Advertisement

cyberinsurance

Four years after NotPetya, cyber insurance is still catching up

Experts advise “terrified” insurers to better engage businesses to ensure long-term viability, and they advise businesses to track their policies closely.


vulnerable breach cyberattack hacker

Most common cyberattack techniques on Windows networks for 2020

Recent research breaks down the preferred techniques attackers use to gain access to Windows networks. Use this information to monitor your logs for these methods.


security threats and vulnerabilities

Spy groups hack into companies using zero-day flaw in Pulse Secure VPN

Known and unknown groups are using VPN vulnerabilities to circumvent authentication and establish backdoors.


Advertisement

dashboard / report / metrics / results / analysis / management

How to write a cyberthreat report executives can really use

As savvy CISOs know, a well-crafted and well-timed cyberthreat report can help executives grasp what’s happening in the world of cybersecurity—and it just might replace those late-night phonecalls.


tools drill bits toolkit tookapic free cc0 via pexels binary thinkstock

21 best free security tools

Check out these free, standout software tools that will make your daily security work easier, whether it's pen-testing, OSINT, vulnerability assessment, and more.


Missed target arrows bullseye

7 most common ways to fail at DevSecOps

DevSecOps initiatives are fraught with peril and require careful consideration of culture, learning, process and business needs. Here's how companies tend to fail in those areas.


conference / convention / audience / applause / clapping

The CSO guide to top security conferences, 2021

Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.


CSO  >  secure mergers + acquisitions / floating puzzles pieces / abstract security mechanisms

Top cybersecurity M&A deals for 2021

The cybersecurity market is hot, and vendors are buying competitors to solidify their position or acquiring other firms to expand their offerings.


CSO > Password elimination [conceptual password security lock in a trash bin]

The password hall of shame (and 10 tips for better password security)

Banish these common passwords now and employ these tips for better password security.


A large 'X' marks a conceptual image of a password amid encrypted data.

Tips to improve domain password security in Active Directory

Follow this advice to better secure domain passwords in a Microsoft environment.


Advertisement

Security system alert: 'DANGER'

6 tips for receiving and responding to third-party security disclosures

Your first notification of your next breach or significant threat might come from outside your organization. Have these preparations in place to effectively and quickly respond to inbound security intelligence.


A fishing lure with multiple hooks baits a binary stream. [fraud / phishing / social engineering]

7 new social engineering tactics threat actors are using now

Old tactics in new packages lead the list of current social engineering attacks. Experts provide real-world examples.


Tech Spotlight   >   Analytics [Overview]   >   Conceptual image of data analytics.

5 perspectives on modern data analytics

You can't navigate business challenges without the right instruments. Done right, analytics initiatives deliver the essential insights you need, as these five articles explore.


Tech Spotlight   >   Analytics [CSO]   >   An image of a bottle of poison emanating binary code.

How data poisoning attacks corrupt machine learning models

Data poisoning is a type of attack that involves tampering with and polluting a machine learning model's training data, impacting the model's ability to produce accurate predictions.


zeroday software bug skull and crossbones security flaw exploited danger vulnerabilities by gwengoa

Zero days explained: How unknown vulnerabilities become gateways for attackers

A zero day is a security flaw that has not yet been patched by the vendor and can be exploited. The name evokes a scenario where an attacker has gotten the jump on a software vendor, implementing attacks that exploit the flaw before...