Tag: ciso
-
How to turn around a toxic cybersecurity culture
Tags: access, advisory, attack, authentication, awareness, business, ciso, compliance, control, cyber, cybersecurity, data, governance, group, guide, healthcare, jobs, password, phishing, risk, sans, service, strategy, technology, threat, training, vulnerability, zero-trustA toxic cybersecurity culture affects team turnover, productivity, and morale. Worse yet, it places enterprise systems and data at risk.In a toxic cybersecurity culture, everybody believes that cybersecurity is somebody else’s job, says Keri Pearlson, executive director for Cybersecurity at MIT Sloan (CAMS), a research consortium focusing on cybersecurity leadership and governance issues. “They don’t…
-
Tackling software vulnerabilities with smarter developer strategies
In this Help Net Security interview, Karl Mattson, CISO at Endor Labs, discusses strategies for enhancing secure software development. Mattson covers how developers can … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/13/karl-mattson-endor-labs-secure-coding/
-
CISOs need to consider the personal risks associated with their role
70% of cybersecurity leaders felt that stories of CISOs being held personally liable for cybersecurity incidents have negatively affected their opinion of the role, according … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/13/cybersecurity-leaders-personal-liability/
-
Charges Against CISOs Create Worries, Hope in Security Industry: Survey
A survey of IT security pros by cybersecurity firm BlackFog found that 70% of them said federal cases like that against SolarWinds’ CISO hurt their opinion about the position, but some said they expected the boards of directors would take the issues of security more seriously. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/charges-against-cisos-create-worries-hope-in-security-industry-survey/
-
We must adjust expectations for the CISO role
Cybersecurity has become one of the most high-stakes facets of business operations in the past few years. The chief information security officer (CISO) role, once a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/12/ciso-role-expectations/
-
Shaping effective AI governance is about balancing innovation with humanity
In this Help Net Security interview, Ben de Bont, CISO at ServiceNow, discusses AI governance, focusing on how to foster innovation while ensuring responsible oversight. He … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/12/ben-de-bont-servicenow-ai-governance/
-
Anton’s Security Blog Quarterly Q4 2024
Tags: ai, automation, ciso, cloud, cyber, defense, detection, edr, google, governance, incident response, metric, office, security-incident, siem, soc, threat, vulnerability, vulnerability-management, zero-trustAmazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, and our Cloud Security Podcast (subscribe). Meta AI creation, steampunk theme Top 10 posts with the most lifetime views (excluding paper announcement blogs): Security Correlation Then…
-
Black Hat: Latest news and insights
The infosecurity world decamps to London this week, with research on vulnerabilities in AI systems at the fore of the latest edition of Black Hat Europe.The four-day program runs from Dec. 9-12, with two-and four-day options of hands-on trainings, but the main event at ExCeL London occurs on Dec. 11 and 12 featuring the latest research, developments,…
-
What sucks in security? Research findings from 50+ security leaders
Tags: cisoA deep dive into what CISOs are actually complaining about First seen on tldrsec.com Jump to article: tldrsec.com/p/what-sucks-in-security
-
Cybersecurity News Round-Up 2024: 10 Biggest Stories That Dominated the Year
TechRepublic looks back at the biggest cybersecurity stories of 2024, from record data breaches to rising ransomware threats and CISO burnout. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/cyber-security-news-roundup-dec-2024/
-
Top tips for CISOs running red teams
Red team is the de facto standard in offensive security testing when you want to know how all security investments, from technological controls to user training to response procedures, work together when subjected to a targeted attack. Unlike penetration testing, which aims to comprehensively assess a system, or purple team, which assesses detection and response…
-
Strengthening security posture with comprehensive cybersecurity assessments
In this Help Net Security interview, Phani Dasari, CISO at HGS, discusses key aspects of cybersecurity assessments, including effective tools and methodologies, the role of AI … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/10/phani-dasari-hgs-cybersecurity-assessments/
-
Sysdig stärkt sein Führungsteam mit neuem CISO und CMO
Mit der Stärkung seines Führungsteams und dem kontinuierlichen Fokus auf Innovation ist Sysdig gut positioniert, um die Herausforderungen der Cloud-Sicherheitsbranche anzugehen. Das Unternehmen zielt darauf ab, Organisationen weltweit zu befähigen, Bedrohungen in Echtzeit zu erkennen und darauf zu reagieren, ohne ihre Agilität zu beeinträchtigen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sysdig-staerkt-sein-fuehrungsteam-mit-neuem-ciso-und-cmo/a39172/
-
Gen AI use cases rising rapidly for cybersecurity, but concerns remain
Tags: ai, attack, automation, awareness, ceo, ciso, compliance, control, cybersecurity, data, detection, finance, framework, fraud, GDPR, governance, grc, group, guide, Hardware, HIPAA, incident response, intelligence, international, malware, middle-east, monitoring, phishing, privacy, RedTeam, regulation, risk, risk-assessment, risk-management, soc, software, strategy, technology, threat, tool, training, usaGenerative AI is being embedded into security tools at a furious pace as CISOs adopt the technology internally to automate manual processes and improve productivity. But research also suggests this surge in gen AI adoption comes with a fair amount of trepidation among cybersecurity professionals, which CISOs must keep in mind when weaving gen AI…
-
Who handles what? Common misconceptions about SaaS security responsibilities
In this Help Net Security interview, James Dolph, CISO at Guidewire, addresses common misconceptions about security responsibilities in cloud environments, particularly in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/09/james-dolph-guidewire-saas-responsibilities/
-
Attention CISOs: The New EU PLD Product Liability Directive Is Effective Now Compliance and Cybersecurity Readiness Required
The European Union’s updated Product Liability Directive (PLD) takes effect this month, with a transition period through December 9, 2026. This update substantially changes how product liability applies to digital products sold in the EU. For Chief Information Security Officers (CISOs), understanding this change is crucial. The new PLD extends liability to digital products, including……
-
Building a robust security posture with limited resources
In this Help Net Security interview, Gareth Lindahl-Wise, CISO at Ontinue, discusses how business leaders can align innovation with cybersecurity, tackle the risks posed by … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/06/gareth-lindahl-wise-ontinue-maintaining-security-posture/
-
CISOs still cautious about adopting autonomous patch management solutions
Tags: automation, business, cisco, ciso, cloud, control, crowdstrike, cybersecurity, email, exploit, firmware, group, infosec, microsoft, open-source, regulation, risk, software, strategy, technology, update, vulnerability, windowsFailing to patch vulnerabilities keeps biting CISOs.The most recent evidence: Last month, the Five Eyes cybersecurity agencies in the US, the UK, Australia, Canada, and New Zealand reported that the top 15 vulnerabilities routinely exploited last year included one that dated back to 2020 (a Microsoft Netlogon hole); one that dated back to 2021 (in…
-
The CISO: Guardian of Data while Navigating Risk Strategic Insights for the Boardroom and Shaping Future Business
Tags: access, ai, breach, business, ciso, cloud, compliance, computing, control, cyber, data, defense, detection, encryption, guide, incident, monitoring, resilience, risk, risk-management, software, strategy, threat, vulnerabilityThe CISO: Guardian of Data while Navigating Risk Strategic Insights for the Boardroom and Shaping Future Business madhav Thu, 12/05/2024 – 06:03 CISOs have one of the most vital roles in organizations today. It is also one of the most challenging. That’s because, regardless of industry or location, organizational data has become a precious asset.…
-
Dear CEO: It’s time to rethink security leadership and empower your CISO
Tags: access, application-security, breach, business, ceo, ciso, compliance, control, cybersecurity, defense, finance, governance, jobs, resilience, risk, strategy, toolAs a CISO, I’ve spent years navigating the delicate balance of responsibility and authority, accountability, and autonomy. After writing “The CISO Paradox,” I was struck by how deeply the article resonated with others in the cybersecurity field.Many reached out to share their own stories and frustrations, all pointing to the same glaring misalignment: CISOs are…
-
Im Gespräch mit Sergej Epp – ‘Der CISO steht oft im Kreuzfeuer”
Tags: cisoFirst seen on security-insider.de Jump to article: www.security-insider.de/sergej-epp-ciso-sysdig-cybersicherheit-a-30fb0609cf997b8ca420a9c386377557/
-
European law enforcement breaks high-end encryption app used by suspects
Tags: awareness, backdoor, ciso, communications, computing, crime, crimes, cryptography, data, defense, encryption, endpoint, exploit, flaw, group, hacker, infrastructure, international, jobs, law, malware, monitoring, service, technology, threat, tool, vulnerabilityA group of European law enforcement agencies were able to crack a high-level encryption app that a group of suspects created to avoid law enforcement monitoring, according to a statement issued Tuesday by Europol. Europol, understandably, did not provide any specifics about how they broke the app, but encryption experts said that the most likely method…
-
Sergej Epp wechselt als CISO von Palo Alto zu Sysdig
Der führende Anbieter von Echtzeit-Cloud-Sicherheit, Sysdig, gab die Ernennung von Sergej Epp zum Chief Information Security Officer (CISO) und von Shanta Kohli zum Chief Marketing Officer (CMO) unter der Leitung von “‹CEO “‹Willam ‘Bill” Welch bekannt, der im vergangenen Monat in das Unternehmen eingetreten ist. Zusammen bringen Kohli und Epp fast vier Jahrzehnte Erfahrung im…
-
63% of companies plan to pass data breach costs to customers
Tags: breach, business, ceo, ciso, compliance, cybersecurity, data, data-breach, finance, ibm, privacy, risk, serviceConsumers may be more on the hook for paying for the rising costs of data breaches than they realize, as companies increasingly turn to price hikes as part of their post-breach cost-recovery strategies. According to a report from IBM earlier this year, nearly two-thirds of companies plan to pass along data breach costs directly to…
-
Data Risk Intelligence: Sichtbarkeit von Datenrisiken und proaktive Risikominderung neu definieren
Data Risk Intelligence kombiniert positions- und verhaltensbasierte Datenrisikoindikatoren, um Risiken für sensible Daten proaktiv zu erkennen und zu mindern. Erste Lösung, die die Datensicherheitsfunktionen der Imperva Data Security Fabric und der Thales CipherTrust Data Security Platform vereint, um CIOs, CISOs und Datenrisikospezialisten eine äußerst zuverlässige Risikobewertung von Daten zu bieten. Thales kündigt die… First seen…
-
Talent overlooked: embracing neurodiversity in cybersecurity
In cybersecurity, diverse perspectives help in addressing complex, emerging threats. Increasingly, there’s a push to recognize that neurodiversity brings significant value to cybersecurity. However, neurodiverse people frequently face systemic barriers that hinder their success in the field.Neurodiversity refers to the way some people’s brains work differently to the neurotypical brain. This includes autism, ADHD (attention…
-
BlackBerry Highlights Rising Software Supply Chain Risks in Malaysia
Tags: access, ai, attack, breach, ceo, ciso, communications, compliance, cyber, cyberattack, cybersecurity, data, detection, espionage, finance, framework, government, infrastructure, intelligence, international, Internet, iot, malware, mobile, monitoring, phishing, ransomware, regulation, resilience, risk, skills, software, strategy, supply-chain, threat, tool, training, vulnerabilityIn 2024, BlackBerry unveiled new proprietary research, underscoring the vulnerability of software supply chains in Malaysia and around the world.According to the study, 79% of Malaysian organizations reported cyberattacks or vulnerabilities in their software supply chains during the past 12 months, slightly exceeding the global average of 76%. Alarmingly, 81% of respondents revealed they had…