SEC Eyes Final Rules on Incident Disclosure, Board Expertise

Michael Novinson • March 31, 2023

Rules coming in April could require publicly traded companies to disclose a breach within four days of deeming it material as well as board member cybersecurity expertise. The SEC in March 2022 proposed a mandate that companies disclose "material" incidents within four business days of discovery.

►

Analytics

Phishing Campaign Targets Job Seekers, Employers

Supply Chain Attack: The Challenges and Misconceptions

Latest

Cloud Security

Evolving AlienFox Malware Steals Cloud Services Credentials

Prajeet Nair • March 31, 2023

Hackers have used a modular toolkit called "AlienFox'" to compromise email and web hosting services at 18 companies. Distributed mainly by Telegram, the toolkit scripts are readily available in open sources such as GitHub, leading to constant adaptation and variation in the wild.

Cyberwarfare / Nation-State Attacks

Leaks Reveal Moscow Source for Hacking, Disinformation Tools

Mathew J. Schwartz • March 30, 2023

Leaked documents from a Moscow IT consultancy reveal how the Russian government has commissioned tools for its military and intelligence agencies for conducting cyber operations, information warfare, and controlling the internet, as well as training critical infrastructure hackers.

Fraud Management & Cybercrime

Will Customer Refunds for Scams Trigger First-Party Fraud?

Suparna Goswami • March 30, 2023

The U.S. Consumer Financial Protection Bureau is mulling over whether to reimburse consumers for online scams and fraud, but this regulatory change could lead to an increase in first-party fraud, cautioned Karen Boyer, senior vice president of financial crimes at M&T Bank.

Artificial Intelligence & Machine Learning

Tech Luminaries Call for Pause in AI Development

Anviksha More • March 29, 2023

A slew of top tech executives and artificial intelligence researchers called for a minimum half-year pause on advanced artificial intelligence systems. Tech giants already have fallen into a race to see who can be the quickest to incorporate AI into their products.

Governance & Risk Management

Pentagon Doubles Down on Zero Trust

Mathew J. Schwartz • March 29, 2023

A top Pentagon technology official on Wednesday emphasized the U.S. Department of Defense's embrace of zero trust. "We've committed to implementing zero trust across the DOD by 2027, which is an ambitious yet critical milestone," Department of Defense CIO John B. Sherman told a Senate panel.

3rd Party Risk Management

Building a Media Firm's Holistic Cybersecurity Practice

Rashmi Ramesh • March 28, 2023

Third-party risk is a key threat in the entertainment industry, where sensitive content and key assets are scattered among multiple entities across the supply chain. Shemaroo Entertainment's Dilip Joshi discusses risks, implementation challenges, budgeting and regulatory compliance in this sector.

Events

'Stronger Together' - Preview of RSA Conference 2023

Tom Field • March 28, 2023

"Stronger Together" is the theme of RSA Conference 2023. In an exclusive preview of the event, Linda Gray Martin and Britta Glade explain why that theme was selected - and what attendees can expect to see from sessions, speakers and sponsors when they attend the annual gathering in San Francisco.

Video

Essential Steps to Building a Robust API Security Program

Anna Delaney • March 28, 2023

Recent high-profile breaches resulting from API attacks are "just the tip of the iceberg," said Gartner analyst Dionisio Zumerle. "What we have is a new way of exchanging information which is increasingly popular, and almost no organization has the recipe to secure that new way of communicating."

Cybercrime

Indian Police Charge Gang With Stealing 168M Citizens' Data

Jayant Chakravarti • March 27, 2023

Indian police busted six members of an alleged criminal gang that sold the personal data of 168 million Indian citizens, including defense personnel and government employees. Cyberabad Metropolitan Police Commissioner Stephen Raveendra called the operation a national security risk.

Governance & Risk Management

Harnessing the Power of Security Consolidation, Automation

Shipra Malhotra • March 27, 2023

Studies indicate that on average most enterprises use 25 to 49 security tools sourced from up to 10 different vendors. To make this environment easier to manage, CISOs should adopt an integrated approach driven by consolidation and automation, says Microsoft's Terence Gomes.

Governance & Risk Management

Finding the Right Strategy for Implementing OT Security

Prajeet Nair • March 27, 2023

OT and SCADA security must be designed around protecting system availability, understanding OT-specific protocols and blocking attacks that target legacy systems commonly used in OT environments. CISO Hitesh Mulani of Mahindra & Mahindra shares advice on implementing OT security.

Governance & Risk Management

A Business-Centric Approach to Cybersecurity Strategy

Brian Pereira • March 27, 2023

The business world is going through a phase of hyper transformation and hyper digitalization. So, the building blocks of a cybersecurity strategy are quite different from what they were a few years ago. CISOs now need to prioritize threats in the context of their businesses.