As the coronavirus crisis continues to capture everyone’s attention, cybercriminals stay busy running scams and delivering malware using the attention-getting virus as a lure. The threats from the scammers and crooks, which began as early as January and continue unabated,…
Category: CSO Online
BrandPost: Zero Trust Part 1: Demystifying the Concept
Zero Trust technologies top the list for “most researched” solutions, according to the most recent IDG Security Priorities study. That’s likely because CSOs and CISOs are trying to wrap their arms around how best to protect their enterprises, considering how…
Episode 7: Security in a time of crisis
The biggest risk from the scramble to move to remote work at scale will likely be an increase in data exposed from misconfigured cloud storage buckets, says Christopher Burgess, a writer and speaker on security issues and former senior security…
Microsoft Threat Protection: What security and IT admins need to know
I have a love/hate relationship with Microsoft Threat Protection (MTP). I absolutely love the concept, the platform and the pieces that make up MTP. It gives you a single-pane view of everything from the users’ systems all the way to…
The Cybersecurity Maturity Model Certification explained: What defense contractors need to know
What is the CMMC? The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain. The CMMC is the DoD’s response to significant…
New, rapidly evolving IoT botnet Dark Nexus targets wide variety of devices
Security researchers are tracking a new botnet that has been in rapid development for the past several months and targets embedded devices with binaries that are cross-compiled for 12-CPU architectures. [ Keep up with 8 hot cyber security trends (and…
BrandPost: How to Prioritize Application Security Flaws
Volume 10 of the Veracode “State of Software Security” report makes one fact abundantly clear: there’s no shortage of security flaws to be fixed in the applications we use every day. So many, in fact, that it’s virtually impossible to…
Why two-factor authentication isn’t as secure as you think
With a large percentage of your workforce now working remotely, two-factor authentication (2fa) can make them (or your company data) safer online. But how you’re doing it now probably isn’t helping much at all. Advertise on IT Security News.…
7 PSD2 questions every CISO should be prepared to answer
The revised Payment Services Directive (PSD2) has come into effect in the European Union last year, adding new requirements for financial institutions, payment services providers and merchants who do business in the shared market. But it could also have an…
What is phishing? How this cyber attack works and how to prevent it
Phishing definition Phishing is a cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for…
How one healthcare CISO is navigating the COVID-19 crisis
Gourav Mukherjee is a managing partner at vCISO firm Immersion Security. Since January he has been acting CISO at a private equity-backed healthcare company with hundreds of locations across the US. In addition to managing security for the organization, Mukherjee…
White House strategy paper to secure 5G envisions America leading global 5G development
With curiously little fanfare, the White House released last week a six-page document called the National Strategy to Secure 5G, a blueprint that was mandated by the Secure 5G and Beyond Act. That bill, signed into law by President Trump on…
New coronavirus-era surveillance and biometric systems pose logistical, privacy problems
As the COVID-19 pandemic grips the globe, new surveillance methods are already raising new privacy and security challenges despite the still-early days of this crisis. Chief among these potential problems is the sudden turn by the government toward using geolocation…
Best antivirus software: 13 top tools
The AV-TEST Institute recently tested the most popular Windows 10 client antivirus products on three primary criteria: protection, performance, and usability. Five of the 15 products tested earned a perfect rating of 6 for each of those criteria: F-Secure PSB…
How to protect yourself from coronavirus phishing threats
The worst disease of the century brings out the worst in people as phishing attacks increase to unprecedented levels. Here’s how to spot and COVID-19 phishing attacks and five ways to avoid them. Advertise on IT Security News. Read…
BrandPost: State of Software Security: Top 5 Takeaways for Security Professionals
There’s a lot to unpack in our most recent State of Software Security (SOSS) report, including some then vs. now comparisons, a look at the most popular vulnerabilities, and a deep dive into security debt. Here are the five takeaways we…
Bug bounty platforms buy researcher silence, violate labor laws, critics say
When Jonathan Leitschuh found a catastrophic security vulnerability in Zoom, the popular videoconferencing platform, the company offered him money to keep quiet in the form of a bug bounty and a non-disclosure agreement (NDA) through Bugcrowd. The security flaw affected…
Weakness in Zoom for macOS allows local attackers to hijack camera and microphone
The Zoom video conferencing client for macOS does not take full advantage of the application hardening features the operating system offers, which could allow local malware to elevate its privileges or access the camera and microphone without the user’s knowledge.…
What is WireGuard? Secure, simple VPN still in development
WireGuard definition WireGuard is a security-focused virtual private network (VPN) known for its simplicity and ease of use. It uses proven cryptography protocols and algorithms to protect data. Originally developed for the Linux kernel, it is now deployable on Windows,…
Tech Career Ladder podcast: Start your climb to EPIC leader
In Insider Pro’s inaugural Tech Career Ladder podcast, Sandy Silk — director of Information Security, Education, and Consulting at Harvard University — joins host Maryfran Johnson to discuss what it takes to become an EPIC leader. Listen or download the…
BrandPost: Addressing the Cybersecurity Workforce Shortage by Training Veterans
After serving in the United States Navy as an information systems technician, Chris Rivers was looking to enter the civilian workforce where he could still apply his technical skills. Through Fortinet’s FortiVet program, Chris received access to cybersecurity training and…
Attack campaign hits thousands of MS-SQL servers for two years
In December, security researchers noticed an uptick in brute-force attacks against publicly exposed Microsoft SQL servers. It turns out the attacks go as far back as May 2018 and infect on average a couple thousand database servers every day with…
Pandemic impact report: Security leaders weigh in
In early March, as I prepared to fly home from a business trip to Seattle, we began hearing stories of U.S. businesses sending their workers home with the expectation that they may be working from home for weeks, if not…
5 reasons security staff leave (and what to do about it)
We all know that finding talented cybersecurity professionals is not easy. Making matters worse, neither is keeping them. To read this article in full, please click here (Insider Story) Advertise on IT Security News. Read the complete article: 5…
How to prepare Microsoft Office and Windows for ransomware and email attacks
The headlines make it clear that we are in unusual times. Working from home will be the new norm for many of us for the near term at least. As IT and security teams work to meet the challenge of…
12 top IDS/IPS tools
An intrusion detection system (IDS) is a longtime staple of IT security; it’s a software application or physical appliance that monitors networks, hosts, or both for signs that an intruder has broken into your IT infrastructure. Many such tools integrate…
Security School: Enroll today and advance your tech career
Insider Pro and CertsNexus have created a virtual classroom where subscribers can learn and test their cybersecurity readiness. Advertise on IT Security News. Read the complete article: Security School: Enroll today and advance your tech career
BrandPost: Retail Resiliency: Securing and Enabling Innovation During Uncertain Times
If there is one thing that I know, it’s that retail is resilient. Unlike any other industry, retail has continuously needed to adapt and transform to meet customer demands, remain competitive, or react to economic downturns caused by domestic and…
10 Slack security tools compared
Slack is fast becoming one of the most popular communication and collaboration tools for business, corporate and professional users. Its elegant interface and overall ease of use has allowed Slack to outpace most other instant messaging deployments. With over 10…
BrandPost: Considerations for Addressing Additional Security Needs for Remote Workers
By now, most organizations responding to the current global pandemic have already moved their workforce to their homes using a secure remote worker system that includes an endpoint VPN client, online teleconferencing systems, and a headend VPN concentrator. But getting…
BrandPost: Basic Enterprise Security Hygiene is Still Essential
Basic security hygiene, such as patching and updates are time-consuming and never-ending for IT security personnel. “It’s no shocker that patching causes a lot of fatigue and anxiety,” says Sean Frazier, Advisory CISO at Cisco. “Many organizations have a long…
3 ways COVID-19 is changing CISO priorities
According to ESG research, 62% of organizations were poised to increase spending on cybersecurity in 2020. Thirty-two percent of survey respondents said they would invest in cybersecurity technologies using AI/ML for threat detection, followed by data security (31%), network security…
Dealing with the downturn
As the coronavirus pandemic builds, businesses are already reeling from the economic impact. Here’s how IT can adjust to a new reality of cost trimming and budget cuts. Advertise on IT Security News. Read the complete article: Dealing with…
How to protect remote workers from the coronavirus crime wave
As predicted, the coronavirus crisis is bringing out the worst in cybercriminals. But the attacks are really just old exploits modified to exploit the new coronavirus context. Here’s how to beat them. Advertise on IT Security News. Read the…
How to protect remote works from the coronavirus crime wave
As predicted, the coronavirus crisis is bringing out the worst in cybercriminals. But the attacks are really just old exploits modified to exploit the new coronavirus context. Here’s how to beat them. Advertise on IT Security News. Read the…
10 identity management metrics that matter
A changing data landscape, the proliferation of credential-based threats, and a tougher regulatory environment is creating pressure for organizations to deploy identity and access management (IAM) systems, even though the systems can be a bear to get right. [ Learn…
Cybercriminal group mails malicious USB dongles to targeted companies
Security researchers have come across an attack where an USB dongle designed to surreptitiously behave like a keyboard was mailed to a company under the guise of a Best Buy gift card. This technique has been used by security professionals…
5G without governance is risky business
It is easy to understand the enthusiasm around the rise of 5G technology. In an era in which speed and connectivity are foundational ingredients in enterprises’ growth strategy, 5G presents unprecedented potential for businesses to innovate rapidly. Factor in the…
How remote access tools can help your businesses adapt to the coronavirus
Coronavirus has created unprecedented challenges for companies and their employees across the globe and remote access tools are helping them meet them. Advertise on IT Security News. Read the complete article: How remote access tools can help your businesses…
Security Recruiter Directory
Looking for a qualified candidate or new job? CSO’s security recruiter directory is your one-stop shop. The recruiters listed below can help you find your next Chief Security Officer (CSO), Chief Information Security Officer (CISO), or VP of Security and…
Dear future victim, please panic
Dear Victim, Please panic. Cower in the corner under a toilet paper fort with a pile of ammo for a pillow. Meanwhile, I’m hacking your corporate network. Work from home, they said. Self-isolate, they said. Avoid contagion, they said. They…
Chinese hacker group APT41 uses recent exploits to target companies worldwide
Security researchers warn that a Chinese cyberespionage group has been attacking organizations worldwide by exploiting vulnerabilities in popular business applications and devices from companies such as Cisco, Citrix and Zoho. In light of the ongoing COVID-19 crisis, the risk to…
Securing Windows and Office in a time of COVID-19: update policies, remote options
The stay-at-home alerts for many large cities, US states, and countries is putting information technology and security professionals on the forefront of the battle to keep businesses up and running with most employees working remotely. Technology has risen to the…
Episode 6: Building security in
We can all remember a time not so long ago when security was thedepartment of no. “We have moved past that to ‘yes, but,’” says MikeTowers, CSO at Takeda Pharmaceuticals International. For Towers, gettingto a place where it is easy…
How CISOs and data privacy officers should work together
Since the introduction of the European Union’s GDPR legislation the role of the Data Protection Officer (DPO) has exploded within businesses in Europe and across the world. Within a couple of years, the role has gone from niche to commonplace.…
Don’t let the coronavirus make you a home office security risk
Congratulations. You’re now the chief security officer of your company’s newest branch office: Your home. Here’s how to manage your new job. Advertise on IT Security News. Read the complete article: Don’t let the coronavirus make you a home…
The CSO guide to top security conferences, 2020
There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions…
4 steps to build redundancy into your security team
Avoid central points of failure or compromise. This fundamental tenet of information security applies not only to systems and networks, but to individuals during a time of pandemic. Key cybersecurity staff, more often than not, possess singular knowledge of an…
BrandPost: Tips to Ensure that Security and Productivity Remain Resilient
Something that all CSOs have in common is that we are risk owners. No matter the situation, even during times of extreme business transition and the need to maintain operational continuity, we’re all responsible for assuring the confidentiality, integrity, and…
BrandPost: COVID-19 Social Engineering Attacks
As people around the world are faced with fears and concerns over the COVID-19 virus, criminals are also taking note. And unfortunately, they are using this as an opportunity to try and steal money and personal information by generating social…
BrandPost: Tips to Ensure that Security and Productivity Remain Resilient
Something that all CSOs have in common is that we are risk owners. No matter the situation, even during times of extreme business transition and the need to maintain operational continuity, we’re all responsible for assuring the confidentiality, integrity, and…
BrandPost: COVID-19 Social Engineering Attacks
As people around the world are faced with fears and concerns over the COVID-19 virus, criminals are also taking note. And unfortunately, they are using this as an opportunity to try and steal money and personal information by generating social…
Post-coranavirus planning calls for more (not less) investment in tech
The coronavirus crisis is just beginning. But it will end. And how you fare after the pandemic depends on what you do right now. Here are four areas to focus on. Advertise on IT Security News. Read the complete…
Virtual security conferences fill void left by canceled face-to-face events
Following the swift emergence of the COVID-19 crisis, organizers of cybersecurity and hacking conferences of all sizes have been faced with three choices: Cancel their events altogether, postpone them to the presumably better future, or find some way to hold…
Virtual security conferences fill void left by canceled face-to-face events
Following the swift emergence of the COVID-19 crisis, organizers of cybersecurity and hacking conferences of all sizes have been faced with three choices: Cancel their events altogether, postpone them to the presumably better future, or find some way to hold…
New York’s SHIELD Act could change companies’ security practices nationwide
The Stop Hacks and Improve Electronic Data Security Act, otherwise known as the SHIELD Act, is a New York State bill signed into law last July. One key provision in the legislation that could significantly change security practices across the…
COVID-19 offers a unique opportunity to pilot zero trust, rapidly and at scale
The COVID-19 pandemic has caused a forced work-from-home situation that many organizations and businesses were likely not prepared for. From dealing with undersized VPN infrastructure, insufficient bandwidth and not enough managed devices for employees to take home, IT departments are…
The 14 biggest data breaches of the 21st century
Not long ago, a breach that compromised the data of a few million people would have been big news. Now, breaches that affect hundreds of millions or even billions of people are far too common. About 3.5 billion people saw…
COVID-19 and tech: New collaboration tools mean new security risks
As the coronavirus forces companies to move their communication and file sharing onto collaboration platforms, be prepared for unintended consequences: New security threats will surface, requiring new methods of securing your environment. Advertise on IT Security News. Read the…
6 ways attackers are exploiting the COVID-19 crisis
While organizations can take plenty of steps to ensure employees are well-equipped to work remotely in a secure manner, threat actors of all stripes are already taking advantage of the COVID19/coronavirus situation. Never ones to miss an opportunity, attackers are…
A security guide for pandemic planning: 7 key steps
The ongoing worldwide outbreak of coronavirus disease (COVID-19), which originated in Wuhan, China, in December 2019, continues to grab headlines. As of mid-February 2020, more than 70,000 cases had been confirmed. The World Health Organization (WHO) has declared the outbreak…
4 key problems with digital identity and why we need a new approach
Digital identity is now much more than a way to authenticate someone to access a resource. Identity and access management (IAM) has matured into a more holistic and consumer-led model, driven by privacy, cybersecurity pressures and greater functional needs. The…
Navigating the pandemic
Nearly every technology company — and almost every business — is desperately determining how to use its arsenal of technology to combat the increasingly severe disruption caused by coronavirus. Advertise on IT Security News. Read the complete article: Navigating…
Free security resources for work-from-home employees during the COVID-19 crisis
As the world “shelters in place” amid the COVID-19 crisis, some tech companies are stepping up and offering their products and services free of charge for a limited time. These offers will help organizations set up and protect remote employees…
Toward a common UI for security operations
It’s 2020, yet many organizations still depend upon a myriad of disparate point tools for security operations, leading to many challenges. According to ESG research these are the biggest challenges associated with managing an assortment of point tools: To read…
Coronavirus: What companies are ready for our new reality?
One class of companies is already equipped to work in a fully distributed employee model. Another going to have a difficult time adapting to most employees having to work from home. Some won’t survive if this lasts more than a…
Cyberspace Solarium report calls for layered cyber deterrence, defend forward strategy
Last week, the US Cyberspace Solarium Commission, a bicameral, bipartisan intergovernmental body created by the 2019 Defense Authorization Act, launched its official report on the organization, policy and technical issues surrounding how to best defend the country against digital security…
The 10 most powerful cybersecurity companies
Anyone who ever attended an RSA conference understands that cybersecurity vendors introduce hundreds of amazing, innovative products every year. But C-level execs aren’t looking for the flashiest new point products. Faced with a severe shortage of security professionals and up…
Review: How ShiftLeft catches vulnerabilities during code development
When cybersecurity experts talk about shifting the fixing of problems to the left, they mean moving that process closer to the birth of the code, which is always at the extreme left side of an application-making flowchart. Errors that are…
8 key security considerations for protecting remote workers
Your boss just called and all your employees are mandated to work from home for the next two to three weeks due to the potential COVID-19 pandemic. What could go wrong? What risks are you now bringing to the firm?…
What your business should do about the coronavirus … right now
The Covid-19 crisis is the Black Swan event of our lifetime. Here’s how to hold it all together (while keeping employees apart). Advertise on IT Security News. Read the complete article: What your business should do about the coronavirus…
The CSO guide to top security conferences, 2020
There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions…
6 security metrics that matter – and 4 that don’t
One of the most challenging executive tasks for CISOs is quantifying the success and the value of the cybersecurity function. Indeed, security leaders and their organizations have used a myriad of metrics over the years. Yet, many executives and board…
Credit card skimmers explained: How they work and how to protect yourself
What is a credit card skimmer? In the security industry, a skimmer has traditionally referred to any hardware device designed to steal information stored on payment cards when consumers perform transactions at ATMs, gas pumps and other payment terminals. More…
Deloitte: 8 things municipal governments can do about ransomware
The IT systems of the City of Durham and Durham County in North Carolina have been shuttered since a successful ransomware attack struck the municipalities on the evening of March 6. Although details are still sketchy, the North Carolina Bureau…
How to prevent attackers from using Windows against you
One of the topics covered In a recent RSA Conference presentation was how attackers are using the victims’ own Windows operating system against them to avoid detection. This concept of “living off the land” (LotL) — the use of binaries,…
Open-source options offer increased SOC tool interoperability
Anecdotal evidence of security operations center (SOC) tool overload is overwhelming — at CSO we hear complaints from industry sources about this problem all the time — but the 2019 SANS SOC Survey attempted to quantify the problem. For most…
Episode 5: In security, soft skills are king
For Chad Teat, CISO of Atlanta-based specialty retailer Floor & Decor, the secret to balancing risk and business opportunity comes down to reducing friction with the business. To do that, Teat says, the CISO, engineers, and analysts all need to…
New CPU attack technique can leak secrets from Intel SGX enclaves
Researchers have devised a new attack against Intel CPUs that can leak sensitive secrets stored in SGX secure enclaves and, at least in theory, from privileged processes across security boundaries such as kernel space, virtual machines and hypervisors. Dubbed Load…
10 biggest cybersecurity M&A deals of 2019
2019 was another big year for mergers and acquisitions (M&A) in the cybersecurity industry. According to Momentum Cyber, more than 150 deals totaling more than $23 billion in value took place this year. Four billion-dollar deals have occurred in the…
Is the EARN-IT Act a backdoor attempt to get encryption backdoors?
Last week a pair of US senators on the Senate Judiciary Committee, Lindsey Graham (R-SC) and Richard Blumenthal (D-CT), introduced a flashpoint piece of legislation called The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT). The law,…
Making the case for hardware 2FA in the enterprise
Phishing and credential stuffing attacks are two of the biggest threats to any large organization, but two-factor authentication (2FA) —especially hardware 2FA — is remarkably effective in mitigating such attacks by an order of magnitude or more. To read this…
RSA 2020: 7 trends and takeaways
RSA 2020 had an uninvited guest, Covid-19. Fist bumps replaced handshakes and hand sanitizing stations were spread throughout the Moscone Center. Attendance seemed to be down due to factors like the virus panic and the withdrawal of major players like…
Top cybersecurity facts, figures and statistics for 2020
Looking for hard numbers to back up your sense of what’s happening in the cybersecurity world? We dug into studies and surveys of the industry’s landscape to get a sense of the lay of the land—both in terms of what’s…
How Visa built its own container security solution
Like many large enterprises, financial services giant Visa has embraced containerization technologies that enable companies to move from legacy monolithic apps to microservice-based application architectures that are easier to maintain, update and deploy at scale on cloud infrastructure. But splitting…
How the coronavirus is changing tech and 5 things to do about it
Due to the Covid-19 virus, some tech-culture trends are radically accelerating. Others are being reversed. And it’s happening all at once. Here’s what you need to know. Advertise on IT Security News. Read the complete article: How the coronavirus…
10 biggest cybersecurity M&A deals of 2019
2019 was another big year for mergers and acquisitions (M&A) in the cybersecurity industry. According to Momentum Cyber, more than 150 deals totaling more than $23 billion in value took place this year. Four billion-dollar deals have occurred in the…
Intel CSME flaw is unpatchable, researchers warn
Last May, Intel released firmware patches for vulnerabilities affecting several hardware security features in its chipsets that are used for digital rights management, device attestation, firmware validation, safe storage of cryptographic keys, disk encryption and more. A team of security…
Design flaw could compromise Intel platform security features, researchers warn
Last May, Intel released firmware patches for vulnerabilities affecting several hardware security features in its chipsets that are used for digital rights management, device attestation, firmware validation, safe storage of cryptographic keys, disk encryption and more. A team of security…
Authentication, identity management start-ups lead 2019 VC investing
The red-hot venture capital (VC) investment trend for cybersecurity start-ups turned white hot during 2019, with the number of investments deals in “pure-play” cybersecurity companies soaring from 2018 levels. According to one set of numbers, the Venture Monitor report produced…
What is the dark web? How to access it and what you’ll find
Dark web definition The dark web is a part of the internet that isn’t indexed by search engines. You’ve no doubt heard talk of the “dark web” as a hotbed of criminal activity — and it is. Researchers Daniel Moore and Thomas Rid…
IT Salary Survey: Do tech certifications pay off?
In our recent survey, we asked IT professionals if certifications helped them land a job, earn a promotion or get a pay raise, and which certifications they’re planning to pursue. Here’s what we learned. Advertise on IT Security News.…
How to write an effective information security policy
An information security policy is the foundation of an enterprise security program, ideally establishing in clear language what the organization expects from its security operations based on both its tolerance for risk and on its regulatory obligations. To read this…
Do you trust your admins? 5 tips to manage administrator access
Trusting your administrators and outside consultants is a key part of the security process. But should you? I recently came across a story where an employee of a managed service provider (MSP) sold access to the client base. Years ago, a Microsoft…
8 PCI DSS questions every CISO should be able to answer
At the end of this year, the Payment Card Industry Data Security Standard (PCI DSS) is expected to get an upgrade to version 4.0. It has been around since 2001 and isn’t getting as much attention in the news as…
How Target evolved its threat hunting program: 3 key steps
Threat hunting – proactively searching through your own company’s networks to hunt for attacks that might evade other security measures – often signifies a company with a mature and well-resourced security organization. But just as threat actors are constantly evolving,…
5 standout products from RSA 2020
The world’s largest security show, RSA, was held last week in San Francisco. Over the week, tens of thousands of people flocked to the Moscone Center to check out the almost 800 vendors and hundreds of speakers to educate themselves…
4 ways 5G will change your enterprise threat model
With 5G poised to become widely available across the globe, enterprise organizations need to seriously consider the security implications of deploying the technology. To read this article in full, please click here (Insider Story) Advertise on IT Security News.…
Secrets of industry-hopping CSOs
Conventional wisdom says that a detailed understanding of the unique business functions of a particular industry is required to translate cybersecurity threats into the business risk language that other public and private sector executives expect – or even demand. For…
Security Recruiter Directory
Looking for a qualified candidate or new job? CSO’s security recruiter directory is your one-stop shop. The recruiters listed below can help you find your next Chief Security Officer (CSO), Chief Information Security Officer (CISO), or VP of Security and…