Cybersecurity and Risk Management

On January 6, 2020, NYC-based private equity firm Insight Partners acquired the Israeli IoT cybersecurity  firm Armis for an eye-popping $1.1 billion. Armis is privately held, so it doesn't publish revenue numbers, but estimates are on the order of $30 million annually--meaning this is not only...

Yesterday I moderated a panel discussion at a Wall Street Technology Association event on cloud-first design. I was asked to give an industry perspective to lay the ground work for our wonderful panel of technologists. With 10 minutes and no slides, I offered these 10...

Last week I wrote about the threat that nation-state actors pose to enterprise organizations, and included a brief taxonomy of attackers. This week, the FBI alerted cybersecurity folks of two compromises, likely by APT27, in 2019. I'd like to highlight two interesting facts about the attacks. First, they...

When I talk about the cybersecurity threats posed by nation states, I can almost see the inner eye-roll, and hear my listener thinking, "Come on! What's she going on about now?" They view the entire issue as something out of science fiction; scary in some alternate...

If your organization is moving to cloud, you're not alone. In our most recent Cloud and Cybersecurity research study, we note that 2019 is "the year of cloud". Specifically, 56% of workloads are now in cloud, versus 44% on prem, either within data centers, or...

In the wake of out most recent round of cloud and cybersecurity research, I've been thinking about the slow evolution of application security and the evocative, if misleading, concept of "zero trust." Trust and Application Security, v. 1.0 I am (to my occasional astonishment) old enough to...

With a toll fraud prevention and mitigation strategy, enterprises can identify and mitigate potential toll threats – sometimes before they even happen. As No Jitter contributor Joyce Osenbaugh noted earlier this year, telecom fraud is on the rise. The Communications Fraud Control Association (CFCA)’s annual survey...

Should you outsource your SOC? As in so many things, the answer depends. In our most recent Cloud and Cybersecurity research study, we looked at which factors correlated to a cybersecurity organization's success, as measured by Mean Total Time to Contain (MTTC) security incidents.  We divided...

We spend a lot of time at Nemertes nailing down the metrics that define "success" for a particular initiative. To be useful, a success metric must be: Quantitative. If you can't measure it in numbers, it doesn't serve to measure progress. And if it's not something...

When it comes to cybersecurity, what differentiates highly successful enterprise technology organizations from their less successful counterparts can often be found in the metrics. Extremely effective cybersecurity organizations can detect a potential attack, determine whether it is or isn't an attack, and contain the damage...

A new Nemertes survey shows enterprises need to adopt third-party risk management programs that jettison manual checklists in favor of automated tools, hands-on risk assessments and dedicated risk teams. It's hardly news that the enterprise technology paradigm has shifted from on premises to cloud plus mobile....

Johna Till Johnson, CEO and Founder of Nemertes Research, became the Content Committee Chair for the Wall Street Technology Association (WSTA®) in January of 2019. After almost two decades of working with the WSTA in various capacities – including during her previous role as Chief...