Security News

SEC's new cybersecurity risk management, strategy, governance, and incident disclosure rules, which require increased transparency around cybersecurity incidents, have been in effect since December 18, 2023. For businesses that already harbor concerns over their cybersecurity protections, visibility, and incident response preparedness, meeting the SEC's new incident reporting rules can be a serious challenge.

In this Help Net Security interview, Yoav Nathaniel, CEO at Silk Security, discusses the evolution of cyber risk management strategies and practices, uncovering common mistakes and highlighting key components for successful risk resolution. We hope to find the 'golden' indicator for which risk will eventually lead to a breach, but until that day, security teams need to holistically incorporate several layers of risk factors to determine business risk and drive justifiable communications.

As AI tools become more widespread, impersonation and deception have become easier. Organizations are combating this issue with policies and technological solutions.

Webinar In the natural world, there are ten different kinds of cloud - a rare simplicity in meteorological terms. Multi-cloud environments in particular spawn a lot of complexity, and their continuous evolution can also create cyber security blind spots.

Despite advanced security protocols, many cybersecurity incidents are still caused by employee actions. In this Help Net Security video, John Scott, Lead Cybersecurity Researcher at CultureAI, discusses how integrating AI and automation into your cybersecurity strategy can improve employee behaviors and reduce security incidents.

In this Help Net Security interview, Sumedh Thakar, President and CEO of Qualys explores the vision behind the Qualys Enterprise TruRisk Platform, a strategic move aimed at redefining how enterprises measure, communicate, and eliminate cyber risk. We delve into how Qualys assists CISOs in the complex balancing act of managing critical issues under budget constraints, the financial implications of cyber risk, and the advanced capabilities of the TruRisk Platform in providing a unified view of enterprise risk.

In this Help Net Security video, Christina Hoefer, VP of Global Industrial Enterprise at Forescout, discusses why it is time for manufacturers/OT security leaders to "Toss the spreadsheet" regarding their traditional methods of tracking data for cyber risk assessments. She addresses the underlying challenge that traditional cyber risk assessments are laborious and perpetuates gaps in risk management because they lack a consolidated, up-to-date view across all connected assets and deeper insight into historical moments in time to manage risks proactively.

Fear and the more technical aspects of cybersecurity are still stopping Australian CEOs from engaging more deeply with cybersecurity risks, despite a string of high-profile cyberattacks that have hit Australian brands, including Optus and Medibank and millions of their customers. New research from consulting firm Accenture found that only one in five of Australian CEOs are currently dedicating board meetings to discussing cybersecurity issues, while 34% think cybersecurity isn't a strategic matter and requires episodic rather than ongoing attention.

This article provides a guide to cyber risk acceptance and outlines the valuable role of continuous penetration testing in making informed risk acceptance decisions. The risk hasn't disappeared here; instead, another business takes on the task of mitigating the risk.

In this Help Net Security interview, Gaspard de Lacroix-Vaubois, CEO at Skypher, talks about the implementation of security questionnaires and how they facilitate assessments and accountability across all participants in the technology supply chain, fostering trust and safeguarding sensitive data. Many organizations overlook the critical role of security questionnaires in risk assessment.