Most organizations don’t find out their backup strategy doesn’t work until it’s too late. On the surface, everything seems covered: backups are running, retention policies are in place, recovery plans have been tabletop tested, and someone did an assessment six months ago that said everything looked “adequate.” Maybe even “mature.” But when ransomware hits, those […]

Property and casualty insurers sit in one of the most unusual positions in cybersecurity. They evaluate risk for a living. They set security requirements as conditions of coverage, and they know better than most what a breach costs. When it comes to their own cyber defenses, however, critical gaps remain. That’s the central finding of […]

Cybersecurity professionals commonly blame the end user for being the top area of risk in securing the organization. In many ways, this is understandable. Systems and software are in our control; but end users are unpredictable. They expand our threat surface to each geographically dispersed user, personal device, and their potential for making errors that impact our security.

World Backup Day is a well-meaning nudge. It’s a chance to pause, check your backups, and make sure your data is protected. It can be a good reminder to verify that you’ve got the essentials in place. But in our line of work, we’ve unfortunately seen how easily organizations can be lulled into a false […]

Anthropic announced Mythos Preview on April 7, then said they wouldn’t release it. The model found thousands of previously unknown vulnerabilities, built working exploit chains without human help, and surfaced bugs that had survived 27 years of manual review in OpenBSD. You already know this. Your inbox has been full of it for weeks. Everyone […]

LAUNCH. This was the automated command issued by Oko, the Soviet nuclear early warning system, on September 26, 1983. Sirens blared. Screens flashed. The warning was clear: the United States had launched a nuclear strike. Tucked away in a bunker near Moscow, lieutenant colonel Stanislav Petrov had a choice to make. Protocol said to report […]

Many ransomware recovery efforts start the same way. Someone pulls up a disaster recovery plan. Someone else calls the backup vendor. And then the plan, which was likely designed with natural disasters or accidental deletion in mind, meets reality and falls apart. The gaps in recovery readiness are remarkably, stubbornly consistent across organizations, even ones […]