensable tool for security professionals, empowering them to stay ahead, be more proactive and better safeguard their organizations.

LockBit hackers claim to have cracked the US Federal Reserve

Jun 25, 2024

The LockBit cybercrime gang has claimed to have stolen an enormous database from the US Federal Reserve, which includes sensitive banking information about American citizens - but the claim is being met with suspicion.

LockBit holds 33TB of stolen data and its ransom deadline is up: What’s next and is it real or hoax?

Jun 24, 2024

The notorious — and notoriously aggressive — ransomware gang LockBit is top of the cybersecurity headlines once again, after its bold claim that it successfully hacked 33 terabytes of sensitive data from the Federal Reserve. Further, the group has insinuated that the feds offered up just $50,000 to keep it from leaking that data — which LockBit has purportedly just done because its demands were not met.

LockBit claims Federal Reserve breach, demands ransom not to release stolen data

Jun 24, 2024

Infamous ransomware gang LockBit is claiming to have breached the U.S. Federal Reserve and is threatening to release stolen banking information if a ransom payment is not made.

Mining data is daunting but crucial

Jun 03, 2024

The cybersecurity industry seems addicted to research but isn’t all that good at it. Mining the massive amount of data produced is daunting but crucial to everyone.

AI raises CIO cyber anxieties

May 24, 2024

Using third-party generative AI products without the proper controls exposes existing security gaps, McKinsey and Co. Partner Jan Shelly Brown said Tuesday at the MIT Sloan CIO Symposium.

Balancing generative AI cybersecurity risks and rewards

May 17, 2024

At the MIT Sloan CIO Symposium, enterprise leaders grappled with AI's benefits and risks, emphasizing the need for cross-team collaboration, security controls and responsible AI.

Technology’s Role In Business Continuity: Tips For Tech Leaders

May 15, 2024

The technology so many of us use for work and daily tasks is often so reliable that it comes as almost a shock when a service or tool isn’t working. But whether due to cyberattacks, natural disasters or something else, downtime is likely to hit every company that builds internal and customer-facing technology, and every such company needs to be ready.

UK Military Data Breach a Reminder of Third-Party Risk in Defense Sector

May 09, 2024

An attacker accessed personal information of over 225,000 active, reserve, and former UK military members from third-party payroll processing system.

Break through the buzz to earn buyers’ trust

May 08, 2024

If you can’t articulate and prove real value, then using the latest buzzwords to sell your products will not work—and could even hurt your company’s reputation.

Third-party security is almost impossible

May 03, 2024

There are many themes arising for the RSA Conference next week including tools and services to protect against originating with unsecured third parties in the supply chain. That is a crucial issue in every industry especially with almost every company doing business with a supplier in the cloud. But the scope of the problem is almost impossible to resolve. The reasons are myriad.

Black Kite Research Reveals Growing Persistence, Sophistication and Aggression Within Cybercrime Ecosystem

May 01, 2024

Black Kite Research Reveals Growing Persistence, Sophistication and Aggression Within Cybercrime Ecosystem.

There was an 81% year-over-year increase in ransomware attacks

Apr 30, 2024

Research from Black Kite analyzed nearly 4,900 ransomware attacks to understand malicious actors and their new techniques, their evolving operations and their global impact. Some key findings from the report include...

Top cybersecurity product news of the week

Apr 26, 2024

New product and service announcements from Fortinet, Trustwave, Sonrai, Black Kite and Mine

Effectively Communicating Cyber Risk With Business Leaders

Apr 25, 2024

Esteemed journalist Sydney J. Harris once said, “The two words 'information' and 'communication' are often used interchangeably, but they signify quite different things. Information is giving out; communication is getting through.” To excel as communicators, we need to be able to “get through” to our audience.

How to secure a constantly changing tech ecosystem

Apr 04, 2024

While it can be daunting to phase out traditional approaches for mitigating risk, organizations that learn to adapt will be more successful in approaching new cyber challenges.

Third-party breaches create network weak spots

Mar 21, 2024

A new report from Black Kite shows how third-party data breaches create critical weak spots in extended networks, potentially leaving businesses open to cyber attacks, which can have a negative ripple effect across the organization and its stakeholders.

Onspring GRC Software Integrates with Black Kite, Regology, and Ascent

Mar 19, 2024

The new integrations in version 27.0 set Onspring's position as the market leader in GRC software that connects data and workflows across the entire risk management lifecycle.

Why IT Professionals Should Implement IT Governance | Channel Futures

Mar 08, 2024

Considering how to best manage IT helps improve performance, manage risk and meet regulatory requirements.

These Mass. companies are among the fastest-growing in the Northeast | Boston Business Journal

Mar 07, 2024

A Peabody company is the fastest growing in the Northeast, according to the latest rankings from Inc.com.

A Dive Into The TPRM Landscape | CXO Tech Magazine

Mar 07, 2024

Corporate organizations have historically been characterized by various interconnected business environments, often relying on third-party providers and partners to enhance efficiency and streamline operations.

BlackCat Goes Dark After Ripping Off Change Healthcare Ransom | Dark Reading

Mar 05, 2024

Source code fire sale, stiffing affiliates — are BlackCat admins intentionally burning their RaaS business to the ground? Experts say something's up.

20 Essential Skills For All Professionals In A Digital Workplace | Forbes Tech Council

Mar 04, 2024

Digital transformation has touched virtually every industry. No matter their role, most professionals today work with one or more technology tools on an everyday basis.

AI technologies boost computer security, but add to threats | Business Insurance Magazine

Mar 01, 2024

Artificial intelligence is being explored as a tool by corporate cybersecurity experts and cybercriminals.

Three Ways Your Organization Could Be Susceptible To Ransomware Attacks | Forbes Tech Council

Feb 28, 2024

In 2023, we saw an unprecedented number of ransomware attacks impacting nearly every industry. From healthcare and manufacturing to critical infrastructure and financial services, attackers found ways to infiltrate systems and wreak havoc on organizations for financial gain.

Is creating an in-house LLM right for your organization? | InfoWorld

Feb 26, 2024

Five key questions you should ask before embarking on the journey to create your own in-house large language model.

The New SEC Cybersecurity Disclosure Rule Is Live—Now What? | Forbes Tech Council

Feb 23, 2024

The digital age has ushered in unprecedented opportunities for innovation—and with them come looming cyber threats that can disrupt operations, expose confidential information, tarnish reputations, erode trust and cost millions.

International Operation Hits Major Ransomware Player LockBit | Information Week

Feb 23, 2024

Law enforcement agencies seized control of the websites and servers of one of the most active ransomware groups in the world.

Working together for better security: Three questions CEOs should ask their CISOs | Fast Company

Feb 14, 2024

To become more well-versed in your company’s security roadmaps, lean on your chief information security officer as an asset and trusted advisor.

$fractional-ciso$

BitSight Sues Black Kite | Fractional CISO

Feb 09, 2024

BitSight Technologies filed a lawsuit on September 5, 2023 against competitor Black Kite (NormShield, Inc.). for patent infringement, false advertising, and deceptive trade practices.

20 Critical Mistakes To Avoid After A Successful Cyberattack | Forbes Tech Council

Feb 07, 2024

When a business is hit with a successful cyberattack, it’s essential to act quickly, but not thoughtlessly.

Unleashing LLMs in Cybersecurity Automation | Devmio

Feb 06, 2024

With the explosion of large language models (LLMs) and attention on generative AI (GenAI), the cybersecurity industry is experiencing an “aha!” moment.

Hidden Risk. Continuous Monitoring In IT Environments. Jeffrey Wheatman, Black Kite. | Hidden Risk Podcast

Jan 30, 2024

Jeffrey Wheatman is the SVP, Cyber Risk Evangelist at Black Kite. In this episode of Hidden Risk, he joins host Charlie Osborne to discuss the concept of continuous monitoring in IT environments, including how this idea has changed over time, why it is a widely-considered difficult concept, and more.

Black Kite Unveils Monthly Ransomware Dashboards | Dark Reading

Jan 26, 2024

Black Kite, the leader in third-party cyber risk intelligence, today unveiled the industry's first monthly ransomware dashboard, featuring crucial insights for security teams, media, analysts, and other industry leaders.

Black Kite Unveils Industry’s First Monthly Ransomware Dashboards | CIO Influence

Jan 25, 2024

Research offers critical insight into top ransomware groups, their victims, and the most common indicators of compromise over the past six months

Top cybersecurity product news of the week | CSO

Jan 25, 2024

New product and service announcements from Cobalt, Sentra, Sweet Security, Pentera, Network Perception, and Ionix.

Black Kite unveils industry’s first monthly ransomware dashboards | Security Info Watch

Jan 24, 2024

Black Kite analyzes the top ransomware indicators to identify common vulnerabilities exploited by active ransomware groups.

Managed Security Services Provider (MSSP) Market News: 24 January 2024 | MSSP Alert

Jan 24, 2024

Each business day MSSP Alert delivers a quick lineup of news, analysis and chatter from across the managed security services provider ecosystem.

Subway Puts a LockBit Investigation on the Menu | Dark Reading (+ newsletter)

Jan 23, 2024

The foot-long sandwich purveyor is looking into LockBit 3.0 claims that it stole reams of data from the proprietary "SBS" network.

CISOs Connect™ Opens Nominations for 2024 CISOs Top 100 CISOs (C100) Recognition and Announces Esteemed CISO Board of Judges | Security Current

Jan 18, 2024

CISOs Connect™, an exclusive membership-only organization, today opened nominations for its 2024 CISOs Top 100 CISO (C100) awards and announced the board of pre-eminent CISO judges who will select the recipients of this leading industry tribute, recognizing outstanding Chief Information Security Officers in the U.S. and beyond.

Government organizations’ readiness in the face of cyber threats | Help Net Security

Jan 15, 2024

Cyber threats targeting government organizations have become increasingly sophisticated, posing significant risks to national security, public infrastructure, and sensitive data. These threats are diverse in nature, originating from various actors such as nation-states, hacktivist groups, and organized cybercrime entities.

VMblog 2024 Industry Experts Video Predictions Series Episode 3 | VMBlog

Jan 08, 2024

As part of our annual predictions series for 2024, VMblog asked a number of different industry experts to share their thoughts about the new year.

Boston venture capitalists share their predictions for startups, AI in 2024 | Boston Business Journal

Jan 02, 2024

It’s never an easy feat to predict the economic trends and storylines for a new year. While most people in technology picked up on the growing interest in AI as we headed into 2023, it’s a bit more difficult to predict the banking collapses that took place within a few weeks of each other last year.

Securing The Virtual Runway to The Cloud | Cyber Defense Magazine

Dec 28, 2023

The ‘endpoint’ has transformed from traditional desktop hardware to any number of devices, digital workspaces, and locations, offering new opportunities for cybercriminals who often seem one step ahead of data protection and defense technologies.

Comcast’s Xfinity service responds to a major data breach. | The CyberWire

Dec 22, 2023

Comcast has begun alerting customers of a major data breach affecting its Xfinity Internet and television service.

MGMT Boston – W12, Q4 23 – 1H 2023 Recap | MGMT Boston Substack

Dec 20, 2023

Welcome to MGMT Boston where we try to help 720+ of you manage your awareness of top Boston startups and local up & coming operators putting in the work.

Women in Tech: “It’s not just about breaking glass ceilings; it’s about reshaping mindsets” | Devmio

Dec 20, 2023

Today, we would like introduce you to Gokcen Tapkan, Director of Data Research at Black Kite.

The ALPHV/BlackCat takedown shuffle | The CyberWire

Dec 20, 2023

The ALPHV/BlackCat ransomware gang was the subject of a rumored, then confirmed takedown, and then of a rumored, later confirmed, ultimately reversed restoration.

FBI Cracks BlackCat Ransomware Network, Offers Lifeline to 500+ Global Victims | The Cyber Express

Dec 19, 2023

ALPHV/Blackcat rose as the world's second most lucrative ransomware, demanding hundreds of millions from victims in the past 18 months.

Unlocking Your Data’s True Regulatory Value | GRC Outlook

Dec 18, 2023

A whole set of factors have tried to define human beings over the years, but at the same time, none have done a better job than our tendency to improve at a consistent pace.

Black Kite 2024 Predictions: How will the market and CISO role evolve next year? | VMBlog

Dec 18, 2023

Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.

Risk Monitoring In The Digital Ecosystem. Jeffrey Wheatman, Black Kite. | Hidden Risk: Cybercrime Magazine Podcast

Dec 15, 2023

Jeffrey Wheatman is the SVP, Cyber Risk Evangelist at Black Kite. In this episode of Hidden Risk, he joins host Heather Engel to discuss risk monitoring in the digital ecosystem, including some of the biggest gaps in the market today, how consumers and suppliers are affected, and more.

Protecting Your Organization: Strategies For Countering Generative AI Security Challenges | Forbes Tech Council

Dec 14, 2023

ChatGPT garnered more than one million sign-ups within the first five days of its public release in November 2022—growth that outpaced the adoption of social media platforms like TikTok and Instagram.

Guardians of Trust: Navigating Third-Party Risk Across Business Realms with Jeffrey Wheatman | Scale to Zero Podcast

Dec 13, 2023

Today's episode is with Jeffrey Wittman. Jeffrey is a storyteller, mentor, coach and former Gartner Analyst. Currently he works as a cyber risk evangelist for BlackKite where he helps organizations all over the world solve the third party risk management challenge.

Ransomware in 2024: Anticipated impact, targets, and landscape shift | Help Net Security

Dec 07, 2023

As ransomware continues to be on the rise, we can expect groups to continue to evolve their attacks and operate at a larger scale for bigger profits. This will put organizations at higher risk if they don’t adopt a more aggressive security strategy.

Critical U.S. infrastructure is being targeted by a growing threat | The Street

Dec 01, 2023

It's becoming harder to protect against outside attacks in an ever-more-interconnected world.

Will More Threat Actors Weaponize Cybersecurity Regulations? | National Cyber Security

Nov 22, 2023

On Nov. 10, MeridianLink discovered a threat actor’s access to a non-privileged user account, according to a statement on the digital lending software company’s website.

Will More Threat Actors Weaponize Cybersecurity Regulations? | InformationWeek

Nov 22, 2023

ALPHV (aka "BlackCat") reported one of its breach victims to the SEC, and more hackers could follow suit.

Ransomware gang files SEC complaint against company that refused to negotiate | CSO

Nov 17, 2023

New US Securities and Exchange Commission rules require reporting of breaches that are material, giving cyber extortionists a new tactic to coerce payments.

Cyber Security Global Trends: Insurance & Risk Mitigation Best Practice | Beinsure

Nov 16, 2023

Improvements in cyber security and business continuity are helping to combat encryption-based ransomware attacks, yet the cyber threat landscape is continually evolving.

The Most Common Healthcare Cyberattacks | Heimdal Security Blog

Nov 12, 2023

From Ransomware to DDoS, Discover the Most Frequent Threats that Target Healthcare Organizations.

CISOs Connect™ and Security Current® Announce Winners of the CISO Choice Awards 2023 | SecurityCurrent

Nov 09, 2023

CISOs Connect™ today announced the winners of the 2023 CISO Choice Awards, a recognition of the leading security vendors by a distinguished board of prominent CISOs.

Career notes: Sometimes you just need to open the raincoat. | The CyberWire Podcast

Nov 06, 2023

As a strategic thought leader with extensive expertise in cybersecurity, Jeffrey Wheatman is regarded foremost as an expert in guiding public sector clients and Fortune 500 companies in connection with their cyber risk management programs.

Boeing Breached by Ransomware, LockBit Gang Claims | Dark Reading

Oct 30, 2023

LockBit gives Boeing a Nov. 2 deadline to pay the ransom or have its sensitive documents leaked to the public, but it hasn't given evidence of the compromise.

LockBit claims a cyberattack against Boeing. | The CyberWire

Oct 30, 2023

A criminal organization tolerated and enabled by the Russian government claims to have extracted sensitive data from Boeing.

6 Things CISOs Are Thinking About For Cybersecurity Awareness Month | Cybersecurity Era

Oct 30, 2023

During Black Hat 2023, CSO at https://companies.mybroadband.co.za, Chris Denbigh-White, engaged with leading CISOs to explore their thoughts on this crucial month. These discussions revealed recurring themes about the state and future of cybersecurity.

6 Things CISOs are Thinking About for Cybersecurity Awareness Month | Next

Oct 26, 2023

During Black Hat 2023, our CSO, Chris Denbigh-White, engaged with leading CISOs to explore their thoughts on this crucial month. These discussions revealed recurring themes about the state and future of cybersecurity.

Cybersecurity Awareness Month: Protect Your Credit Union and Your Members | CUSO Magazine

Oct 19, 2023

Cyberattacks happen every 39 seconds in the United States, with 2,200 cyberattacks happening per day and 800,000 attacks occurring each year. This number is only expected to grow as time goes on, and the price of succumbing to these attacks is expected to grow along with it. There are many ways to try to prevent a cyber attack, but one of the best defenses against cybercriminals is education and awareness.

Daily Briefing 10.17.23 | The CyberWire

Oct 17, 2023

Spyware in bogus RedAlert app. Cyberespionage against ASEAN. Cisco 0-day exploited. Security-by-design. Cyber ops in Russia's hybrid war.

The Most Important VCs in Boston, According to Other VCs | Business Insider

Oct 15, 2023

Why he's on the list: Long before AI became such a buzzword in startup land, Glasswing has invested in the next generation of intelligent enterprise and frontier technology startups, and it will continue to do so long after the hype fades.

Cybersecurity Awareness Month: Protect Your Credit Union and Your Members | CUSO Magazine

Oct 11, 2023

Cyberattacks happen every 39 seconds in the United States, with 2,200 cyberattacks happening per day and 800,000 attacks occurring each year. This number is only expected to grow as time goes on, and the price of succumbing to these attacks is expected to grow along with it. There are many ways to try to prevent a cyber attack, but one of the best defenses against cybercriminals is education and awareness.

Economic challenges tighten CISO compensation: IANS study | CSO

Oct 10, 2023

CISOs received a modest 11% increase in compensation with about 20% not receiving a hike at all.

Hidden Risk. Going Beyond Security To Create Cyber Resilience. Bob Maley, Black Kite. | Hidden Risk: Cybercrime Magazine Podcast

Oct 10, 2023

Bob Maley is the Chief Security Officer at Black Kite. In this episode of Hidden Risk, he joins host Charlie Osborne to discuss the topic of cyber resilience, including what it is, why it's so difficult for companies to achieve, and more. An award-winning intelligence platform, Black Kite is disrupting traditional third-party risk management practices worldwide by providing cybersecurity experts with full visibility they’ve never experienced before.

Suspicious New Ransomware Group Claims Sony Hack | AlinaA Security

Sep 27, 2023

A brand new risk actor is providing information purportedly stolen from Sony on the Dark Web however debate is ongoing as to how the group obtained the leisure large’s knowledge and the way beneficial it truly is.

How Silverfort Can Enable Utility Companies Take Advantage of FERC Incentives | Security Boulevard

Sep 27, 2023

The constant evolution of cyber threats has made it much more challenging for organizations to protect their identities and secure access to all resources. This is especially true in the utility sector, which continues to experience an increase in cyberattacks that threaten its reliability.

SONY HACK ALLEGEDLY LINKED TO SUSPICIOUS NEW RANSOMWARE GROUP | UK Snack Attack

Sep 27, 2023

A new threat actor has emerged on the Dark Web, offering files that it claims have been stolen from search Sony.

Suspicious New Ransomware Group Claims Sony Hack | Dark Reading

Sep 27, 2023

A deceitful threat actor claims its biggest haul yet. But what, if any, Sony data does it actually have?

Emerging rationales for using third parties to manage IT | Health Data Management

Sep 26, 2023

Healthcare providers are looking to counterbalance talent shortages and cybersecurity threats by outsourcing critical IT functions.

Gang claims extortion attack against Sony. | The CyberWire

Sep 26, 2023

CyberSecurity Connect reported Monday that a ransomware gang, Ransomed.vc, has claimed to have successfully hacked into Sony, gaining access to sensitive information the company holds.

What Are the Biggest Lessons from the MGM Ransomware Attack? | InformationWeek

Sep 22, 2023

Scattered Spider and ALPHV were behind the ransomware attack that caused major operational disruptions for MGM resorts.

KubeWeekly #363: September 21, 2023 | KubeWeekly Newsletter

Sep 21, 2023

The latest in all things Kubernetes and beyond.

Daily Briefing 9.19.23 | The CyberWire

Sep 19, 2023

At a glance.

Colombia continues its recovery from last week's cyberattacks.
AI training data accidentally published to GitHub.
Earth Lusca's cyberespionage techniques.
Cyberattack induces Clorox product shortages.
Cybersecurity incidents in industrial environments.
Russia, China, dominate the botnet scene.
Potential Russia-DPRK cooperation in cyberspace.

Ransomware in the casinos. | The CyberWire

Sep 18, 2023

Cyber criminals appear to have stolen six terabytes of data from MGM Resorts and Caesars Entertainment, Reuters reports. Scattered Spider, an anglophone affiliate of ALPHV, has been talking up its attack against MGM Resorts in particular.

Black Kite Looks to Offer a Better View of Risk in a Rapidly Changing Threat Landscape | Decrypted Tech

Sep 12, 2023

Risk is an interesting subject and has many different meanings to many different people. For the most part Risk breaks down into a few categories, depending on who you are talking to cyber risk, financial risk, and reputational risk.

Counterpunches for Cyber Attacks | CU Management

Sep 01, 2023

Fraud is getting worse. How can credit unions fight back against a nightmare scenario?

Attacks on Healthcare Institutions Decline, But Impact High | CIO.Inc

Aug 31, 2023

Web App Attacks, Phishing and Ransomware Are Top Attacks on Healthcare Institutions

2023 Ransomware Trends | Small Business Currents

Aug 30, 2023

As we pass the midpoint of 2023, IT professionals have seen a record-breaking year in threats, attacks and vulnerabilities. In the annual Data Breach and Investigation Report (DBIR), Verizon shares that costs and breaches continue to skyrocket at a record pace. Organizations still continue to struggle with layered defense strategy that are comprehensive in nature and address issues across the enterprise.

Don’t Ask, Don’t Tell | Security Info Watch

Aug 30, 2023

For almost two decades the United States military abided by the mantra of “don’t ask, don’t tell,” referring to its official policy on non-heterosexual service people. The policy, instituted during the Clinton administration under a directive of the Department of Defense and repealed in 2011, was supposed to end discrimination against LBGTQT individuals. Silence and secrets were the key elements.

How Do We Influence Secure Behavior? | CISO Series

Aug 24, 2023

We all know that our employees need to be more security aware, but what are the methods to get them there? How can we make our employees more security conscious?

Black Kite announces three new features that better automate cyber-ecosystem risk compliance | ChannelBuzz.ca

Aug 16, 2023

The innovations, which are all free add-ons to Black Kite’s platform, include the ability to parse using a cyber-specific database rather than the general Internet, with parsing of data specific to individual companies coming very soon.

Black Kite launches new features to automate cyber-ecosystem risk compliance | Finance Director Europe

Aug 09, 2023

The three solutions are Black Kite Enterprise Frameworks, Black Kite Compliance Gap Analysis, and Black Kite Parser 2.0

Three New Solutions from Black Kite Automate Compliance of Third-Party Cyber Assessments with Industry’s First Cyber-Aware AI Engine | VMBlog

Aug 09, 2023

Black Kite unveiled three new features that automate cyber-ecosystem risk compliance. Together, Black Kite Enterprise Frameworks and Black Kite Compliance Gap Analysis - along with Black Kite Parser 2.0 - take a time-consuming process and make it scalable by eliminating much of the manual effort required for third-party compliance assessments, cutting manual effort from days or weeks down to minutes. Together, these three capabilities are transforming compliance automation for companies worldwide.

Challenges to intelligence-sharing. The complexity of supply-chain security. Ransomware developments. Notes on Russia’s hybrid war, including possible sensor data manipulation. | The CyberWire

Aug 08, 2023

Reports on a 2020 Chinese penetration of Japan's defense networks. MOVEit-connected supply chain issues aren't over. Akamai looks at the current state of ransomware. Mallox ransomware continues its evolution. Machine identities and shadow access. Ukrainian hacktivist auxiliaries hit Russian websites. Joe Carrigan unpacks statistics recently released by CISA. Our guest is Jeffrey Wheatman from Black Kite discussing the market shift from SRS to cyber risk intelligence. And radiation sensor reports from Chernobyl may have been manipulated.

China penetrated classified Japanese networks in 2020. State of MOVEit exploitation. Ransomware notes. Shadow access. Cyber phase of the hybrid war. | The CyberWire

Aug 08, 2023

At a glance.

2020 Chinese penetration of Japan's defense networks reported.
MOVEit-connected supply chain issues aren't over.
Akamai looks at the current state of ransomware.
Mallox ransomware continues its evolution.
Machine identities and shadow access.
Ukrainian hacktivist auxiliaries hit Russian websites.
Unidentified threat group deploys an open-source RAT against Ukrainian government sites.
Radiation sensor reports from Chernobyl may have been manipulated.

Black Kite Unveils Three New Cyber Ecosystem Risk Compliance Features | Pipeline

Aug 08, 2023

New capabilities transform third-party compliance assessments with automation, saving companies days’ worth of manual effort.

Black Kite builds industry’s first cyber-aware AI for compliance automation | Security Info Watch

Aug 08, 2023

Combining Parser 2.0, Enterprise Frameworks and Compliance Analysis Report allows Black Kite customers to streamline the compliance assessment process and get the information they need on the gaps in compliance all in one place.

Anatomy of a Black Basta Ransomware Attack on BankCard USA | MSSP Alert

Aug 07, 2023

Cybersecurity experts and law enforcement have long counseled organizations to brush off ransom demands by cyber kidnappers. But many businesses, including some high-profile cases, do end up coughing up tens of thousands of dollars, even millions to retrieve their files and thaw their networks.

Are Public Companies Ready for the New SEC Cybersecurity Rules? | Information Week

Aug 04, 2023

The SEC released new rules overseeing public companies’ disclosure of cybersecurity incidents and risk management.

How the Health3PT Council Addresses Third-Party Risk Management Woes | Security Boulevard

Aug 02, 2023

A coalition of healthcare CISOs makes up the Health 3rd Party Trust (Health3PT) Council, an organization dedicated to improving third-party risk management in healthcare.

Iranian Company Plays Host to Reams of Ransomware, APT Groups | Dark Reading

Aug 02, 2023

Cloudzy is a command-and-control provider (C2P) to APT groups in Iran, North Korea, and Russia, according to Halcyon.

No evidence organizations with cyberinsurance more likely to pay ransom | SC Media

Jul 31, 2023

There’s no compelling evidence that victims holding cyberinsurance are much more likely to pay a ransom than companies without insurance, according to a new study by the Royal United Services Institute (RUSI) in the UK.

The race against time in ransomware attacks | Help Net Security

Jul 31, 2023

Most organizations lack strong cyber resilience strategies or data security capabilities to address threats and maintain business continuity, according to BigID.

Study Downplays Cyber Insurance as Incentive to Pay Ransom | Bank Info Security

Jul 31, 2023

RUSI Study Finds 'No Smoking Gun' Suggesting the Insured Pay Extortion More Readily

Top 5 Risk and Compliance Trends for 2023 | Security Boulevard

Jul 31, 2023

In 2023, cybersecurity remains a critical focus for organizations worldwide. With an ever- evolving threat landscape and increasing sophistication behind cyber attacks, adherence to security regulations and standards is now more important than ever. As technology continues to evolve, compliance industry trends and requirements adapt accordingly. Compliance trends in 2023 continue to be influenced by emerging technologies such as artificial intelligence, Internet of Things, blockchain, and cloud computing.

Will New SEC Security Incident Reporting Rules Affect MSSPs, MSPs? | MSSP Alert

Jul 31, 2023

Public companies will be required to disclose material cybersecurity events within a four-day window, according to newly adopted, tightened reporting rules from the Securities and Exchange Commission (SEC).

A Look into The Future: My Journey at the 2023 RSA Conference and The Exciting, Yet Troubling Path of Cybersecurity Innovation | Cyber Defense Magazine

Jul 28, 2023

As the recipient of Cyber Defense Magazine’s 2023 Young Women in Cyber Award, I was granted the incredible opportunity to not only attend the 2023 RSA conference but was also able to interview dozens of C-level officers of both emerging and established tech companies.

Industry reacts to new SEC breach disclosure rules | BetaNews

Jul 28, 2023

On Wednesday the US Securities and Exchange Commission (SEC) approved new rules that require publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a 'material' impact on their finances.

More on the SEC’s new cyber rules. US Senate approves online child safety bills. US Senator wants accountability for recent data breach. | The CyberWire

Jul 28, 2023

At a glance.

More on the SEC’s new cyber rules.
US Senate approves online child safety bills.
US lawmaker says Microsoft should be held accountable for recent data breach.

US, Australia, issue joint advisory on IDOR. IcedID’s evolution. Ransomware and extortion. DDoS for influence. | The CyberWire

Jul 28, 2023

At a glance.

Joint warning on insecure direct object reference.
IcedID’s BackConnect protocol evolves over one year.
Cl0p claims to have accessed data from a third Big Four accounting firm.
Report: Ransomware victims increased by 66% from Q1 to Q2 2023.
Cyberattacks support influence operations.

New SEC Rules Require Breach Disclosure within Four Days | eSecurity Planet

Jul 27, 2023

The U.S. Securities and Exchange Commission this week announced new rules mandating the disclosure of cybersecurity incidents as well as ongoing risk management, strategy, and governance.

Inside the World of Ransomware Negotiations: From Colonial Pipeline to JBS | CySecurity News

Jul 22, 2023

In January 2021, JBS, the world's largest meat-processing company, revealed that it paid a ransom of $11 million in Bitcoin to cyber attackers.

From Colonial Pipeline to JBS, how ransomware gangs negotiate ransom payments | Fast Company

Jul 18, 2023

No fewer than 8 out of 10 organizations paid a ransom at least once in 2022. Despite the frequency of ransomware attacks and the large sums being paid as bailouts, the exact negotiation tactics for ransom payments rarely make the news.

Persistent ransomware threat requires holistic solution | Commercial Risk Online

Jul 18, 2023

Ransomware continues to present a major challenge for businesses, but there are new and innovative ways to understand and quantify this important risk, say Andreas Schmitt, global cyber underwriting manager at Zurich Insurance Company, and Vivien Bilquez, principal cyber risk engineer at Zurich Resilience Services.

Johns Hopkins hit with class action suit following MOVEit data breach | Cybersecurity Dive

Jul 12, 2023

Baltimore-based Johns Hopkins Health System was hit with a class action lawsuit Friday alleging negligence after the hospital system uncovered a third-party data breach in May.

Johns Hopkins hit with class action suit following data breach | Healthcare Dive

Jul 12, 2023

Baltimore-based Johns Hopkins Health System was hit with a class action lawsuit on Friday alleging negligence after the hospital system uncovered a third-party data breach in May.

Major ransomware resurgence in 2023 likely | Asia Insurance Review

May 03, 2023

A major ransomware resurgence is happening in 2023, with the number of victims in March 2023 nearly double that of last April and 1.6 times higher than the peak month in 2022 according to a new report by the third party cyber risk intelligence company Black Kite.

Cybersecurity: Getting Ahead Of Regulations, Threats | ISSSource

May 02, 2023

Manufacturing is under attack. Manufacturing was the most targeted sector by ransomware gangs in the last 12 months with 528 total victims, according to new research. This accounted for a 19.5 percent of all ransomware victims. Without a new defense strategy, manufacturers are at high risk – especially with new groups such as Chernovite and Bentonite focusing on the industry.

New Research Shows Ransomware Attacks Resurge with Victims Doubling in 2023 | Security Today

May 01, 2023

Black Kite, provider third-party cyber risk intelligence, recently released its highly anticipated report, “Ransomware Threat Landscape 2023: Ransomware Resurgence”. The report provides a comprehensive analysis of 2,708 ransomware victims with detailed insights into attacks from April 2022 to March 2023. The findings reveal a major ransomware resurgence this year, with the number of victims in March nearly double that of last April and 1.6 times higher than the peak month in 2022.

Report: Ransomware attacks see resurgence in 2023 | Security Magazine

Apr 28, 2023

A report released this week reveals manufacturing as the top targeted industry for ransomware attacks. In its new report, Ransomware Threat Landscape 2023: Ransomware Resurgence, Black Kite provides analysis of 2,708 ransomware victims with insights into attacks from April 2022 to March 2023.

Ransomware attacks are up significantly in the first months of 2023 | The Jerusalem Post

Apr 28, 2023

In March of this year, 410 people reported that they had been a victim of ransomware attacks, indicating a significant increase compared to the previous year.

Black Kite’s Latest Report Reveals Major Ransomware Resurgence in 2023 | Enterprise Security Tech

Apr 27, 2023

Cybersecurity firm Black Kite has released its latest report, entitled “Ransomware Threat Landscape 2023™: Ransomware Resurgence”.

El número de víctimas de ransomware se duplica desde el año pasado | Escudo Digital

Apr 27, 2023

Un informe de Black Kite muestra que el país más amenazado por estos ataques, con mucha diferencia, es EE.UU.

What cyber insurance is, and how to make the most of it | IT Brew

Apr 26, 2023

Burned by the high cost of claims in recent years, cyber insurers introduce more exclusions.

Ransomware Attacks Decreasing? Not So Fast Black Kite Report Shows | MSSP Alert

Apr 26, 2023

Amid signs that ransomware volume is declining, a new report from cybersecurity provider Black Kite conversely suggests that so far this year a cyber hijack “resurgence” is afoot.

Ransomware attacks on the rise again: Report | Business Insurance

Apr 26, 2023

There was a notable uptick in ransomware incidents in February and March after a period of relative stagnation in 2022, according to a report released Wednesday.

New Report by Black Kite reveals Major Ransomware Resurgence | Cyberdaily

Apr 26, 2023

The emergence of ransomware cyberattacks has surged over the last few years, which has raised red flags amongst organizations regarding their cybersecurity measures. Considering the rapid increase in cybercrime, it has become necessary for the authorities to redouble their efforts in mitigating these threats. A recent report by expert has analyzed attacks that occurred between April 2022 and March 2023. The report revealed that cybersecurity threats have surged this year, affecting significantly more people and organizations than ever before.

Cyber Security Today, April 26, 2023 – New reports on ransomware and cyber attacks | IT World Canada

Apr 26, 2023

New reports on ransomware and cyber attacks, new tools used by attackers, and more.

The U.S., U.K. and Germany rank top in ransomware attacks | Security Magazine

Apr 25, 2023

Cyberattacks have increased over the past few years. Ransomware attacks were analyzed in a recent report by Black Kite. The report looked at 2,708 ransomware victims from April 2022 to March 2023.

Black Kite Research: Ransomware Attacks Resurge with Victims Doubling in 2023 | Business Insurance

Apr 25, 2023

Annual "Ransomware Threat Landscape 2023™: Ransomware Resurgence" Report Analyzes 2,708 Victims and Uncovers Alarming Spike in Attack Frequency

How to reduce cyber attacks in the global supply chain | Raconteur

Apr 21, 2023

Cyber criminals continue to find vulnerabilities despite evolving security measures. Could better cyber hygiene help?

Final Act? Killnet Rallies Attackers to DDoS NATO Targets | Security Boulevard

Apr 10, 2023

While much of the world anticipated hunts for colored eggs, chocolate bunnies and family dinners on Sunday, Black Kite was busy sounding the alarm about an expected swan song from Killnet that could involve “high-impact” DDoS attacks on NATO critical infrastructure targets.

Healthcare industry most common victim of third-party breaches, Black Kite finds | Healthcare Dive

Feb 02, 2023

The healthcare industry was the most common victim of third-party breaches in 2022, accounting for almost 35% of all incidents — up from 33% in 2021, according to a new report.

Cyberattack Impact “Catastrophic” for Third Parties, New Study Finds MSSPs at Risk? | MSSP Alert

Feb 02, 2023

Vendors hit by a cyberattack saw nearly five of their third-party suppliers also compromised per incident in 2022, double the 2.5 entities per vendor in 2021, according to a new study by Black Kite, a cyber risk intelligence company.

Endpoint Security Explained | NinjaOne

Jan 30, 2023

Black Kite reported that 53% of organizations were hit by ransomware attacks in 2021, and that number is expected to increase to 69% in 2022. Cyberattacks show no sign of slowing, so it is critical that organizations have necessary cybersecurity precautions in place. One of the best ways to protect your IT environment is with an endpoint security process.

Cyberattackers Look to Exploit Tech Job Cuts | sdx central

Jan 27, 2023

Amid recent mass layoffs occurring across the technology industry, affected companies shouldn’t overlook the potential cybersecurity risks that could leave them vulnerable to cyberattacks, security experts warned.

2022 in cyberwar and what it means for you | IT Brew

Jan 13, 2023

State-backed hackers started living off the land, cyber insurance premiums skyrocketed, and Russia’s tech sector dropped off the map.

Why Credit Unions Need to Improve Their Cybersecurity | Arctic Wolf

Dec 16, 2022

Where there is money, there are cybercriminals. This is especially true for credit unions which deal with both financial information and the personal identifying information (PII) of every member and connected institution. They are a digital vault of gold coins and the hackers are all too ready to crack the safe.

What CISOs Can Do to Win the Ransomware Game | The Security Ledger

Dec 12, 2022

In this Expert Insight, Jeffrey Wheatman, a Cyber Risk Evangelist at Black Kite argues that CISOs need to shift to a more proactive approach to fend off damaging attacks by sophisticated ransomware groups.

When holiday hacks hit understaffed IT teams | IT Brew

Dec 08, 2022

Cybercriminals often encrypt when everybody’s out of office.

JADC2 Could Introduce Cyber Risks At Unprecedented Scale | National Defense Magazine

Nov 23, 2022

Technology has always played a major role in military competition, and military competition has always leaned heavily on industry. The two spheres, the military and industry, overlap so much that “military-industrial complex” is common parlance.

Cyber Risk Is Rising: Here Is How Companies Can Tackle Tomorrow’s Threats Today | Forbes

Nov 21, 2022

Breaches in cyber security can be detrimental to the health of enterprise organizations and SMBs alike. Not only are they financially devastating, but they also erode consumer trust. The advent of widespread distributed teams in 2020 added an additional layer of risk and cyber criminals took notice.

The 13 most promising early-stage artificial intelligence startups of 2022, according to VCs investing in companies building technical infrastructure and developing tools | Business Insider

Nov 17, 2022

Even amid a downturn that’s affecting tech companies, venture capitalists say they’re paying attention to certain early-stage startups. Black Kite: An AI-driven cybersecurity platform.

Understanding Your Digital Supply Chain Risk | CPF Coaching

Oct 25, 2022

Understanding your digital supply chain risk is becoming one of the significant challenges many businesses face today, especially with the move to the cloud and globalization of the computing behind those services.

RAS Infotech chooses Black Kite Risk Intelligence Platform for its Middle East customers | EIN Presswire

Oct 11, 2022

RAS InfoTech, the world-class information security products distributor, announces a brand-new distribution partnership with Black Kite, the Boston-based leading third-party risk intelligence platform. RAS Infotech will deliver the Black Kite solution to hundreds of its clients and prospects throughout the Middle East and Africa.

Your vendors are likely your biggest cybersecurity risk | Help Net Security

Sep 05, 2022

As speed of business increases, more and more organizations are looking to either buy companies or outsource more services to gain market advantage. With organizations expanding their vendor base, there is a critical need for holistic third-party risk management (TPRM) and comprehensive cybersecurity measures to assess how much risk vendors pose.

A New Way to Look at Data Breach Costs | Security TV Guy

Aug 11, 2022

Episode 2698 blackkite.com with Bob Maley at Black Hat USA 2022

Analysis: Average Business Data Breach Costs $15M | Corporate Compliance Insights

Aug 10, 2022

Black Kite report finds more than 3 in 4 breached companies are still susceptible to phishing

Why cybersecurity is an issue for business leaders – and not just IT professionals | Insurance Business America

Aug 08, 2022

As cyberattacks on companies become increasingly prevalent in the past several years, more hackers are also targeting supply chains as a means of entry, creating a ripple effect within business ecosystems. As Boston-headquartered third-party cyber risk intelligence firm Black Kite describes it, “cyberattacks can now impact hundreds of companies without discrimination.”

Beware the Cost of Data Breaches | Energy Central

Aug 04, 2022

Security company Black Kite have released a report that makes sobering reading detailing the cost of data breaches. They estimate that many data breaches cost around $15 million. This is a distinct danger to organizations like utilities, which have a large number of customers, and critical information in their databases.

Costs of data breaches, ransomware examined | SC Magazine

Aug 03, 2022

Data breach costs between 2017 and 2022 averaged $15 million without outliers but rose to $75 million when outliers were considered, TechRepublic reports.

Patriotic hacktivism. Security concerns delay UK Tory vote. Malware that abuses trust. Lessons from a hybrid war’s cyber phases. | The CyberWire

Aug 03, 2022

Black Kite Finds Cost of Data Breach Averages $15.01M

Daily Roundup: Oracle Slashes U.S. Workers | SDxCentral

Aug 03, 2022

Welcome to our new and improved Daily Roundup where we quickly summarize the news you missed today.

Black Kite Research: Data Breach Costs Vary Widely | MSSP Alert

Aug 02, 2022

Most data breaches cost companies between $10,000 and $1 million, according to an analysis of 2,400 data breach incidents from 2017 to 2022 conducted by Black Kite Research. In addition, 15% of analyzed data breaches cost between $1 million and $10 million.

IBM, Black Kite Unveil Data Breach Cost, ‘Haunting Effect’ | SDxCentral

Aug 02, 2022

A data breach could cost organizations millions of dollars, IBM and Black Kite researchers found in their recent studies. Both reports showed similar conclusions that data breaches have a “haunting effect,” and lacking the use of certain security technologies could lead to higher breach costs.

Black Kite finds cost of data breach averages $15.01M | Security Info Watch

Aug 02, 2022

A leading cyber risk intelligence company releases a new report to assess the financial impact and root causes of 2,400 cyber incidents.

Black Kite: Cost of data breach averages $15 million | TechRepublic

Aug 02, 2022

With the median cost per incident coming in at $130,000, most data breaches do not cross the $1 million threshold.

72-hour deadline for cyber incident reporting proposed for credit unions | Brad Egeland

Jul 27, 2022

The U.S. agency that oversees credit unions proposed a 72-hour deadline for regulated companies to report cyberattacks on Wednesday.

Tactics Shaping Ransomware Mitigation in 2022 | Brad Egeland

Jul 27, 2022

Though businesses have become more confident in preventing ransomware attacks, confronting risk is an internal commitment.

Who’s Responsible For Cyber Insurance Policy Misrepresentations? It Depends. | Forrester

Jul 14, 2022

On July 6, 2022, the Travelers Property Casualty Company of America (Travelers Insurance) filed a suit in an Illinois federal court against International Control Services, Inc. (ICS) asking for policy rescission and declaratory judgment against ICS. Travelers alleges that ICS misrepresented its use of multifactor authentication (MFA) on its policy application, which should be sufficient legal grounds to deny payment on ICS’s ransomware claim and void the policy entirely. If this reads like legalese, that’s because cyber insurance policies are legally binding agreements and application “errors or omissions” nullify contracts.

Spotlight on the Gramm-Leach-Bliley Act (GLBA) | Shared Assessments

Jul 05, 2022

Last week Bob Maley, Chief Security Officer at Black Kite and I led a Fireside Chat discussion on the current regulatory landscape regarding privacy and security. While state laws continue to advance and there is momentum for a Federal U.S. Privacy Regulation, the update by the Federal Trade Commission (FTC) on the Gramm-Leach-Bliley Act (GLBA) Security Safeguards rule is impacting specific sectors right now. I have worked with GLBA since its inception in my tenure at one of the largest service providers to financial institutions, so let me break down the components we discussed as a “Primer” on GLBA in 2022.

Black Kite FocusTags allows users to track high-profile cyber events | Help Net Security

Jul 01, 2022

Black Kite’s platform was built to provide full visibility into a vendor’s cyber position, using the same open-source intelligence tools and techniques hackers use (data collectors, crawlers, honeypots, etc.) to continuously collect information from internet-wide scanner databases, reputation sites, cyber events, hacker shares, and known vulnerability databases.

How prepared is biopharma for the cyber doomsday? | Endpoints news

Jun 28, 2022

One of the largest cyberattacks in history happened on a Friday, Eric Perakslis distinctly remembers. Perakslis, who was head of Takeda’s R&D Data Sciences Institute and visiting faculty at Harvard Medical School at the time, had spent that morning completing a review on cybersecurity for the British Medical Journal. Moments after he turned it in, he heard back from the editor: “Have you heard what’s going on right now?”

New infosec products of the week | Help Net Security

Jun 17, 2022

Here’s a look at the most interesting products from the past week, featuring releases from Black Kite, Feroot, Incognia, Optiv, and Splunk.

Managed Security Services Provider (MSSP) Market News | MSSP Alert

Jun 16, 2022

Each business day, MSSP Alert delivers this quick lineup of news, analysis and chatter from across the managed security services provider ecosystem.

5 CYBERSECURITY TAKEAWAYS FROM RSAC 2022 | Volition Capital

Jun 15, 2022

The annual RSA conference was back to in person this year, and the excitement was palpable on the exhibition floor. With cyberattacks growing exponentially – in both number and sophistication – there’s never been a more important time to be a cybersecurity company.

New Black Kite FocusTags Provide Instant Visibility of High-Profile Cyber Events at Scale | Cision

Jun 15, 2022

Black Kite, the leader in third-party cyber risk intelligence, announces the availability of FocusTags, a fast and simple way for users to track high-profile cyber events and quickly identify which vendors have been affected within their supply chain.

Black Kite FocusTags allows users to track high-profile cyber events | Help Net Security

Jun 15, 2022

Black Kite released FocusTags, helping users to track high-profile cyber events and identify which vendors have been affected within their supply chain.

Determining Your Organization’s Risk Appetite | Protecting People

Jun 14, 2022

Most of the time, security slip-ups happen because of careless, accidental behavior. Through educating people and focusing on changing behaviors, those cyber risks can be mitigated. That’s the idea behind the importance of people-centric cybersecurity.

Why Defense contractors still have a cyber target on their backs | Federal News Network

Jun 09, 2022

The Defense Department is still figuring out how to raise the cybersecurity waterline among its vendor community as part of its Cybersecurity Maturity Model Certification program. And some new research based on privately collected cyber risk intelligence shows the problem is as urgent as ever. According to a new report from Black Kite, almost three quarters of defense contractors have had network credentials leaked in just the past 90 days.

To better manage cybersecurity risk, extend zero-trust principles to third parties | TechCrunch

Jun 04, 2022

Today’s cybersecurity landscape requires an agile and data-driven risk management strategy to deal with the ever-expanding third-party attack surface.

One-third of defense contractors vulnerable to ransomware | Security Magazine

Jun 03, 2022

Thirty-two percent of U.S. defense contractors are vulnerable to ransomware attacks, according to a new report.

Phishing attacks could impact 82% largest insurance companies | Asia Insurance Review

May 25, 2022

Nearly 20% of the top 99 insurance companies in the US have a high susceptibility to ransomware according to a new report by cyber risk intelligence company Black Kite.

Black Kite Study: 72% of Defense Contractors Experience Credential Leaks Over 90-Day Period | ExecutiveBiz

May 25, 2022

Seventy-two percent of the 100 U.S. defense companies included in a Black Kite analysis have at least one credential that has been compromised within a 90-day period, the cyber risk monitoring company said in its new report.

Insurers, You Underwrite Cyber Risk. But How Good Is Your Own Cyber Security? | Risk & Insurance

May 17, 2022

Black Kite gives roughly 26% of insurers an “A” grade for their cyber posture, but the remaining 73% are three times more likely to experience a cyber breach.

Credit Unions Face Uphill Cyber Battle | Credit Union Times

May 13, 2022

Despite credit unions' efforts to educate members about fraud, many are falling prey to thieves.

5 Healthcare Data Security Challenges | Enterprise Networking Planet

May 10, 2022

Data loss prevention is an integral component of how a business operates and continuously improves, and this remains true for any healthcare organization. The abundance and availability of data have helped medical professionals and patients, but it’s also appealing to any cyber criminal trying to cause harm to make a profit.

Preparing for Energy Industry Cyberattacks | WSJ Pro

Apr 21, 2022

The energy industry is especially vulnerable to cyberattacks, according to political leaders and security analysts. Also, attacks on the industry, which includes utilities and the energy production and distribution sectors, can have a domino effect farbeyond the entities victimized by the breach.

Insurance sector increasingly targeted by cyberattacks | SC Media

Apr 11, 2022

TechRepublic reports that one in five of the leading 99 insurance carriers were highly vulnerable to ransomware attacks, with 82% susceptible to phishing attacks. Software supply chain attacks have also spiked by 300% over the past year, according to a report from Black Kite.

Insurance industry being ravaged by high rate of cyberattacks | Techregister

Apr 08, 2022

A new report from Black Kite shows the entire sector may be ripe for ransomware attacks.

18% of the top 99 insurance carriers have a high susceptibility to ransomware | Help Net Security

Apr 08, 2022

Black Kite released a report that examines rising cyber risk concerns and ransomware susceptibility in the insurance sector. The most notable takeaway: nearly 20% of the top 99 insurance carriers have a high susceptibility to ransomware.

Headcount: Firings, Hirings, and Retirings — March 2022 | SDxCentral

Apr 03, 2022

Here are some of the latest executive hirings, promotions, and staff changes that happened in February.

Blessing details defenses amid increasing health system cyber-attacks | WGEM

Mar 28, 2022

Hospitals and health systems are finding themselves in the crosshairs of cybercriminals more frequently. According to third party cybersecurity company Black Kite’s 2021 Third Party Breach report, attacks on healthcare companies accounted for nearly a third of attacks in 2021.

5 ways finance can drive cybersecurity preparedness | FM Magazine

Mar 23, 2022

Management accountants can be invaluable in addressing cybersecurity risk.

Half of Orgs Use Web Application Firewalls to Paper Over Flaws | Dark Reading

Mar 19, 2022

The ongoing struggle to update vulnerable software by finding and applying the right patches in a timely manner has led half of enterprise IT departments to use Web application firewalls (WAFs) either in lieu of patching or to offer some protection before patching can be achieved.

SecZetta Launches Complimentary Third-Party Identity Risk Maturity Assessment at HIMSS | Dark Reading

Mar 15, 2022

SecZetta, the leading provider of third-party identity risk solutions, today announced that it was launching a complimentary Third-Party Identity Risk Maturity Assessment at HiMSS22.

What CXOs can learn from Denso ransomware attack | TechCircle

Mar 15, 2022

Last week, officials at Denso Corp confirmed that the company’s Germany hub, which oversees sales, design and development of automotive parts, had sustained a ransomware attack.

It’s Time to Bake Security into Software from the Start | CyberSecurity-Magazine

Mar 11, 2022

One of the most unexpected consequences of ransomware attacks in 2021 may have been the nationwide cream cheese shortage caused by an attack on one of the nation’s largest cream cheese manufacturers.

Toyota cyberattack on supplier halts production — car makers among most vulnerable to attack | The Stack

Feb 28, 2022

Toyota is stopping all car production in Japan from March 1, due to a cyberattack on a key supplier, Kojima Industries. The automotive giant said it was suspending the operation of 28 production lines at 14 plants in Japan saying “we apologize to our relevant suppliers and customers for any inconvenience this may cause” and attributing the issue at Kojima to a “system failure.”

Biden’s sanctions face energy reality | Politico

Feb 23, 2022

President Joe Biden unveiled fresh sanctions after Russia sent troops into Ukraine, but he still has to contend with the political risks of an overheated energy market.

Big Pharma Finds Patch Management a Bitter Pill | Dark Reading

Feb 03, 2022

One-quarter of pharmaceutical manufacturers received a failing grade on patch management, which is a vital step in heading off ransomware attacks.

Energy Sector Still Needs to Shut the Barn Door | Dark Reading

Jan 29, 2022

One third of the companies studied haven't fixed their credential management — the same issue that led to the Colonial Pipeline hack last May.

Healthcare industry most common victim of third-party breaches last year | Help Net Security

Jan 28, 2022

Black Kite released its annual Third-Party Breach Report, which examines the impact of third-party cyber breaches in 2021. Ransomware was the most common attack method behind third-party breaches in 2021, initiating more than one out of four incidents analyzed.

Black Kite response on Ukraine | TVEyes

Jan 26, 2022

Chief Security Officer of Black Kite Bob Maley believes Russia could launch cyber warfare at any moment, but says Lavrov's comment isn't necessarily an indication.

US offers no concessions in response to Russia on Ukraine | WJLA

Jan 26, 2022

The Biden administration and NATO told Russia on Wednesday there will be no U.S. or NATO concessions on Moscow’s main demands to resolve the crisis over Ukraine.

33% of third-party data breaches in 2021 targeted healthcare orgs | Security Magazine

Jan 24, 2022

Despite cybersecurity prioritization following the onset of the COVID-19 pandemic, the healthcare industry was the most common victim of attacks caused by third parties, accounting for 33% of incidents last year.

What Did We Learn About Cyber Risk Management in 2021? | Cloud Security Alliance

Dec 17, 2021

By Bob Maley, Chief Security Officer at Black Kite “The more things change, the more they stay the same.”

Businesses face payroll, scheduling woes after ransomware attack on Kronos | The Boston Globe

Dec 14, 2021

A ransomware attack on Ultimate Kronos Group has knocked offline the payroll and scheduling systems of thousands of businesses, government agencies, and nonprofits that use the company’s software, including some major Boston-area employers.

Federal Drive with Tom Temin | PodcastOne

Dec 08, 2021

When he's not tooling around the National Capital region on his motorcycle, Tom Temin interviews federal executives and government contractors who provide analysis and insight on the many critical issues facing the Executive branch.

Defense contractors are highly susceptible to ransomware attacks | Help Net Security

Nov 25, 2021

20% of America’s largest 100 defense contractors are highly susceptible to a ransomware attack, according to a research from Black Kite.

Defense Contractors Highly Susceptible to Ransomware | Security Boulevard

Nov 19, 2021

The top 100 federal contractors averaged a “ransomware susceptibility index” score of 0.39, but 20% scored above the critical threshold of 0.6, according to the report.

Report: 20% of Defense Contractors at Risk for Ransomware Attack | Nextgov

Nov 17, 2021

A report featuring some of the United States' top defense contractors suggests that about 20% of them are “highly susceptible” to a ransomware attack, with 42% having experienced a data breach in 2020 alone.

Ransomware hackers have the upper hand | The Washington Post

Nov 16, 2021

Companies hit by ransomware hackers are at a disadvantage during every phase of the attack.

How cyberattacks disrupt the auto supply chain | Automotive News Europe

Oct 26, 2021

Eberspaecher, a German supplier of automotive exhaust and thermal management systems, is the latest industry victim of a cyberattack, this one hitting the company's IT infrastructure.

Boston cybersecurity ratings startup Black Kite raises VC round | VentureBeat

Oct 13, 2021

Black Kite, a tech startup based in Boston, said Wednesday it had raised $22 million to expand its cybersecurity ratings service.

Black Kite Closes $22 mln Series B Round To Help Organizations Defend Against Cyberthreats | Grit Daily News

Oct 13, 2021

Black Kite, a cybersecurity startup based in Boston, has raised $22 million in Series B funding to meet the increasing demand for cybersecurity solutions.

Cyber risk monitoring platform Black Kite raises $22M | VentureBeat

Oct 13, 2021

Boston, Massachusetts-based Black Kite, a company developing cybersecurity-as-a-service solutions, today announced that it raised $22 million in series B funding led by Volition Capital, with participation from existing investors Moore Strategic Ventures, Glasswing Ventures, and Data Point Capital.

Quarter of Energy Sector Vulnerable to Ransomware, Report Says | RTO Insider

Oct 08, 2021

A new report from cybersecurity firm Black Kite says a significant number of U.S. energy companies are still highly vulnerable to ransomware attacks.

Cyber Risk Scores Should Be More Than Just a Number | TechWire

Oct 07, 2021

With security leaders facing an onslaught of attacks from ransomware and other cyberthreats, it can be tough to know where to focus their energy. That’s where a “cyber risk score” promises to come to the rescue.

U.S. Energy Sector Is Vulnerable To Ransomware Attacks | Oilprice.com

Oct 06, 2021

A quarter of the 150 top U.S. energy companies are highly susceptible to a ransomware attack, while a massive 77 percent of those have at least one leaked credential within the last 90 days, new research by cybersecurity firm Black Kite found.

How Should the CSO Work With the Chief Privacy Officer? | Dark Reading

Sep 18, 2021

Chris Bush, Chief Customer Officer at Black Kite: You'll find both a Chief Security Officer and Chief Privacy Officer in heavily regulated industries like pharmaceuticals, finance, and insurance.

CSO Urges Companies to Think Like Cybercriminals | SDxCentral

Aug 17, 2021

More than one-quarter (26%) of Fortune 100 companies are highly likely to fall victim to a ransomware attack from cybercriminals in the next 12 months. And the problem is that “large companies typically don’t think the way the bad actors do,” warned Bob Maley, chief security officer at Black Kite.

Black Kite Launches Aviator Partner Program To Expand Deployment Of Trusted Cyber Risk Ratings Solutions | AiThority

Aug 16, 2021

Black Kite, the trusted cyber risk ratings company, launched the Black Kite Aviator partner program. Aviator enables IT solutions providers to bolster their portfolio of cyber risk services and help customers secure their supply chains. More than 50 companies have already signed on to the Aviator program.

Ransomware in Auto Manufacturing Threatens Industry’s Recovery | Security Boulevard

Jul 01, 2021

As automotive supply chains become more complex, automotive manufacturers are increasingly susceptible to a ransomware attack, according to a report from Black Kite.

Ransomware attacks could crimp industry’s recovery from pandemic, report says | Automotive News

Jun 29, 2021

Almost half of 100 automotive manufacturers and more than 17 percent of suppliers are at high risk for a ransomware attack, according to cybersecurity ratings provider Black Kite.

‘We desperately need a director’: Cyber advocates sound off as senator delays CISA confirmation | SC Media

Jun 24, 2021

Senator Rick Scott, R-Florida, blocked a unanimous consent vote on Wednesday to confirm Jen Easterly as head of the Cybersecurity and Infrastructure Security Agency until Vice President Kamala Harris visits the U.S.-Mexico border.

Microsoft: SolarWinds hackers target 150 orgs with phishing | WCTI

May 28, 2021

The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on U.S. and foreign government agencies and think tanks this week using an email marketing account of the U.S. Agency for International Development, Microsoft says.

Report finds 10% of pharma manufacturers at high risk for ransomware | Healthcare IT News

May 19, 2021

The cyber risk platform Black Kite released a new report this week finding that one in 10 global pharmaceutical manufacturers are at a high risk of suffering a ransomware attack.

Your money or else: Some drug makers could be ‘highly’ susceptible to ransomware attacks | Stat

May 18, 2021

The latest high-profile incident of a ransomware attack caused one of the biggest gas and fuel suppliers in the U.S. to close its East Coast pipeline for several days, a worrisome reminder that each industry remains vulnerable to cyberattacks. And not surprisingly, pharmaceutical companies also are easy targets, according to a new analysis.

Brace for ransomware attacks, Midsize Pharma | The Parallax View

May 18, 2021

About 10 percent of pharmaceutical companies are highly susceptible to ransomware, a new report finds, and those with a market cap of $10 billion to $50 billion are the juiciest targets.

The Colonial Pipeline Hackers Are One Of The Savviest Criminal Startups In A $370 Million Ransomware Game | Forbes

May 12, 2021

When Colonial Pipeline took its gasoline lines down following a successful cyberattack last week, it became the most high-profile victim of a hacking group called DarkSide.

Bringing Clarity To The Messy World Of Corporate Ransomware | PYMNTS.com

May 12, 2021

In between the most high-profile cases exists a trove of nearly countless ransomware attacks targeting businesses of all types and sizes. The threat is growing so much, said Black Kite Chief Security Officer Bob Maley, that he now describes the risk as an "epidemic.

Data held for ransom: Financial institutions could be at risk from ransomware | Bank Automation News

May 11, 2021

Increasingly, instead of just locking up the data by encrypting it, attackers may modify items like account balances, authorized signers or even histories of patient allergies maintained in health care records.

Third-Party Ransomware Risk Is Real, but Black Kite’s Latest Tool Can Help | VentureBeat

May 04, 2021

A new assessment service from cybersecurity ratings provider Black Kite will let enterprise defenders know which of their third-party partners and vendors could be vulnerable to a ransomware attack.

Babuk ransomware group emerges with new claims against U.S. companies | Cybersecurity Dive

Mar 26, 2021

Researchers at Black Kite — who have been monitoring the group's activities and seen many of the posted documents — say the group is a "legitimate threat" and confirm that Babuk has aggressively threatened to share information, including to hostile nation states.

Threat data sharing considered critical to defense amid rise in sophisticated attacks: report | Cybersecurity Dive

Mar 24, 2021

As the IT industry works with federal lawmakers to respond to a spate of sophisticated attacks against the U.S., a report from the Ponemon Institute shows nearly 80% of security professionals consider threat data essential to maintaining a strong cybersecurity posture.

Leaked employee credentials, older software could put credit unions at risk | Bank Automation News

Mar 23, 2021

As credit unions increasingly pivot to digital platforms and solutions, flaws in their cyber meshes may become an expensive point of weakness. Credit unions face risks associated with out-of-date operating systems and employee credentials leaked onto the dark web, according to a report released last week by cyber-risk rating platform Black Kite.

The financial impact of cybersecurity vulnerabilities on credit unions | Help Net Security

Mar 22, 2021

Cybersecurity vulnerabilities among credit unions and their vendors create the potential for large financial impacts to the credit union industry, according to a Black Kite report.

After Review, Cybersecurity Firm Gives CUs, Vendors a ‘B’ Grade; Says Vulnerabilities Were Found | CU Today

Mar 18, 2021

A new report from a cybersecurity firm based of a sample of credit unions and vendors offers a “B” grade for their state of security, meaning “cyber breaches would require the skills of persistent, highly experienced hackers.”

Report: Nearly half of all credit unions at increased risk of cyberattack | Credit Union Journal | American Banker

Mar 17, 2021

Roughly half of all credit unions and more than half of their vendors could have critical vulnerabilities in their technology that leave them at increased risk of cyberattacks. That’s according to a new report from Black Kite, a firm that creates cyber risk-rating profiles. The company analyzed the cybersecurity positions of 250 federally insured credit unions and 150 vendors that serve the industry.

Qualys Is the Latest Victim of Accellion Data Breach | Dark Reading

Mar 04, 2021

Security vendor confirms attackers exploited a previously disclosed vulnerability in the enterprise firewall technology to breach its network.

Qualys confirms data breach related to Accellion after documents leak | Cybersecurity Dive

Mar 04, 2021

Cloud security firm Qualys confirmed it was the subject of a data breach related to the zero-day exploit in the Accellion FTA file transfer platform, which the cybersecurity firm used for customer support, the company announced Wednesday.

Will Boston lose its competitive edge in a work-from-home world? | The Boston Globe

Feb 02, 2021

Executives say they’re not worried about a California-style exodus taking place here, at least not yet. Tech companies are heading for the exits in California. Wall Street tycoons are packing their bags to catch some Florida sunshine. So, a big question looms for Boston’s business community: Will we be next? The most common answer you’ll hear: So far, no.

Cyber risk ratings startup moves HQ to Boston | BostInno

Jan 11, 2021

The cybersecurity hub of Boston has attracted another startup to its ranks. Cyber risk ratings startup NormShield has rebranded as Black Kite and moved its headquarters from Vienna, Virginia — just outside Washington, D.C. — to The Yard, a coworking space at 120 St. James Ave. in the Back Bay.

The siege of the U.S. Capitol was a disaster for congressional cybersecurity — and experts say Congress will likely have to wipe all its computers and rebuild from scratch | Business Insider

Jan 07, 2021

The looting of the U.S. Capitol on Wednesday by a mob of Trump supporters has also caused a cybersecurity disaster that the federal government must address, according to experts.

The physical breach of the Capitol building opens a cybersecurity Pandora’s box | SC Media

Jan 07, 2021

The insurrection at the U.S. Capitol Wednesday, which saw rioters storm the building and reportedly steal devices belonging to government officials, opened what one cybersecurity expert has called a Pandora’s box of national security and data privacy issues.

Phishing sites promising COVID-19 cure hyped by Trump soar | Micky

Apr 21, 2020

Hundreds of fraudulent websites were discovered as the public took an interest in antimalarial drugs chloroquine and hydroxychloroquine hyped by public figures. A report conducted by researchers in NormShield showed that hundreds of shady coronavirus-related websites have been operating and profiting off the pandemic since January.

Fake COVID-19 medication websites on the rise, stealing money and information | WCNC

Apr 16, 2020

Scammers are claiming they have medication to protect against or treat coronavirus.

Coronavirus misinformation seeds ground for digital scams | Axios

Apr 15, 2020

Researchers at cybersecurity auditor NormShield found a massive uptick in the first three months of 2020 for new domains that make reference to chloroquine and hydroxychloroquine.

Hundreds of new, shady websites are pushing chloroquine scams: report | Business Insider

Apr 14, 2020

Scammers are creating hundreds of shady websites to trick people searching for information about certain drugs with shaky links to COVID-19 treatment, according to a new report.

Beware of Shady Websites Pushing Pharmaceuticals for COVID-19 | Security Boulevard

Apr 10, 2020

Researchers from NormShield looked for websites using the names of 10 drugs commonly discussed in recent months. The team claims to have found “a dramatic spike” in the number of sites set up to capitalize on the anxiety caused by the pandemic.

Cybercriminals capitalize on COVID-19 fears, push shady websites, pharmaceuticals | Help Net Security

Apr 10, 2020

NormShield researchers looked for websites using the names of 10 commonly discussed drugs over the last several months. They found a dramatic spike in the number of sites generated to get the attention of scared shoppers looking for coronavirus cures.

Election security training goes online | POLITICO

Apr 09, 2020

An ambitious, Google-backed election security training initiative has had to adapt its plans during the pandemic by taking it online. Internet voting is inherently unsafe, warned a group of security experts and good-governance groups. A wide assortment of advocacy groups and companies recommended policy and enforcement steps to deal with coronavirus scams, including cyber-based ones.

The Cybersecurity 202: Mail-in voting surge is already facing time crunch in run-up to November election | The Washington Post

Apr 09, 2020

Time’s running short for states and counties to prepare for a possible massive surge of mail-in voting in November prompted by the coronavirus pandemic.

Untangling Third-Party Risk (and Fourth, and Fifth…) | Dark Reading

Mar 30, 2020

Third parties bring critical products and services to your organization. They also bring risk that must be understood and managed.

The Great Fake: Scammers are luring shoppers to fake websites and sellers | WKYC

Mar 06, 2020

Shoppers don't find out until after they hand over their money.

How Cybersecurity’s Metrics of Misery Fail to Describe Cybercrime Pain | Dark Reading

Jan 02, 2020

Dollars lost and data records exposed are valuable measurements, but the true pain of a cybersecurity incident goes far beyond that. We asked infosec pros how they put words to the pain they feel when their defenses fall apart.

Tehran-connected hackers again target higher ed, researchers conclude | POLITICO

Sep 11, 2019

Iranian government-linked hackers notorious for targeting universities have sprung another round of phishing attacks, researchers found. John Bolton’s legacy as President Donald Trump’s national security adviser is a hawkish stance in cyberspace that a successor is unlikely to undo. A House Armed Services Committee member sought clarification on DoD’s positions on encryption.

The Cybersecurity 202: How counties are war-gaming Election Day cyberattacks | The Washington Post

Sep 11, 2019

If Russian hackers seek to disrupt the 2020 election, it will be county election officials on the front lines. And some are diving in to war games so they can be ready for anything Moscow or another U.S. adversary can throw at them.

States still not up to snuff on election security, researchers warn | POLITICO

Sep 10, 2019

DState election commissions are running old software and prone to email attacks, according to a study out today. There are some positive signs, too. Two panels today will look at how federal agencies are bolstering the fundamentals of internet security, with witnesses from three departments testifying. A judge issued a major ruling on the prevailing U.S. cybercrime law, with the court favoring a narrower interpretation.

The Cybersecurity 202: How state election officials are contributing to weak security in 2020 | The Washington Post

Sep 10, 2019

It’s not just a question of paper ballots. The offices charged with administering elections across the country are falling short on a slew of basic cybersecurity measures that could make the 2020 contest far more vulnerable to hacking, according to a report out this morning.

Elections officials flub some basic security tasks | Axios

Sep 10, 2019

State elections officials struggle with some of the basics of office cybersecurity, according to a new report from cybersecurity auditor Black Kite.

Report: Growing wave of phishing attacks targets banking customers | Inside CyberSecurity

Aug 15, 2019

The security firm NormShield found a double-digit rise in phony “phishing” domains targeting customers of large banks, a trend the financial services industry says it is countering thorough enhanced security and education efforts.

Hackers Subvert Security Checks Like the Browser Padlock | WSJ

Aug 15, 2019

Recent attacks have shown that cybercriminals have co-opted techniques and tools that people commonly use to distinguish real communications and websites from fake ones, such as the padlock in a browser window. Traditional defenses have become part of an attacker’s arsenal.

Coalition presses to change surveillance law | POLITICO

Aug 14, 2019

Major cybercrime groups are collaborating and operating in a savvier way in response to law enforcement crackdowns, a report out today concludes. Cybercriminals also appear to be increasingly targeting customers of the world’s largest banks, according to new data.

Financial Phishing Grows in Volume and Sophistication in First Half of 2019 | Dark Reading

Aug 14, 2019

Criminals are using the tools intended to protect consumers to attack them through techniques that are becoming more successful with each passing month.

The Cybersecurity 202: Hackers just found serious vulnerabilities in a U.S. military fighter jet | The Washington Post

Aug 14, 2019

In a Cosmopolitan hotel suite 16 stories above the Def Con cybersecurity conference this weekend, a team of highly vetted hackers tried to sabotage a vital flight system for a U.S. military fighter jet. And they succeeded.

Sprint Reveals Account Breach via Samsung Website | Dark Reading

Jul 17, 2019

The last-June breach exposed data including names, phone numbers, and account numbers.

Get Ready For A Ransomware Tsunami | Forbes

Jul 03, 2019

OK, maybe you can’t say the two cities in Florida hit with ransomware a few weeks ago dodged a bullet, but at least they dodged the digital equivalent of a cruise missile … right?

Cyber firm examines supply-chain challenge in securing election ecosystem | Inside CyberSecurity

Apr 22, 2019

State election officials are doing a better job of securing systems but still need to pay more attention to “internet facing infrastructure” and possible weak links in their supply chains, according to a new report from Black Kite, a cybersecurity firm that develops risk scorecards for companies.

$20 Million Investment Round Shows Growth of Risk | Dark Reading

Apr 08, 2019

The Series B investment supports a company bringing risk assessment to businesses in business terms.

In the News

2025

Healthcare Under Attack: Ransomware Groups Increasingly Target Hospitals and Clinics

Filtered view of companies with FortiGate Leakage FocusTag™ on the Black Kite platform.

2024

Ransomware scum blow holes in Cleo software patches, Cl0p (sort of) claims responsibility

Cleo vulnerability attacks claimed by Clop ransomware gang

Mitigating third-party risk in today’s cyber ecosystem [Q&A]

Amazon Employee Data Compromised in MOVEit Breach

Data Vigilante Leaks 8 Million Employee Records from Amazon, HP and Others

Research Finds 80% of Manufacturers Have Critical Vulnerabilities

Building An Effective Security Team: 5 Key Questions To Ask

Black Kite Achieves ISO 27001:2022 Certification, Reinforcing Commitment to Information Security Excellence

Why third-party risk is the new biggest business risk

Black Kite Bridge Enables Industry-First Risk Collaboration Across Vendor Ecosystem

Black Kite Bridge enables risk collaboration across vendor ecosystem

Addressing the Complexities of Compliance in Financial Services

Planned Parenthood confirms Montana cyberattack claimed by RansomHub

Ransomware hackers threaten Montana branch of Planned Parenthood

Infosec products of the month: July 2024

How Continuous Cyber Assessment Can Improve Third-Party Cyber Risk Management

Ransomware Awareness Month 2024: Industry Experts Share Their Thoughts

Black Hat USA 2024 Q&A: Black Kite Will Showcase the Industry’s First Cyber-aware AI Engine Designed for Cybersecurity Compliance Automation – Black Kite Parser 2.0

IT-Harvest incorporates security scores from Black Kite into its dashboard

Three Ways Tech Leaders Can Use AI For Security In 2024

LockBit hackers claim to have cracked the US Federal Reserve

LockBit holds 33TB of stolen data and its ransom deadline is up: What’s next and is it real or hoax?

LockBit claims Federal Reserve breach, demands ransom not to release stolen data

Mining data is daunting but crucial

AI raises CIO cyber anxieties

Balancing generative AI cybersecurity risks and rewards

Technology’s Role In Business Continuity: Tips For Tech Leaders

UK Military Data Breach a Reminder of Third-Party Risk in Defense Sector

Break through the buzz to earn buyers’ trust

Third-party security is almost impossible

Black Kite Research Reveals Growing Persistence, Sophistication and Aggression Within Cybercrime Ecosystem

There was an 81% year-over-year increase in ransomware attacks

Top cybersecurity product news of the week

Effectively Communicating Cyber Risk With Business Leaders

How to secure a constantly changing tech ecosystem

Third-party breaches create network weak spots

Onspring GRC Software Integrates with Black Kite, Regology, and Ascent

Why IT Professionals Should Implement IT Governance | Channel Futures

These Mass. companies are among the fastest-growing in the Northeast | Boston Business Journal

A Dive Into The TPRM Landscape | CXO Tech Magazine

BlackCat Goes Dark After Ripping Off Change Healthcare Ransom | Dark Reading

20 Essential Skills For All Professionals In A Digital Workplace | Forbes Tech Council

AI technologies boost computer security, but add to threats | Business Insurance Magazine

Three Ways Your Organization Could Be Susceptible To Ransomware Attacks | Forbes Tech Council

Is creating an in-house LLM right for your organization? | InfoWorld

The New SEC Cybersecurity Disclosure Rule Is Live—Now What? | Forbes Tech Council

International Operation Hits Major Ransomware Player LockBit | Information Week

Working together for better security: Three questions CEOs should ask their CISOs | Fast Company

BitSight Sues Black Kite | Fractional CISO

20 Critical Mistakes To Avoid After A Successful Cyberattack | Forbes Tech Council

Unleashing LLMs in Cybersecurity Automation | Devmio

Hidden Risk. Continuous Monitoring In IT Environments. Jeffrey Wheatman, Black Kite. | Hidden Risk Podcast

Black Kite Unveils Monthly Ransomware Dashboards | Dark Reading

Black Kite Unveils Industry’s First Monthly Ransomware Dashboards | CIO Influence

Top cybersecurity product news of the week | CSO

Black Kite unveils industry’s first monthly ransomware dashboards | Security Info Watch

Managed Security Services Provider (MSSP) Market News: 24 January 2024 | MSSP Alert

Subway Puts a LockBit Investigation on the Menu | Dark Reading (+ newsletter)

CISOs Connect™ Opens Nominations for 2024 CISOs Top 100 CISOs (C100) Recognition and Announces Esteemed CISO Board of Judges | Security Current

Government organizations’ readiness in the face of cyber threats | Help Net Security

VMblog 2024 Industry Experts Video Predictions Series Episode 3 | VMBlog

Boston venture capitalists share their predictions for startups, AI in 2024 | Boston Business Journal

2023

Securing The Virtual Runway to The Cloud | Cyber Defense Magazine

Comcast’s Xfinity service responds to a major data breach. | The CyberWire

MGMT Boston – W12, Q4 23 – 1H 2023 Recap | MGMT Boston Substack

Women in Tech: “It’s not just about breaking glass ceilings; it’s about reshaping mindsets” | Devmio

The ALPHV/BlackCat takedown shuffle | The CyberWire

FBI Cracks BlackCat Ransomware Network, Offers Lifeline to 500+ Global Victims | The Cyber Express

Unlocking Your Data’s True Regulatory Value | GRC Outlook

Black Kite 2024 Predictions: How will the market and CISO role evolve next year? | VMBlog

Risk Monitoring In The Digital Ecosystem. Jeffrey Wheatman, Black Kite. | Hidden Risk: Cybercrime Magazine Podcast

Protecting Your Organization: Strategies For Countering Generative AI Security Challenges | Forbes Tech Council

Guardians of Trust: Navigating Third-Party Risk Across Business Realms with Jeffrey Wheatman | Scale to Zero Podcast

Ransomware in 2024: Anticipated impact, targets, and landscape shift | Help Net Security