Security News

How CIOs, CTOs, and CISOs view cyber risks differently
2024-08-13 03:30

Researchers found that 73% of CISOs expressed concern over cybersecurity becoming unwieldy, requiring risk-laden tradeoffs, compared to only 58% of both CIOs and CTOs. 73% of CISOs feel more pressure to implement AI strategies versus just 58% of CIOs and CTOs.

How MSPs and MSSPs offer vCISO services with skilled CISOs in short supply
2024-08-07 14:01

A new eBook by Cynomi, "What does it take to be a full-fledged Virtual CISO?" lays out exactly how service providers can easily, rapidly, and economically expand their vCISO service offerings to cover the entire range of duties. To operate successfully at a C-level and under - and stand the interplay between IT and business, a knowledge of business is essential - some CISOs even possess an MBA. CISO shortage fuels SMB demand for vCISO services.

Why CISOs face greater personal liability
2024-08-01 04:00

In this Help Net Security interview, Christos Tulumba, CISO at Veritas Technologies, discusses the key factors contributing to increased personal liability risks for CISOs. What key factors have contributed to increased personal liability risks for CISOs?

What CISOs need to keep CEOs (and themselves) out of jail
2024-07-31 04:30

Former Uber CISO Joe Sullivan, who was convicted for attempting to cover up a data breach Uber suffered in 2016, recently posited that in the very near future, CEOs might find themselves held directly responsible for cybersecurity breaches. While cybersecurity budget growth slowed in 2022 and 2023 due to economic concerns, recent surveys of CISOs have reported strong growth in cybersecurity spending in enterprises.

Most CISOs feel unprepared for new compliance regulations
2024-07-26 03:30

67% of CISOs report feeling unprepared for these new compliance regulations, while 52% admit to needing more knowledge on reporting cyber attacks to the government. "As cyber threats escalate and regulations impose heavy penalties for non-compliance, it's imperative for CISOs to reassess and strengthen their security programs in a data-driven way. Our survey reveals critical industry benchmarks, highlighting areas of strength and significant gaps that need urgent attention," said Sivan Tehila, CEO of Onyxia.

How CISOs enable ITDR approach through the principle of least privilege
2024-07-25 04:30

At the core of effective IDTR is the principle of least privilege, which scrutinizes who has access to systems and assets and for how long. Let's take a closer look at what comprises an ITDR approach and the basics of least privilege, then explore how least privilege enables CISOs to implement and manage successful ITDR strategies.

Cloud security threats CISOs need to know about
2024-07-25 04:00

In this Help Net Security interview, Ava Chawla, Head of Cloud Security at AlgoSec, discusses the most significant cloud security threats CISOs must be aware of in 2024. These threats include data...

The CISO’s approach to AI: Balancing transformation with trust
2024-07-23 04:30

How should CISOs approach AI adoption? When weighing new AI tools, CISOs must examine the risk of a few key factors. These considerations apply to all tools that may leverage AI across all business departments, not just security tools that use AI. The first is data handling practices, from collection and processing to storage and encryption, ensuring robust access controls are in place.

CISOs must shift from tactical defense to strategic leadership
2024-07-19 03:30

Fully 95% of IT and security professionals believe security threats will be more dangerous due to AI - yet, despite that elevated risk, nearly one in three security and IT professionals have no documented strategy in place to address generative AI risks. When leaders don't understand vulnerability management, they may not realize how changing leadership priorities can impact the security of their organization.

ChatGPTriage: How can CISOs see and control employees’ AI use?
2024-07-16 05:00

This rings true; I've spoken with nearly 100 enterprise CISOs in the first half of 2024, and their primary concerns are how to get visibility over employee AI use, how to enforce corporate policies on acceptable AI use, and how to prevent loss of customer data, intellectual property, and other confidential information. How is AI acceptable use policy expressed? Consider an AI data access policy: a law or consulting firm might require that LLM data from client A can't be used to generate answers for client B. A public company's general counsel might want an AI topic access policy: employees outside of finance and below the VP level can't ask about earnings info.