CISOs need to bridge the gap between security concerns and business outcomes to ensure everyone plays an active role in third-party risk management. But effectively communicating that risk comes down to knowing your audience - from employees to the board, said CyberGRX's Caitlin Gruenberg.
In this post of his blog "A CISO's View," security director Ian Keller discusses the importance of having mechanisms in place to report potential personal compromise or potential compromise of another person in your company and provides simple steps for making security everyone's responsibility.
Pretexting incidents, a social engineering technique that manipulates victims into divulging information, have nearly doubled, representing 50% of all social engineering attacks, according to Verizon's 2023 Data Breach Investigations Report, which analyzed more than 16,312 security incidents.
Enterprise cybersecurity is no longer just about a siloed team of professionals securing the firm's systems and servers. Security has evolved into a key business consideration with people at its core, according to Suraj Jayaraman, Microsoft's director of cloud security architecture.
In the latest weekly update, ISMG editors discuss why communication is vital to be an effective CISO in 2023, how the hack of Florida-based dental insurer MCNA affects nearly 9 million people, and how CyberArk is securing privileged users with a new browser.
Organizations lack visibility into their network and assets to fully understand their threat and risk exposure, said Liberty Strategic Capital's Michael D'Ambrosio. The trend of accessing corporate networks from remote locations has made it tough for businesses to know what's on their network.
As the largest media company at RSA Conference 2023, ISMG conducted more than 160 individual interviews with CEOs, CISOs, government leaders, investors, researchers and attorneys. This compendium covers every facet of cybersecurity, from the latest technology solutions to emerging trends.
Security organizations in the APAC region need to adopt widely recognized frameworks consistently ensure digital trust and protect privacy, according to a panel of experts from the APAC region. Industry certifications are a good investment for improving security programs and business resilience.
Former chief security officer Joe Sullivan avoided jail time for his role in impeding a federal investigation into Uber's security practices, but attorney Lisa Sotto of Hunton Andrews Kurth LLP warned security leaders and executives "to take heed" and ensure they are covered for personal liability.
Cyber resilience is "even more critical in the post pandemic world," said Amit Basu, CISO of International Seaways. The NIST framework is a useful tool for developing, testing and maintaining cyber resilience, but too often security teams neglect the "detect" and "respond" functions, he added.
Real estate is catching up with technology but has a long way to go in terms of innovation, said Arvind Singh, chief technology officer and executive vice president of IT for Puravankara Group. Singh shared how to select the right security tools and protect the data of real estate customers.
Companies that grow quickly through mergers and acquisitions often face an array of unique security risk challenges - as well as opportunities - said Ash Hunt, global CISO of Apex Group Ltd., who is helping to shepherd his organization through such a transformation.
Despite recent unstable market conditions, the cybersecurity market is growing, said Saj Huq of Plexal, a cyber innovation accelerator based in the U.K. and innovation partner of the National Cyber Security Centre, which is part of the U.K.'s intelligence, security and cyber agency.
The role of a CISO in an organization is continuously evolving, more so after the COVID-induced digital transformation boom - and not in isolation. Protecting businesses is more than just putting the technology pieces together, said Arvin Bansal, CISO of Nissan Americas.
In light of former Uber CSO Joe Sullivan's sentencing, five cybersecurity executives from distinct walks of cybersecurity discuss how professionals can protect themselves from personal liability for making business decisions while doing what's best for their organization.