Category: CSO Online

As the coronavirus crisis continues to capture everyone’s attention, cybercriminals stay busy running scams and delivering malware using the attention-getting virus as a lure. The threats from the scammers and crooks, which began as early as January and continue unabated,…

Read more →

Zero Trust technologies top the list for “most researched” solutions, according to the most recent IDG Security Priorities study. That’s likely because CSOs and CISOs are trying to wrap their arms around how best to protect their enterprises, considering how…

Read more →

The biggest risk from the scramble to move to remote work at scale will likely be an increase in data exposed from misconfigured cloud storage buckets, says Christopher Burgess, a writer and speaker on security issues and former senior security…

Read more →

I have a love/hate relationship with Microsoft Threat Protection (MTP). I absolutely love the concept, the platform and the pieces that make up MTP. It gives you a single-pane view of everything from the users’ systems all the way to…

Read more →

What is the CMMC? The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain. The CMMC is the DoD’s response to significant…

Read more →

Security researchers are tracking a new botnet that has been in rapid development for the past several months and targets embedded devices with binaries that are cross-compiled for 12-CPU architectures. [ Keep up with 8 hot cyber security trends (and…

Read more →

Volume 10 of the Veracode “State of Software Security” report makes one fact abundantly clear: there’s no shortage of security flaws to be fixed in the applications we use every day. So many, in fact, that it’s virtually impossible to…

Read more →

With a large percentage of your workforce now working remotely, two-factor authentication (2fa) can make them (or your company data) safer online. But how you’re doing it now probably isn’t helping much at all.   Advertise on IT Security News.…

Read more →

The revised Payment Services Directive (PSD2) has come into effect in the European Union last year, adding new requirements for financial institutions, payment services providers and merchants who do business in the shared market. But it could also have an…

Read more →

Phishing definition Phishing is a cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for…

Read more →

Gourav Mukherjee is a managing partner at vCISO firm Immersion Security. Since January he has been acting CISO at a private equity-backed healthcare company with hundreds of locations across the US. In addition to managing security for the organization, Mukherjee…

Read more →

With curiously little fanfare, the White House released last week a six-page document called the National Strategy to Secure 5G, a blueprint that was mandated by the Secure 5G and Beyond Act. That bill, signed into law by President Trump on…

Read more →

As the COVID-19 pandemic grips the globe, new surveillance methods are already raising new privacy and security challenges despite the still-early days of this crisis. Chief among these potential problems is the sudden turn by the government toward using geolocation…

Read more →

The AV-TEST Institute recently tested the most popular Windows 10 client antivirus products on three primary criteria: protection, performance, and usability. Five of the 15 products tested earned a perfect rating of 6 for each of those criteria: F-Secure PSB…

Read more →

The worst disease of the century brings out the worst in people as phishing attacks increase to unprecedented levels. Here’s how to spot and COVID-19 phishing attacks and five ways to avoid them.   Advertise on IT Security News. Read…

Read more →

There’s a lot to unpack in our most recent State of Software Security (SOSS) report, including some then vs. now comparisons, a look at the most popular vulnerabilities, and a deep dive into security debt. Here are the five takeaways we…

Read more →

When Jonathan Leitschuh found a catastrophic security vulnerability in Zoom, the popular videoconferencing platform, the company offered him money to keep quiet in the form of a bug bounty and a non-disclosure agreement (NDA) through Bugcrowd. The security flaw affected…

Read more →

The Zoom video conferencing client for macOS does not take full advantage of the application hardening features the operating system offers, which could allow local malware to elevate its privileges or access the camera and microphone without the user’s knowledge.…

Read more →

WireGuard definition WireGuard is a security-focused virtual private network (VPN) known for its simplicity and ease of use. It uses proven cryptography protocols and algorithms to protect data. Originally developed for the Linux kernel, it is now deployable on Windows,…

Read more →

In Insider Pro’s inaugural Tech Career Ladder podcast, Sandy Silk — director of Information Security, Education, and Consulting at Harvard University — joins host Maryfran Johnson to discuss what it takes to become an EPIC leader. Listen or download the…

Read more →

After serving in the United States Navy as an information systems technician, Chris Rivers was looking to enter the civilian workforce where he could still apply his technical skills. Through Fortinet’s FortiVet program, Chris received access to cybersecurity training and…

Read more →

In December, security researchers noticed an uptick in brute-force attacks against publicly exposed Microsoft SQL servers. It turns out the attacks go as far back as May 2018 and infect on average a couple thousand database servers every day with…

Read more →

In early March, as I prepared to fly home from a business trip to Seattle, we began hearing stories of U.S. businesses sending their workers home with the expectation that they may be working from home for weeks, if not…

Read more →

We all know that finding talented cybersecurity professionals is not easy. Making matters worse, neither is keeping them. To read this article in full, please click here (Insider Story)   Advertise on IT Security News. Read the complete article: 5…

Read more →

The headlines make it clear that we are in unusual times. Working from home will be the new norm for many of us for the near term at least. As IT and security teams work to meet the challenge of…

Read more →

An intrusion detection system (IDS) is a longtime staple of IT security; it’s a software application or physical appliance that monitors networks, hosts, or both for signs that an intruder has broken into your IT infrastructure. Many such tools integrate…

Read more →

Insider Pro and CertsNexus have created a virtual classroom where subscribers can learn and test their cybersecurity readiness.   Advertise on IT Security News. Read the complete article: Security School: Enroll today and advance your tech career

Read more →

If there is one thing that I know, it’s that retail is resilient. Unlike any other industry, retail has continuously needed to adapt and transform to meet customer demands, remain competitive, or react to economic downturns caused by domestic and…

Read more →

Slack is fast becoming one of the most popular communication and collaboration tools for business, corporate and professional users. Its elegant interface and overall ease of use has allowed Slack to outpace most other instant messaging deployments. With over 10…

Read more →

By now, most organizations responding to the current global pandemic have already moved their workforce to their homes using a secure remote worker system that includes an endpoint VPN client, online teleconferencing systems, and a headend VPN concentrator. But getting…

Read more →

Basic security hygiene, such as patching and updates are time-consuming and never-ending for IT security personnel. “It’s no shocker that patching causes a lot of fatigue and anxiety,” says Sean Frazier, Advisory CISO at Cisco. “Many organizations have a long…

Read more →

According to ESG research, 62% of organizations were poised to increase spending on cybersecurity in 2020.  Thirty-two percent of survey respondents said they would invest in cybersecurity technologies using AI/ML for threat detection, followed by data security (31%), network security…

Read more →

As the coronavirus pandemic builds, businesses are already reeling from the economic impact. Here’s how IT can adjust to a new reality of cost trimming and budget cuts.   Advertise on IT Security News. Read the complete article: Dealing with…

Read more →

As predicted, the coronavirus crisis is bringing out the worst in cybercriminals. But the attacks are really just old exploits modified to exploit the new coronavirus context. Here’s how to beat them.   Advertise on IT Security News. Read the…

Read more →

As predicted, the coronavirus crisis is bringing out the worst in cybercriminals. But the attacks are really just old exploits modified to exploit the new coronavirus context. Here’s how to beat them.   Advertise on IT Security News. Read the…

Read more →

A changing data landscape, the proliferation of credential-based threats, and a tougher regulatory environment is creating pressure for organizations to deploy identity and access management (IAM) systems, even though the systems can be a bear to get right. [ Learn…

Read more →

Security researchers have come across an attack where an USB dongle designed to surreptitiously behave like a keyboard was mailed to a company under the guise of a Best Buy gift card. This technique has been used by security professionals…

Read more →

It is easy to understand the enthusiasm around the rise of 5G technology. In an era in which speed and connectivity are foundational ingredients in enterprises’ growth strategy, 5G presents unprecedented potential for businesses to innovate rapidly. Factor in the…

Read more →

Coronavirus has created unprecedented challenges for companies and their employees across the globe and remote access tools are helping them meet them.   Advertise on IT Security News. Read the complete article: How remote access tools can help your businesses…

Read more →

Looking for a qualified candidate or new job? CSO’s security recruiter directory is your one-stop shop. The recruiters listed below can help you find your next Chief Security Officer (CSO), Chief Information Security Officer (CISO), or VP of Security and…

Read more →

Dear Victim, Please panic. Cower in the corner under a toilet paper fort with a pile of ammo for a pillow. Meanwhile, I’m hacking your corporate network. Work from home, they said. Self-isolate, they said. Avoid contagion, they said. They…

Read more →

Security researchers warn that a Chinese cyberespionage group has been attacking organizations worldwide by exploiting vulnerabilities in popular business applications and devices from companies such as Cisco, Citrix and Zoho. In light of the ongoing COVID-19 crisis, the risk to…

Read more →

The stay-at-home alerts for many large cities, US states, and countries is putting information technology and security professionals on the forefront of the battle to keep businesses up and running with most employees working remotely. Technology has risen to the…

Read more →

We can all remember a time not so long ago when security was thedepartment of no. “We have moved past that to ‘yes, but,’” says MikeTowers, CSO at Takeda Pharmaceuticals International. For Towers, gettingto a place where it is easy…

Read more →

Since the introduction of the European Union’s GDPR legislation the role of the Data Protection Officer (DPO) has exploded within businesses in Europe and across the world. Within a couple of years, the role has gone from niche to commonplace.…

Read more →

Congratulations. You’re now the chief security officer of your company’s newest branch office: Your home. Here’s how to manage your new job.   Advertise on IT Security News. Read the complete article: Don’t let the coronavirus make you a home…

Read more →

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions…

Read more →

Avoid central points of failure or compromise. This fundamental tenet of information security applies not only to systems and networks, but to individuals during a time of pandemic. Key cybersecurity staff, more often than not, possess singular knowledge of an…

Read more →

Something that all CSOs have in common is that we are risk owners. No matter the situation, even during times of extreme business transition and the need to maintain operational continuity, we’re all responsible for assuring the confidentiality, integrity, and…

Read more →

As people around the world are faced with fears and concerns over the COVID-19 virus, criminals are also taking note. And unfortunately, they are using this as an opportunity to try and steal money and personal information by generating social…

Read more →

Something that all CSOs have in common is that we are risk owners. No matter the situation, even during times of extreme business transition and the need to maintain operational continuity, we’re all responsible for assuring the confidentiality, integrity, and…

Read more →

As people around the world are faced with fears and concerns over the COVID-19 virus, criminals are also taking note. And unfortunately, they are using this as an opportunity to try and steal money and personal information by generating social…

Read more →

The coronavirus crisis is just beginning. But it will end. And how you fare after the pandemic depends on what you do right now. Here are four areas to focus on.   Advertise on IT Security News. Read the complete…

Read more →

Following the swift emergence of the COVID-19 crisis, organizers of cybersecurity and hacking conferences of all sizes have been faced with three choices: Cancel their events altogether, postpone them to the presumably better future, or find some way to hold…

Read more →

Following the swift emergence of the COVID-19 crisis, organizers of cybersecurity and hacking conferences of all sizes have been faced with three choices: Cancel their events altogether, postpone them to the presumably better future, or find some way to hold…

Read more →

The Stop Hacks and Improve Electronic Data Security Act, otherwise known as the SHIELD Act, is a New York State bill signed into law last July. One key provision in the legislation that could significantly change security practices across the…

Read more →

The COVID-19 pandemic has caused a forced work-from-home situation that many organizations and businesses were likely not prepared for. From dealing with undersized VPN infrastructure, insufficient bandwidth and not enough managed devices for employees to take home, IT departments are…

Read more →

Not long ago, a breach that compromised the data of a few million people would have been big news. Now, breaches that affect hundreds of millions or even billions of people are far too common. About 3.5 billion people saw…

Read more →

As the coronavirus forces companies to move their communication and file sharing onto collaboration platforms, be prepared for unintended consequences: New security threats will surface, requiring new methods of securing your environment.   Advertise on IT Security News. Read the…

Read more →

While organizations can take plenty of steps to ensure employees are well-equipped to work remotely in a secure manner, threat actors of all stripes are already taking advantage of the COVID19/coronavirus situation. Never ones to miss an opportunity, attackers are…

Read more →

The ongoing worldwide outbreak of coronavirus disease (COVID-19), which originated in Wuhan, China, in December 2019, continues to grab headlines. As of mid-February 2020, more than 70,000 cases had been confirmed. The World Health Organization (WHO) has declared the outbreak…

Read more →

Digital identity is now much more than a way to authenticate someone to access a resource. Identity and access management (IAM) has matured into a more holistic and consumer-led model, driven by privacy, cybersecurity pressures and greater functional needs. The…

Read more →

Nearly every technology company — and almost every business — is desperately determining how to use its arsenal of technology to combat the increasingly severe disruption caused by coronavirus.   Advertise on IT Security News. Read the complete article: Navigating…

Read more →

As the world “shelters in place” amid the COVID-19 crisis, some tech companies are stepping up and offering their products and services free of charge for a limited time. These offers will help organizations set up and protect remote employees…

Read more →

It’s 2020, yet many organizations still depend upon a myriad of disparate point tools for security operations, leading to many challenges.  According to ESG research these are the biggest challenges associated with managing an assortment of point tools: To read…

Read more →

One class of companies is already equipped to work in a fully distributed employee model. Another going to have a difficult time adapting to most employees having to work from home. Some won’t survive if this lasts more than a…

Read more →

Last week, the US Cyberspace Solarium Commission, a bicameral, bipartisan intergovernmental body created by the 2019 Defense Authorization Act, launched its official report on the organization, policy and technical issues surrounding how to best defend the country against digital security…

Read more →

Anyone who ever attended an RSA conference understands that cybersecurity vendors introduce hundreds of amazing, innovative products every year. But C-level execs aren’t looking for the flashiest new point products. Faced with a severe shortage of security professionals and up…

Read more →

When cybersecurity experts talk about shifting the fixing of problems to the left, they mean moving that process closer to the birth of the code, which is always at the extreme left side of an application-making flowchart. Errors that are…

Read more →

Your boss just called and all your employees are mandated to work from home for the next two to three weeks due to the potential COVID-19 pandemic. What could go wrong? What risks are you now bringing to the firm?…

Read more →

The Covid-19 crisis is the Black Swan event of our lifetime. Here’s how to hold it all together (while keeping employees apart).   Advertise on IT Security News. Read the complete article: What your business should do about the coronavirus…

Read more →

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions…

Read more →

One of the most challenging executive tasks for CISOs is quantifying the success and the value of the cybersecurity function. Indeed, security leaders and their organizations have used a myriad of metrics over the years. Yet, many executives and board…

Read more →

What is a credit card skimmer? In the security industry, a skimmer has traditionally referred to any hardware device designed to steal information stored on payment cards when consumers perform transactions at ATMs, gas pumps and other payment terminals. More…

Read more →

The IT systems of the City of Durham and Durham County in North Carolina have been shuttered since a successful ransomware attack struck the municipalities on the evening of March 6. Although details are still sketchy, the North Carolina Bureau…

Read more →

One of the topics covered In a recent RSA Conference presentation was how attackers are using the victims’ own Windows operating system against them to avoid detection. This concept of “living off the land” (LotL) — the use of binaries,…

Read more →

Anecdotal evidence of security operations center (SOC) tool overload is overwhelming — at CSO we hear complaints from industry sources about this problem all the time — but the 2019 SANS SOC Survey attempted to quantify the problem. For most…

Read more →

For Chad Teat, CISO of Atlanta-based specialty retailer Floor & Decor, the secret to balancing risk and business opportunity comes down to reducing friction with the business. To do that, Teat says, the CISO, engineers, and analysts all need to…

Read more →

Researchers have devised a new attack against Intel CPUs that can leak sensitive secrets stored in SGX secure enclaves and, at least in theory, from privileged processes across security boundaries such as kernel space, virtual machines and hypervisors. Dubbed Load…

Read more →

2019 was another big year for mergers and acquisitions (M&A) in the cybersecurity industry. According to Momentum Cyber, more than 150 deals totaling more than $23 billion in value took place this year. Four billion-dollar deals have occurred in the…

Read more →

Last week a pair of US senators on the Senate Judiciary Committee, Lindsey Graham (R-SC) and Richard Blumenthal (D-CT), introduced a flashpoint piece of legislation called The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT). The law,…

Read more →

Phishing and credential stuffing attacks are two of the biggest threats to any large organization, but two-factor authentication (2FA) —especially hardware 2FA — is remarkably effective in mitigating such attacks by an order of magnitude or more. To read this…

Read more →

RSA 2020 had an uninvited guest, Covid-19.  Fist bumps replaced handshakes and hand sanitizing stations were spread throughout the Moscone Center.  Attendance seemed to be down due to factors like the virus panic and the withdrawal of major players like…

Read more →

Looking for hard numbers to back up your sense of what’s happening in the cybersecurity world? We dug into studies and surveys of the industry’s landscape to get a sense of the lay of the land—both in terms of what’s…

Read more →

Like many large enterprises, financial services giant Visa has embraced containerization technologies that enable companies to move from legacy monolithic apps to microservice-based application architectures that are easier to maintain, update and deploy at scale on cloud infrastructure. But splitting…

Read more →

Due to the Covid-19 virus, some tech-culture trends are radically accelerating. Others are being reversed. And it’s happening all at once. Here’s what you need to know.   Advertise on IT Security News. Read the complete article: How the coronavirus…

Read more →

2019 was another big year for mergers and acquisitions (M&A) in the cybersecurity industry. According to Momentum Cyber, more than 150 deals totaling more than $23 billion in value took place this year. Four billion-dollar deals have occurred in the…

Read more →

Last May, Intel released firmware patches for vulnerabilities affecting several hardware security features in its chipsets that are used for digital rights management, device attestation, firmware validation, safe storage of cryptographic keys, disk encryption and more. A team of security…

Read more →

Last May, Intel released firmware patches for vulnerabilities affecting several hardware security features in its chipsets that are used for digital rights management, device attestation, firmware validation, safe storage of cryptographic keys, disk encryption and more. A team of security…

Read more →

The red-hot venture capital (VC) investment trend for cybersecurity start-ups turned white hot during 2019, with the number of investments deals in “pure-play” cybersecurity companies soaring from 2018 levels. According to one set of numbers, the Venture Monitor report produced…

Read more →

Dark web definition The dark web is a part of the internet that isn’t indexed by search engines. You’ve no doubt heard talk of the “dark web” as a hotbed of criminal activity — and it is. Researchers Daniel Moore and Thomas Rid…

Read more →

In our recent survey, we asked IT professionals if certifications helped them land a job, earn a promotion or get a pay raise, and which certifications they’re planning to pursue. Here’s what we learned.   Advertise on IT Security News.…

Read more →

An information security policy is the foundation of an enterprise security program, ideally establishing in clear language what the organization expects from its security operations based on both its tolerance for risk and on its regulatory obligations. To read this…

Read more →

Trusting your administrators and outside consultants is a key part of the security process. But should you? I recently came across a story where an employee of a managed service provider (MSP) sold access to the client base. Years ago, a Microsoft…

Read more →

At the end of this year, the Payment Card Industry Data Security Standard (PCI DSS) is expected to get an upgrade to version 4.0. It has been around since 2001 and isn’t getting as much attention in the news as…

Read more →

Threat hunting – proactively searching through your own company’s networks to hunt for attacks that might evade other security measures – often signifies a company with a mature and well-resourced security organization. But just as threat actors are constantly evolving,…

Read more →

The world’s largest security show, RSA, was held last week in San Francisco.  Over the week, tens of thousands of people flocked to the Moscone Center to check out the almost 800 vendors and hundreds of speakers to educate themselves…

Read more →

With 5G poised to become widely available across the globe, enterprise organizations need to seriously consider the security implications of deploying the technology. To read this article in full, please click here (Insider Story)   Advertise on IT Security News.…

Read more →

Conventional wisdom says that a detailed understanding of the unique business functions of a particular industry is required to translate cybersecurity threats into the business risk language that other public and private sector executives expect – or even demand. For…

Read more →

Looking for a qualified candidate or new job? CSO’s security recruiter directory is your one-stop shop. The recruiters listed below can help you find your next Chief Security Officer (CSO), Chief Information Security Officer (CISO), or VP of Security and…

Read more →