Heat maps are among the most widely used—and debated—tools for risk managers worldwide to communicate risks in their registries or project portfolios. Despite their popularity, we advise leaders seeking transparency in discussing risk and value to avoid relying on them. What are heat maps? Risk managers often use heat maps (or risk matrices) to represent […]
I talk a lot about value-at-risk among my colleagues, with our customers, and the broader market. Value-at-risk may be the single most important measure to grasp, without which one cannot accurately measure risk transfer, excess risk, risk acceptance, and return on controls. Yet, these are all important concepts that leadership in modern organizations need to […]
The Office of Senate Security revealed last week that the head of the Senate Foreign Relations Committee was targeted in a deep fake video call. An unknown person, claiming to be the former Ukrainian Minister of Foreign Affairs, Dmytro Kuleba, lured the Senator onto a Zoom call. The attack was thwarted when the Senator and […]
AI tools are shifting the calculus for cyber defense by enhancing key areas such as vulnerability mapping, breach detection, incident response, and penetration testing. This integration could help an organization bolster its cyber resilience against an ever-evolving threat landscape. AI tools could automate the discovery and monitoring of vulnerabilities, providing real-time updates of an organization’s […]
Welcome to part two in our series on AI and cyber risk. Be sure to read the first installment “What you need to know: Artificial Intelligence at the Heart of Cyber,” here. Key takeaways Background In February 2024, OpenAI – in collaboration with Microsoft— tracked adversaries from Russia, North Korea, Iran, and China, leveraging their […]
Executive Summary Emerging cyber threats increasingly target Canadian organizations, government agencies, and individuals, with recent attacks revealing sophisticated tactics by threat actors. Threat actors delivered the Formbook infostealer to companies via emails that posed as job candidates. Meanwhile, the Chameleon Trojan attacked Canadian financial institutions and a restaurant chain by masquerading as legitimate apps. Cybercriminals […]
