As cloud migration continues across regions and sectors, how are organizations choosing security tools, and how are those tools being operationalized? Which practices are producing the best security outcomes? Explore these cloud security tips from Palo Alto Networks' Ben Nicholson.
CISOs need to bridge the gap between security concerns and business outcomes to ensure everyone plays an active role in third-party risk management. But effectively communicating that risk comes down to knowing your audience - from employees to the board, said CyberGRX's Caitlin Gruenberg.
In the latest weekly update, four ISMG editors discuss highlights from Verizon's 16th annual Data Breach Investigations Report, what's on the mind of CISOs in Malaysia and the Philippines, and how the U.S. SEC sued crypto trading platforms Binance and Coinbase over securities violations.
With the federal government's software bill of materials regulations looming, many organizations are not ready to respond, warned CISO Sean Atkinson of the Center for Internet Security. He provided tips for ensuring transparency in the software supply chain and preparing for SBOM regulations.
Pretexting incidents, a social engineering technique that manipulates victims into divulging information, have nearly doubled, representing 50% of all social engineering attacks, according to Verizon's 2023 Data Breach Investigations Report, which analyzed more than 16,312 security incidents.
Flipkart embraced a comprehensive security maturity program that incorporated defense-in-depth, automation, zero trust and secure SDLC/security-by-design principles across its four subsidiaries. Flipkart's Raakesh Thayyil discussed the importance of a cohesive strategy.
OJK, the financial regulator in Indonesia, in December 2022 introduced regulations to ensure better cyber resilience for the financial industry. Wahyu Agung Prasetyo, IT and cyber risk management head at Bank Mega, shared how his bank is preparing to meet the regulations and the challenges ahead.
Enterprise cybersecurity is no longer just about a siloed team of professionals securing the firm's systems and servers. Security has evolved into a key business consideration with people at its core, according to Suraj Jayaraman, Microsoft's director of cloud security architecture.
Flipkart Group companies achieved a uniform SOC implementation by adopting a single data ingestion point. This simplifies integration, log parsing and normalization challenges with two SaaS-based SIEM tools, minimizing device and data source modifications.
In the latest weekly update, ISMG editors discuss why communication is vital to be an effective CISO in 2023, how the hack of Florida-based dental insurer MCNA affects nearly 9 million people, and how CyberArk is securing privileged users with a new browser.
Change management is a critical part of a robust API management program, said Shaam Farooq, vice president of technology at Atlas Energy Solutions and a CyberEdBoard member. Team members must review and approve changes as they happen and communicates those changes across IT and OT security teams.
Many hospitals are still more reactive than proactive in terms of embracing recommended best practices that can advance their cybersecurity maturity level, said Steve Low, president of KLAS Research, and Ed Gaudet, CEO of consulting firm Censinet, who discuss findings of a recent benchmarking study.
Supply chain is critical for application security because most firms rely on third-party software components. The ease of injecting vulnerabilities into open-source components makes software bill of materials a critical need, said Minatee Mishra, director of product security at Philips.
Securing distributed and hybrid workforces is challenging traditional cybersecurity paradigms. Integrating zero trust with secure access service edge, SASE, in a unified platform addresses the threats associated with the need for flexibility and a data-anywhere environment.
In the latest weekly update, ISMG editors discuss top takeaways from Ukraine's cyber defense success, how a European regulator suspended Facebook data transfers to the United States, and the state of the EU General Data Protection Regulation on its five-year anniversary.