Security News

After ten years operating under the original model, and two years working to revise it, the National Institute of Standards and Technology has released version 2.0 of its Cybersecurity Framework. Unlike the original, which was designed with critical infrastructure sectors in mind, CSF 2.0's scope has been expanded to suitable security tips for organizations in any sector and of any size "Regardless of their degree of cybersecurity sophistication," NIST said.

In this Help Net Security interview, Kunal Agarwal, CEO at Dope Security, offers a look into the CEO's leadership philosophy, the process of building a high-caliber team, and the unique challenges of navigating a startup in the tech industry. What is your leadership philosophy as a CEO, and how has it evolved since you started the company?

This adds up to mean that while cybersecurity training is valuable in building awareness and knowledge about password security, it has limitations in changing risky user behavior like password reuse. By combining training efforts with technology, organizations can create a more robust defense against risky password behavior.

Primary school systems handle sensitive data concerning minors, while higher education institutions must safeguard intellectual property data, making them prime targets for cyberattacks, according to Trustwave. Strong cybersecurity measures protect student data and enable teachers to do their jobs effectively without fear of disruptions or data breaches.

How decentralized identity is shaping the future of data protectionIn this Help Net Security interview, Patrick Harding, Chief Architect at Ping Identity, discusses the promises and implications of decentralized identity in cybersecurity. 10 cybersecurity startups to watch in 2024Help Net Security decided to spotlight companies breaking new ground, attracting top talent, and leading innovation in key areas.

There are worrying signs that 2024 will be especially volatile, as ransomware groups expand their list of targets, and explore new pressure tactics in response to increasingly effective international law enforcement efforts and the growing momentum of refuse-to-pay initiatives. Despite BEC incidents outnumbering ransomware incidents by a factor of 10, a ransomware incident is 15 times more likely than a BEC incident to lead to an incident response investigation.

Nathan Wenzler, chief security strategist at cyber security firm Tenable, said state-sponsored threat actors typically infiltrate by stealth and spread. Wenzler said Australian organisations should treat them as seriously as other actors or face serious risk during a geopolitical conflict. The Australian Cyber Security Centre found total reports of cybercrime were up by 23% to 94,000 in the year to June 2023, attributing part of that increase to state-sponsored attacks against critical infrastructure.

Most cybersecurity professionals believe AI will significantly impact their jobs, according to a new survey by the International Information System Security Certification Consortium; with only 35% of the respondents having already witnessed AI's effects on their jobs. The impact is not necessarily a positive or negative impact, but rather an indicator that cybersecurity pros expect their jobs to change.

Over 29% of IT leaders found that moving projects from on-premises to the cloud was more expensive than expected, while 65% said it was financially predictable. The cost-benefit analysis of cloud versus on-premises infrastructure varies greatly depending on the organization.

On Thanksgiving Day 2023, while many Americans were celebrating, hospitals across the U.S. were doing quite the opposite. Systems were failing. Ambulances were diverted. Care was impaired....