CISOs need to bridge the gap between security concerns and business outcomes to ensure everyone plays an active role in third-party risk management. But effectively communicating that risk comes down to knowing your audience - from employees to the board, said CyberGRX's Caitlin Gruenberg.
In this post of his blog "A CISO's View," security director Ian Keller discusses the importance of having mechanisms in place to report potential personal compromise or potential compromise of another person in your company and provides simple steps for making security everyone's responsibility.
Pretexting incidents, a social engineering technique that manipulates victims into divulging information, have nearly doubled, representing 50% of all social engineering attacks, according to Verizon's 2023 Data Breach Investigations Report, which analyzed more than 16,312 security incidents.
In this episode of "Cybersecurity Insights," Antoinette Hodes of Check Point Research discusses the need to consolidate an organization's cybersecurity posture, gain visibility into OT and IT assets, and use cybersecurity education to increase worker safety.
In this episode of "Cybersecurity Insights," Lonnie Price of Peraton discusses the importance of partnerships between the public and private sectors to help Ukrainians with the war effort. He also shares how we can become better educated and more efficient as cyber defenders.
Enterprise cybersecurity is no longer just about a siloed team of professionals securing the firm's systems and servers. Security has evolved into a key business consideration with people at its core, according to Suraj Jayaraman, Microsoft's director of cloud security architecture.
In the latest weekly update, ISMG editors discuss why communication is vital to be an effective CISO in 2023, how the hack of Florida-based dental insurer MCNA affects nearly 9 million people, and how CyberArk is securing privileged users with a new browser.
Financial institutions must leverage artificial intelligence and other new-age authentication tools to establish a robust KYC process in the era of remote account opening, said Vishal Kapoor, head of group finance audit and risk audit and executive director at DBS Bank.
Organizations lack visibility into their network and assets to fully understand their threat and risk exposure, said Liberty Strategic Capital's Michael D'Ambrosio. The trend of accessing corporate networks from remote locations has made it tough for businesses to know what's on their network.
As the largest media company at RSA Conference 2023, ISMG conducted more than 160 individual interviews with CEOs, CISOs, government leaders, investors, researchers and attorneys. This compendium covers every facet of cybersecurity, from the latest technology solutions to emerging trends.
Security organizations in the APAC region need to adopt widely recognized frameworks consistently ensure digital trust and protect privacy, according to a panel of experts from the APAC region. Industry certifications are a good investment for improving security programs and business resilience.
Huntress has completed a Series C round to expand beyond the endpoint protection market and bring managed security to identity and cloud. Hackers are increasingly going after employee accounts at SMBs and using the compromised identity to move into other systems via SSO, CEO Kyle Hanslovan said.
Yigal Unna, former DG, National Cyber Directorate, Israel, emphasized the importance of continued collaboration between defenders and the formation of a Global Cyber Cabinet consisting of more than 20 national CISOs from leading countries working to dismantle cybercrime syndicates.
Former chief security officer Joe Sullivan avoided jail time for his role in impeding a federal investigation into Uber's security practices, but attorney Lisa Sotto of Hunton Andrews Kurth LLP warned security leaders and executives "to take heed" and ensure they are covered for personal liability.
Cyber resilience is "even more critical in the post pandemic world," said Amit Basu, CISO of International Seaways. The NIST framework is a useful tool for developing, testing and maintaining cyber resilience, but too often security teams neglect the "detect" and "respond" functions, he added.