Security News

Whether you're on the way out of - or back to - the office, our Security Validation Checklist can help make sure your security posture is in good shape. Check for any new security vulnerabilities that were identified on your vacation.

DevOps does not mesh well with traditional security protocols, and this creates a sticky situation for CISOs to counter. How can CISOs facilitate this integration and create an agile security mechanism that complements agile development?

Nearly half of enterprises have fallen victim to a ransomware attack, of which nearly all have had little choice but to heed their attackers, according to the Q2 CISO Circuit report from YL Ventures. The financial disruption, privacy implications and operational failure danger caused by ransomware are often too critical to suffer.

In this interview for Help Net Security, Dan Tucker, Senior VP at Booz Allen, and leader of the firm's cloud and data engineering solutions for citizen services, talks about government digital transformation efforts, security challenges, and offers tips for CISOs. The ability for government to rapidly share data, derive insights, and convert that into decision-making continues to improve, but the expansion of data volume and transfer methods also increases our nation's digital attack surface.

As the CISO role continues evolving from a back office IT function to taking on a larger enterprise focus, CISOs are assuming more strategic and risk-related responsibilities. Though 77% had been in their role for at least three years, almost two-thirds of those who have been in their role for less than a year came from a previous CISO role, while those who've been in their current role for five or more years were more likely to have come from a role other than CISO. SEE: Hiring kit: Data scientist.

As business begins its return to normalcy, CISOs at small and medium-size enterprises were asked to share their cybersecurity challenges and priorities, and their responses were compared the results with those of a similar survey from 2021. Especially in small security teams where additional headcount is not the answer, CISOs are turning to outsourced services to fill the void.

The only threat more persistent to organizations than cyber criminals? The cyber security skills crisis. Survey Results: Top Threat Protection Product Pain Points Overlapping capabilities of disparate technologies: 44%. Being able to see the full picture of an attack: 42%. Deployment and maintenance of disparate technologies on one machine: 41%. Lack of forensic information: 40%. Missing reporting capabilities: 25%. Many of the issues smaller teams face with threat protection products are largely attributable to the fact that they're designed for larger organizations with bigger teams and budgets.

Since most companies this size don't have in-house CISO expertise - the demand for virtual CISO services is also growing. Cynomi enables managed service providers and consulting firms to provide ongoing vCISO services at scale by automating much of the manual, expert and time-consuming vCISO work, empowering their existing teams.

The company's AI-powered vCISO platform automatically generates everything vCISO service providers need to provide their clients, fully customized for each and every client: risk and compliance assessments, gap analysis, tailored security policies, strategic remediation plans with prioritized tasks, tools for ongoing task management, progress tracking and customer-facing reports. Cynomi enables managed service providers and consulting firms to provide ongoing vCISO services at scale by automating much of the manual, expert and time-consuming vCISO work, empowering their existing teams.

At a time when enterprises are increasingly banking on digital ecosystems for their growth strategies, TCS' survey shows that only 16% of chief risk officers and chief information security officers ranked digital ecosystems as a concern when assessing expected cyber targets, and only 14% listed the risks from such ecosystems as the top priority arising out of board-level discussions. "Companies across the globe are increasingly turning to digital ecosystems of partners, vendors, and even competitors to reimagine and grow their business. Ignoring the threats originating from these ecosystems represents a blind spot which needs to be addressed urgently," said Santha Subramoni, Global Head, Cybersecurity, TCS. "One way of reducing the probability of an attack within digital supply chains is to implement a 'zero trust' policy-a framework based on the principle of 'never trust, always verify,' applied not only to humans but also machines."