82% of CIOs believe their software supply chains are vulnerable

A report from Venafi titled "CIO Study: Software Build Pipelines Attack Surface Expanding" examines cybersecurity executive response to software supply chain security.

from Cyber Security News https://ift.tt/8x2qeyJ

The value of cyber insurance for small businesses

Cyber insurance won't stop a data breach, but it will protect small businesses from the high costs of a security breach or cyberattack.

from Cyber Security News https://ift.tt/H4IaYOd

Brindha McDonald named CSO at UK Government Property Agency

Brindha McDonald has been named Chief Security Officer (CSO) at the U.K. Government Property Agency, leading infrastructure security and personnel security efforts.

from Cyber Security News https://ift.tt/5pxLOdJ

4 emerging threats in the domain name landscape

There are four notable emerging cybersecurity threats in the domain name space organizations need to be aware of for improved brand protection. 

from Cyber Security News https://ift.tt/3cFLuhn

Social engineering is top cyberattack method targeting financial orgs

Cybercriminals have used social engineering tactics to target financial organizations, according to a ZeroFox threat report.

from Cyber Security News https://ift.tt/EUKjYBM

Data shows regulatory password compliance falls short

New Specops research shows that regulatory password complexity and construction recommendations are insufficient.

from Cyber Security News https://ift.tt/zoCPIap

What good is visibility without enforcement?

Discover three enforcement mechanisms that are essential for any effective multi-cloud security program. 

from Cyber Security News https://ift.tt/o5ck8bF

How the manufacturing sector can protect against cyberattacks

There are many cybersecurity resources for manufacturers looking to better protect their facilities from cyber threats like hacking, ransomware and insider threats.

from Cyber Security News https://ift.tt/wyWfJMR

Protecting the user as a high-value asset to achieve a safer cyber world

It is time to switch the paradigm and focus on tools that protect subjects or end users with a new User-centric zero trust architecture.

from Cyber Security News https://ift.tt/MOhwLxc

Chicago Public Schools suffers massive data breach affecting student, staff data

Chicago Public Schools has suffered a data breach that compromised the personal information of 500,000 students and more than 56,000 employees. 

from Cyber Security News https://ift.tt/Y9kemIA

Key trends in the Verizon Data Breach Investigations Report

From well publicized critical infrastructure attacks to massive supply chain breaches, the DBIR found five key trends in the security incidents analyzed.

from Cyber Security News https://ift.tt/2GwF8Jj

Ron Sanderson named Chief Information Security Officer at Redpoint

In his role as CISO, Ron Sanderson will help strengthen Redpoint’s security approach while helping ensure data privacy and data security.

from Cyber Security News https://ift.tt/jT9JEvA

Privacy study reveals wide scope of ICE surveillance

Georgetown University's Center on Privacy & Technology released a report detailing facial recognition technology use and driver's license searches conducted by the U.S. Immigration and Customs Enforcement agency (ICE).

from Cyber Security News https://ift.tt/rQAivC3

Former CIA CISO Michael Mestrovich named CISO at Rubrik

Michael Mestrovich, former Chief Information Security Officer (CISO) at the CIA, has been named CISO at Rubrik, a data security firm.

from Cyber Security News https://ift.tt/BYIpas1

10 tips to develop cybersecurity knowledge within organizations

Learn about 10 of the best tips to help security executives and their organizations move the needle from cybersecurity zero to hero.

from Cyber Security News https://ift.tt/Ld1Cf3O

Security and compliance: A missed growth opportunity for early-stage startups

Security and compliance are one of the most important accelerators for growth trajectory — one that the vast majority of early-stage startups overlook.

from Cyber Security News https://ift.tt/shekdjX

Collaboration is key to energy sector cyber defense

Security leaders in the energy sector must foreground industry-wide collaboration to protect their organizations from cybersecurity threats.

from Cyber Security News https://ift.tt/RZrcTxU

Mobile apps present cyber threats to business travel, hybrid work

Kryptowire analyzed the top travel apps presenting cyber risks to their users as business travel and hybrid work evolve.

from Cyber Security News https://ift.tt/aGVpS2q

General Data Protection Regulation: Four years later

Despite costly fines and an increasingly-regulated environment, organizations of all sizes are not fully prepared for compliance with data privacy and data protection regulations like the GDPR.

from Cyber Security News https://ift.tt/uQwRKYx

General Motors users info affected in data breach

U.S. automobile manufacturer General Motors (GM) has alerted customers of a data breach due to a credential stuffing attack last month.

from Cyber Security News https://ift.tt/jc9HPvd

Why small businesses are vulnerable to cyberattacks

It is more important than ever that small businesses understand how cyberattacks can impact their operations and take the proper steps to protect themselves.

from Cyber Security News https://ift.tt/dohuDxc

Roger Hale named Chief Security Officer at Agora

As Chief Security Officer at Agora, Hale will work to  navigate compliance and security, and determine risk management and cybersecurity best practices. 

from Cyber Security News https://ift.tt/fO6JuqG

Dave Maynor named Senior Director of Threat Intelligence at Cybrary

David "Dave" Maynor has been appointed Senior Director of Threat Intelligence at Cybrary, leading the new Cybrary Threat Intelligence Group (CTIG). 

from Cyber Security News https://ift.tt/0QgFqE1

Identity-based attacks the top cyber threat in 2021

Among ransomware, software supply chain attacks and data breaches, a Blumira report found that identity-based attacks are the top threat organizations faced in 2021. 

from Cyber Security News https://ift.tt/ybmJpW4

CISA outlines 10 initial access points exploited by hackers

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert listing 10 common initial access exploits for cybercriminals.

from Cyber Security News https://ift.tt/4npkhiS

Artificial intelligence investment grows, but barriers remain

More than one-third of organizations are using AI to address skills and labor shortages and respond to competitive and environmental pressures, according to new IBM research.

from Cyber Security News https://ift.tt/4SYsatO

Jeffrey Aguilar named Los Angeles County CISO

Cybersecurity leader Jeffrey Aguilar has been named Chief Information Security Officer (CISO) at the County of Los Angeles.

from Cyber Security News https://ift.tt/ISYq3iy

Christopher Hoff joins LastPass as Chief Secure Technology Officer

As Chief Secure Technology Officer, Christopher Hoff will be responsible for the company’s technological innovation and security infrastructure.  

from Cyber Security News https://ift.tt/ebL67kC

The do’s and don’ts of communicating a data breach

There are three key elements to implementing a successful data breach communication strategy; an incident response plan, consistent communication, and transparency. 

from Cyber Security News https://ift.tt/tbY9aey

Reskilling workers can help meet the cybersecurity staffing challenge

Reskilling should be one of the primary strategies companies use to build their cybersecurity workforce.

from Cyber Security News https://ift.tt/RkxLHE5

Beware potential ransomware attacks on QNAP NAS products

QNAP Systems urges users to update their network attached storage (NAS) devices to avoid exposure to the Deadbolt ransomware.

from Cyber Security News https://ift.tt/jAqsC8P

CISOs list top cyber threats to enterprises in 2022

Chief information security officers (CISOs) from 14 countries list their top of mind cyber threats to their organizations.

from Cyber Security News https://ift.tt/35TlvmB

3 key cybersecurity trends in the energy sector

Energy executives anticipate life, property and environment-compromising cyberattacks on the sector, according to new cybersecurity research by DNV.

from Cyber Security News https://ift.tt/wtrvbKP

10% of IT leaders believe they can stop an advanced attack

90% of IT and cybersecurity professionals are not confident in their ability to stop an advanced cyberattack, according to the 2022 Global State of Security report from Infoblox.

from Cyber Security News https://ift.tt/e4jtD0Y

Pro-Russia cyberattacks target Italian Senate, Eurovision

Pro-Russia hacker group Killnet has claimed responsibility for cyberattacks on many Italian institutions, declaring "war" on 10 countries including the United States.

from Cyber Security News https://ift.tt/385KxFv

Top 5 cyber threats of Q1 2022

Security magazine covers the top five cyber threats in Q1 2022, as outlined by Kroll's "Q1 2022 Threat Landscape: Threat Actors Target Email for Access and Extortion" report.

from Cyber Security News https://ift.tt/prebHfB

U.S. warns against hiring North Korean IT staff

U.S. officials have warned businesses against hiring IT staff from North Korea, as they may expose themselves to legal consequences and insider risk.

from Cyber Security News https://ift.tt/uivqOgj

Hackers compromise NFT Discord channels

Hackers exploited a popular Discord bot to deceive users into clicking malicious links inside Discord servers of several popular nonfungible tokens (NFT) projects.

from Cyber Security News https://ift.tt/0ktgrZT

Spring cleaning your data and cybersecurity practices — What small businesses need to know

Here are some key insights and considerations for small business owners looking to clean up their data and cybersecurity practices — just in time for spring. 

from Cyber Security News https://ift.tt/v63pBEr

The time has come for a strategic electricity reserve

Given recent geopolitical events, is it time to consider constructing a Strategic Electricity Reserve (SER) for national security reasons?

from Cyber Security News https://ift.tt/o7Hndtg

4 cybersecurity strategies for resilience in global crises

Cybersecurity professionals can help protect their organizations from cyberattacks during this time of global crises.

from Cyber Security News https://ift.tt/BTIOfeV

3 in 5 organizations lost data over email in the past year

Nearly 60% of organizations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months, according to new research from Tessian.

from Cyber Security News https://ift.tt/2PWD3FN

The state of enterprise password management

A survey by Pulse and Hitachi ID explored password management strategies used by IT, security and cybersecurity leaders.

from Cyber Security News https://ift.tt/sAnDoVQ

Enterprise SIEMs detect fewer than 5 of the top 14 ATT&CK adversary techniques

Enterprise SIEMs contain detections for fewer than 5 of the top 14 ATT&CK techniques employed by adversaries in the wild.

from Cyber Security News https://ift.tt/AgMoHwz

The next gold mine for hackers? Employee social media accounts

Companies have to get smart about the risks of social media and take steps to address them.

from Cyber Security News https://ift.tt/tlPdfxA

Three threats facing the education sector in 2022

Learn about three cybersecurity threats the education sector will face this year as well as suggestions for how to thwart them.

from Cyber Security News https://ift.tt/492yefH

Communicating risk to the C-suite

Communicating the importance of security in the C-suite comes down to speaking their language. Dive into the ways security leaders can advocate for risk management in the boardroom and uncover fraud trends during the COVID-19 pandemic in this podcast episode.

from Cyber Security News https://ift.tt/HD8kBmU

Securing Vital Data through a New Age of Cyberattacks

The conflict in Ukraine presents the threat of an increase in cyberattacks, not just for Ukrainian government agencies and companies, but worldwide. What can you do to keep your institution secure? 

from Cyber Security News https://ift.tt/7JcAETH

(ISC)² to offer 100,000 free entry-level cyber certification exams

To help expand the UK's cybersecurity workforce, (ISC)² announced it will offer free certification and education for 100,000 cybersecurity career pursuers.

from Cyber Security News https://ift.tt/NroZWdX

US, EU expand access to cybersecurity tools for SMBs

U.S. and EU stakeholders will partner to address supply chain challenges and expand access to digital tools for small to medium-sized enterprises.

from Cyber Security News https://ift.tt/1RNPj2F

Lessons learned in the five years since the Equifax data breach

The Equifax breach has taught and will continue to teach essential cybersecurity lessons that can help security leaders better protect the organization.

from Cyber Security News https://ift.tt/givBN2q

5 tips for SMBs to prevent ransomware attacks

Small- to mid-sized business (SMB) security leaders need to protect their organizations from ransomware attacks. Here are five cost-effective solutions.

from Cyber Security News https://ift.tt/PxZK4IA

93% of orgs have suffered a data-related business disruption

A survey by IDC and Zerto, "The State of Ransomware and Disaster Preparedness: 2022," found that 93% of North American and Western European medium and large organizations have experienced a business disruption due to data issues in the past twelve months.

from Cyber Security News https://ift.tt/8IZlJLz

Zero trust as foundation of API security

Without zero trust as the foundation of your security, the APIs you use could become weak points.

from Cyber Security News https://ift.tt/nfSym9W

9 in 10 companies attacked by ransomware would pay if hit again

Most organizations that have suffered a ransomware attack would choose to pay the ransom if hit again. 

from Cyber Security News https://ift.tt/4O8Smsy

Progress report on federal zero trust adoption

A study from General Dynamics Information Technology (GDIT) measured zero trust maturity in federal agencies since the Executive Order on Improving the Nation's Cybersecurity was released in May 2021.

from Cyber Security News https://ift.tt/8BOo6Yl

Building a risk management program

How can your organization build the technical foundation for a comprehensive security program and what are the tools and processes necessary to develop that foundation into a mature vulnerability assessment and risk management program? 

from Cyber Security News https://ift.tt/ObEiRcM

7 steps to combat cybersecurity threats in times of instability

Discover steps security teams can follow for understanding potential threats in times of instability and be better armed for any sort of contingency.

from Cyber Security News https://ift.tt/yrMY6UA

Compliance in healthcare: The HITRUST framework

There are several other reasons an organization should look to become HITRUST certified: improved competitive advantage, cybersecurity, risk management and more.

from Cyber Security News https://ift.tt/G6gMK8O

Two words will change your cybersecurity in 2022

Simplify and consolidate. Embracing this approach will do more than strengthen security postures — it will help decrease burnout, prevent data breaches and more.

from Cyber Security News https://ift.tt/m89xCso

Five years after the WannaCry ransomware attack

Five years after the WannaCry ransomware attack, ransomware continues to be one of the most significant cybersecurity threats facing enterprises in 2022. 

from Cyber Security News https://ift.tt/FdiyJ1Q

Emotet becomes most common malware family in Q1 2022

Emotet has become the most common malware family detected in Q1 2022 (representing 9% of all malware captured), according to a new HP Wolf security report.

from Cyber Security News https://ift.tt/XcJP2zN

Ransomwhere? All the ways that cybercriminals are advancing their craft

Developing a strong security posture across hybrid-cloud networks must be a continuous effort to fight ransomware.

from Cyber Security News https://ift.tt/cvr3CwD

Tech university stops cyberattack with AI

When an African technology university was targeted by Malware as a Service, Darktrace AI helped identify the cyberattack in its early stages.

from Cyber Security News https://www.securitymagazine.com/articles/97607-tech-university-stops-cyberattack-with-ai

Former CIA CISO William MacMillan joins SalesForce security team

William MacMillan has joined Salesforce as SVP, Security Product and Program Management, BISO, and Acquisition Integration. 

from Cyber Security News https://ift.tt/FyLIN6E

Samuel John Cure named CISO at AMI

Experienced cybersecurity executive Samuel John Cure has been named Chief Information Security Officer (CISO) at AMI.

from Cyber Security News https://ift.tt/MHfDs9A

6 best practices for cybersecurity programs

ThoughtLab's "Cybersecurity Solutions for a Riskier World" report outlines six best practices for enterprise cybersecurity leaders.

from Cyber Security News https://ift.tt/tmfiT9a

Nation-state attacks are hard to spot. It’s time for a new approach to threat detection

Network detection and response (NDR) solutions are the balance that security teams need to fight nation-state cybersecurity threats and zero-day attacks.

from Cyber Security News https://ift.tt/n9bUJiI

Building, managing, and transforming security into a business enabler

Chief Information Security Officer at DefenseStorm Bob Thibodeaux is focused on reframing cybersecurity as a business enabler.

from Cyber Security News https://ift.tt/KfhS0Q4

US public sector must modernize IT to thwart cyberattacks

Cybersecurity leaders in the U.S. public sector need to adapt to a permanently changed workforce, including a focus on cloud migration and security.

from Cyber Security News https://ift.tt/6wXWHP2

Online privacy has mostly vanished in the US

Online privacy has evolved greatly in the United States, and there is legislation on the horizon that may change data privacy and cybersecurity practices going forward.

from Cyber Security News https://ift.tt/aiPJIxY

Better Cybercrime Metrics Act signed into law

The Better Cybercrime Metrics Act aims to improve how the federal government tracks, measures, analyzes and prosecutes cybercrime. 

from Cyber Security News https://ift.tt/V3Be9xZ

How do security leaders measure program maturity?

The "Security Program Management: Priorities and Strategies" study from Blue Lava and Aimpoint Group explores how security leaders measure and manage security programs and communicate priorities to executives and boards, highlighting the importance of security benchmarking.

from Cyber Security News https://ift.tt/nz4JBLE

Costa Rica in ‘crisis’ after Conti ransomware attack

Costa Rica declared a state of national cybersecurity emergency after a Conti ransomware attack crippled the country’s government and economy.

from Cyber Security News https://ift.tt/OkzVBP8

5 tips for managing communications around a cyberattack

Effective crisis communications in the event of a cyberattack can support immediate security needs and mitigate long-term reputational damage.

from Cyber Security News https://ift.tt/5zqiF3C

Has federal cybersecurity improved post-executive order?

On May 12, 2021, President Biden signed the Executive Order on Improving the Nation's Cybersecurity, catalyzing a shift in cybersecurity culture and initiatives across federal agencies and their vendors. A report from MeriTalk analyzed how the EO has affected U.S. cybersecurity.

from Cyber Security News https://ift.tt/flYVHOd

IKEA Canada suffers data breach

IKEA Canada has suffered an internal data breach that impacted 95,000 Canadians. 

from Cyber Security News https://ift.tt/AIszpS3

Reflecting on the anniversary of Colonial Pipeline ransomware attack

Security leaders reflect on the Colonial Pipeline ransomware attack, lessons learned and best practices to protect against cybersecurity risks facing enterprises.
 

from Cyber Security News https://ift.tt/DOvEN3U

State of the Ukraine conflict: Russia amps up propaganda

The 11th episode of the Cybersecurity and Geopolitical Podcast explores the current state of the Russian invasion of Ukraine. With May 9th being Russia's World War II "Victory Day" holiday, geopolitical experts expect more action.

from Cyber Security News https://ift.tt/ynPDqz9

AGCO's business operations disrupted by ransomware attack

AGCO (Your Agriculture Company) has suffered a ransomware attack, which has impacted some production facilities.

from Cyber Security News https://ift.tt/fSEV1yh

Minnesota Cyber Security Conference to take place in June

The Minnesota Cyber Security Conference is set to take place June 9, 2022 at the Minneapolis Marriott City Center, bringing together the region's cybersecurity community for education and networking.

from Cyber Security News https://ift.tt/uSXtJyj

Protecting against cyber threats during the Russia-Ukraine conflict

In response to the Russian invasion of Ukraine, U.S. President Joe Biden released a statement on the state of cybersecurity in the nation. Cybersecurity leaders can follow many recommendations to improve security at their organizations.

from Cyber Security News https://ift.tt/VjMNUw0

Natasha Gerlach named Director of EU Privacy and Data Policy at CIPL

Natascha Gerlach is the new Director of EU Privacy and Data Policy at The Centre for Information Policy Leadership (CIPL), where she will focus on a wide range of privacy and data policy-related topics.

from Cyber Security News https://ift.tt/dTpyXSw

3 cybersecurity priorities for digital transformation

The WWT Research: Security Priorities Report identified cybersecurity priorities for security teams navigating evolving technology landscapes and working environments.

from Cyber Security News https://ift.tt/JI1r3ZW

Risk management programs don't address today's risk environment

Discover how enterprises are currently undertaking digital risk management and if they are actively managing digital risk in today's volatile environment.

from Cyber Security News https://ift.tt/wFIX2bU

Business email compromise costs $43 billion

The amount of money lost to business email compromise (BEC) scams continues to grow each year, according to the FBI.

from Cyber Security News https://ift.tt/xBptLrl

Celebrating World Password Day

In honor of World Password Day, security leaders have shared some best practices and tips on bolstering password defenses year-round.

from Cyber Security News https://ift.tt/NWS4qQ9

New standard improves international supply chain security

The recently released SCS 9001 supply chain security standard offers an auditable and verifiable solution to help meet the goals of initiatives aimed at improving global cybersecurity.

from Cyber Security News https://ift.tt/9OW8MRQ

David Lashway and John Woods join Sidley Austin LLP

David Lashway and John Woods, cybersecurity, national security and privacy lawyers, have joined Sidley Austin LLP as partners.

from Cyber Security News https://ift.tt/dWDcX5m

Considerations for third-party physical security risk

The 2022 Third Party Risk Management (TPRM) Industry Study from Prevalent, Inc. reveals a security focus on non-cyber third-party risks, such as corruption, unethical working conditions and more.

from Cyber Security News https://ift.tt/i1jR0hA

Employing travel and hospitality fraud mitigation tactics

Enterprise security leaders in the travel and hospitality sectors can employ these fraud prevention and response techniques to mitigate fraud in their organizations and industries.

from Cyber Security News https://ift.tt/pXNWmAS

Winnti APT group stole trillions in intellectual property

Winnti Group stole gigabytes of intellectual property and sensitive proprietary data from dozens of companies, according to Cybereason.

from Cyber Security News https://ift.tt/XKc6eOs

US, EU and others to promote open, free, secure internet

The United States and 60 other countries have signed the Declaration for the Future of the Internet to promote a global internet that advances the free flow of information and more.

from Cyber Security News https://ift.tt/mgu6PUF

How to lead a completely remote security team

Attila Török, Head of Security at Zapier, talks about the company culture and technologies needed to run a successful remote security team in the latest Security podcast episode.

from Cyber Security News https://ift.tt/kcte92u

Key recommendations for diversity in the cyber workforce

The "Diversity in the Cyber Workforce: Addressing the Data Gap" whitepaper from MITRE explores why diversity benchmarking is important for the cybersecurity workforce and identifies associated challenges.

from Cyber Security News https://ift.tt/4RzWfDI

Challenges with containers, cloud-native applications

The increased development and deployment of cloud-native applications require more advanced security capabilities, Tigera's new report found.

from Cyber Security News https://ift.tt/4HhC5nF

Coding robot teaches K-12 students about cybersecurity

K-12 students need to learn about cybersecurity along with their exposure to digital technology. The Sphero BOLT, a coding robot, can help teach students about cyber risk management, ethical hacking and more.

from Cyber Security News https://ift.tt/w58UfaY

4 steps to tackling ransomware

Cybersecurity professionals need to follow these four steps to mitigate the effects of ransomware: prevention, preparation, response and recovery.

from Cyber Security News https://ift.tt/WiyMPQ6

EU legislation targets misinformation and fraud online

Cybersecurity legislation from the European Union, the Digital Services Act, has wider implications for global online fraud and misinformation mitigation campaigns.

from Cyber Security News https://ift.tt/3VpW6Az

A 3-step approach to cyber defense: Before, during and after a ransomware attack

Formulating a before, during and after approach is key to organizational sanity and survival in a world increasingly dominated by ransomware attacks.

from Cyber Security News https://ift.tt/qJa2EIF

NIST seeks public comment on 5G cybersecurity guidance

Cybersecurity professionals can submit comments on recent draft guidance on 5G cybersecurity from the National Institute of Standards and Technology (NIST).

from Cyber Security News https://ift.tt/3acGuzf

Female & non-binary security practitioners challenge status quo with collection of stories

“Reinventing Cybersecurity,” a collection of original stories by female and non-binary security professionals, highlights how positive change is fostered by reinventing approaches to security.

from Cyber Security News https://ift.tt/VdWiCmc

Jason Fickett to lead national cyber strategy at Booz Allen

Jason Fickett is now a leader of Booz Allen’s national cyber strategy, where he will focus on protecting U.S. critical infrastructure federal assets from cyber threats.

from Cyber Security News https://ift.tt/jW0A5pQ

University of Central Florida wins national cybersecurity competition

The University of Central Florida is the champion of the 2022 National Collegiate Cyber Defense Competition. 

from Cyber Security News https://ift.tt/pMxIUvi