Security News
Former Uber CISO Joe Sullivan, who was convicted for attempting to cover up a data breach Uber suffered in 2016, recently posited that in the very near future, CEOs might find themselves held directly responsible for cybersecurity breaches. While cybersecurity budget growth slowed in 2022 and 2023 due to economic concerns, recent surveys of CISOs have reported strong growth in cybersecurity spending in enterprises.
67% of CISOs report feeling unprepared for these new compliance regulations, while 52% admit to needing more knowledge on reporting cyber attacks to the government. "As cyber threats escalate and regulations impose heavy penalties for non-compliance, it's imperative for CISOs to reassess and strengthen their security programs in a data-driven way. Our survey reveals critical industry benchmarks, highlighting areas of strength and significant gaps that need urgent attention," said Sivan Tehila, CEO of Onyxia.
At the core of effective IDTR is the principle of least privilege, which scrutinizes who has access to systems and assets and for how long. Let's take a closer look at what comprises an ITDR approach and the basics of least privilege, then explore how least privilege enables CISOs to implement and manage successful ITDR strategies.
In this Help Net Security interview, Ava Chawla, Head of Cloud Security at AlgoSec, discusses the most significant cloud security threats CISOs must be aware of in 2024. These threats include data...
How should CISOs approach AI adoption? When weighing new AI tools, CISOs must examine the risk of a few key factors. These considerations apply to all tools that may leverage AI across all business departments, not just security tools that use AI. The first is data handling practices, from collection and processing to storage and encryption, ensuring robust access controls are in place.
Fully 95% of IT and security professionals believe security threats will be more dangerous due to AI - yet, despite that elevated risk, nearly one in three security and IT professionals have no documented strategy in place to address generative AI risks. When leaders don't understand vulnerability management, they may not realize how changing leadership priorities can impact the security of their organization.
This rings true; I've spoken with nearly 100 enterprise CISOs in the first half of 2024, and their primary concerns are how to get visibility over employee AI use, how to enforce corporate policies on acceptable AI use, and how to prevent loss of customer data, intellectual property, and other confidential information. How is AI acceptable use policy expressed? Consider an AI data access policy: a law or consulting firm might require that LLM data from client A can't be used to generate answers for client B. A public company's general counsel might want an AI topic access policy: employees outside of finance and below the VP level can't ask about earnings info.
Every CISO knows that cybersecurity is an increasingly hot topic for executives and board members alike. Only 5% of CISOs report directly to the CEO, indicating a potential lack of high-level influence, and 2⁄3 's of CISOs are two levels down from the CEO in the reporting structure.
In this Help Net Security video, Nick McKenzie, CISO of Bugcrowd, discusses the key findings from their recent report, which comes at a crucial time as security leaders' roles are being discussed more with the current risk landscape and the increasing need to prioritize security first over operational resilience in almost all verticals. Most CISOs believe AI makes the threat landscape impossible to secure.
Contradicting legacy stereotypes of the CISO as inherently risk averse, only 16% of today's CISOs classified their current risk appetite as low. CISOs see their CEOs as much more risk averse than themselves, with twice as many respondents perceiving their CEO as having a low-risk appetite.