Security News

Fully 95% of IT and security professionals believe security threats will be more dangerous due to AI - yet, despite that elevated risk, nearly one in three security and IT professionals have no documented strategy in place to address generative AI risks. When leaders don't understand vulnerability management, they may not realize how changing leadership priorities can impact the security of their organization.

This rings true; I've spoken with nearly 100 enterprise CISOs in the first half of 2024, and their primary concerns are how to get visibility over employee AI use, how to enforce corporate policies on acceptable AI use, and how to prevent loss of customer data, intellectual property, and other confidential information. How is AI acceptable use policy expressed? Consider an AI data access policy: a law or consulting firm might require that LLM data from client A can't be used to generate answers for client B. A public company's general counsel might want an AI topic access policy: employees outside of finance and below the VP level can't ask about earnings info.

Every CISO knows that cybersecurity is an increasingly hot topic for executives and board members alike. Only 5% of CISOs report directly to the CEO, indicating a potential lack of high-level influence, and 2⁄3 's of CISOs are two levels down from the CEO in the reporting structure.

In this Help Net Security video, Nick McKenzie, CISO of Bugcrowd, discusses the key findings from their recent report, which comes at a crucial time as security leaders' roles are being discussed more with the current risk landscape and the increasing need to prioritize security first over operational resilience in almost all verticals. Most CISOs believe AI makes the threat landscape impossible to secure.

Contradicting legacy stereotypes of the CISO as inherently risk averse, only 16% of today's CISOs classified their current risk appetite as low. CISOs see their CEOs as much more risk averse than themselves, with twice as many respondents perceiving their CEO as having a low-risk appetite.

Qualys CyberSecurity Asset Management 3.0 consolidates asset discovery and risk assessment into a single solution. A key differentiator of Qualys CyberSecurity Asset Management 3.0 is in the way its External Attack Surface Management technology works.

A Panaseer investigation into organizations’ annual 10-K filings reported to the SEC shows that from January-May 2024, at least 1,327 filings mentioned NIST – a key indicator that cybersecurity...

Please turn on your JavaScript for this page to function normally. Password security has seen dramatic shifts driven by the escalation of cyber threats and technological advancements.

Action1 researchers found an alarming increase in the total number of vulnerabilities across all enterprise software categories. "With the NVD's delay in associating Common Vulnerabilities and Exposures identifiers with CPE data, our report comes at a critical moment, providing much-needed insights into the evolving vulnerability landscape for enterprise software," said Mike Walters, President of Action1.

Seventy percent of enterprises are prioritizing investment in SaaS security by establishing dedicated teams to secure SaaS applications, as part of a growing trend of maturity in this field of...