Dan Swinhoe

Dan Swinhoe is UK Editor of CSO Online. Previously he was Senior Staff Writer at IDG Connect.

APT group Elfin switches from data destruction to data stealing via WinRAR vulnerability

APT group Elfin switches from data destruction to data stealing via WinRAR vulnerability

Iran-linked hacker group switches techniques from Shamoon wiper attacks to WinRAR exploits.

How to report a data breach under GDPR

How to report a data breach under GDPR

Data breach notification requirements are now mandatory and time-sensitive under GDPR. Here's what you need to report and who report it to.

Does GDPR compliance reduce breach risk?

Does GDPR compliance reduce breach risk?

A new report from Cisco suggests that GDPR compliance reduces data breach impact. Incident response, legal and security experts agree but caution not to rely on compliance alone.

Ransomware attack drives city to seek greater network visibility

Ransomware attack drives city to seek greater network visibility

After being hit with the Cryptolocker ransomware, the City of Westland realized it needed more insight into network traffic, not just at the perimeter.

What are the new China Cybersecurity Law provisions? And how CISOs should respond

What are the new China Cybersecurity Law provisions? And how CISOs should respond

New provisions to the China Cybersecurity Law allow the Chinese government access to enterprise networks operating in the country. Although the security risk that presents is unclear, CISOs can take steps to minimize the impact.

Is the world ready for the next big ransomware attack?

Is the world ready for the next big ransomware attack?

WannaCry and NotPetya brought major companies to their knees and cost billions to remediate. A new report from Lloyds of London warns another similar ransomware attack would still be devastating.

Top 9 cybersecurity M&A deals of 2018 and 2019 (so far)

Top 9 cybersecurity M&A deals of 2018 and 2019 (so far)

2018 was a busy year for mergers and acquisitions in the cybersecurity industry. Here's why the M&A market is so hot and what to expect in 2019.

Verizon builds a DevSecOps culture with its developer dashboard

Verizon builds a DevSecOps culture with its developer dashboard

Verizon's developer dashboard not only records how vulnerabilities are introduced and by whom, but provides indicators as to why. The goal isn't to name and shame, but to instill a secure-by-design mindset.

How 5 universities stretch security capabilities, budgets with shared SOC

How 5 universities stretch security capabilities, budgets with shared SOC

Faced with limited resources and constant threat of attack, five midwestern universities created OmniSOC, a CSO50 award-winning joint security operations center, to complement their own on-site SOCs with 24/7 analysis, triage and...

What is a man-in-the-middle attack? How MitM attacks work and how to prevent them

What is a man-in-the-middle attack? How MitM attacks work and how to prevent them

A man-in-the-middle (MitM) attack is when an attacker intercepts communications between two parties either to secretly eavesdrop or modify traffic traveling between the two. Detecting MitM attacks is difficult, but they are...

Bank OZK's vulnerability risk index shows patching priorities everyone understands

Bank OZK's vulnerability risk index shows patching priorities everyone understands

Explaining vulnerability risk to non-technical executives can be hard. With his CSO50 award-winning Vulnerability Exception Risk Index, Bank OZK CISO Jason Cathey has devised a way to turn vulnerability data into a simple risk metric....

Aflac automates threat intelligence to take a proactive security posture

Aflac automates threat intelligence to take a proactive security posture

Insurance giant Aflac automated large parts of its cyber threat intelligence operations to create an industry-leading program.

What is spear phishing? Why targeted email attacks are so difficult to stop

What is spear phishing? Why targeted email attacks are so difficult to stop

A highly targeted form of phishing, spear phishing involves bespoke emails being sent to well-researched victims. It is hard to spot without close inspection and difficult to stop with technical controls alone.

How cyber competitions can help fill the cybersecurity talent shortage

How cyber competitions can help fill the cybersecurity talent shortage

The Cyber Security Challenge Masterclass event helps employers find skilled but non-traditional job candidates.

How to reduce security staff turnover? Focus on culture and people

How to reduce security staff turnover? Focus on culture and people

HM Health Solutions CISO Omar Khawaja reduced security team attrition by focusing on a strong culture and providing effective communication channels to management.

How automation enables a proactive security culture at Bank of England

How automation enables a proactive security culture at Bank of England

The Bank of England security team uses automation to build intellectual capital, freeing up time to be more proactive and to better explain security to business units.

What is a keylogger? How attackers can monitor everything you type

What is a keylogger? How attackers can monitor everything you type

Keystroke logging software is one of the oldest forms of malware, dating back to typewriters. It's still popular and often used as part of larger cyber attacks.

What is digital trust? How CSOs can help drive business

What is digital trust? How CSOs can help drive business

Chief security officers should play a key role in building trust with customers, and that translates to better customer acquisition, greater customer loyalty, and more revenue.

What is physical security? How to keep your facilities and devices safe from on-site attackers

What is physical security? How to keep your facilities and devices safe from on-site attackers

Securing premises and devices from physical attacks can be just as challenging as defending against cyber threats. Automation and AI are increasingly used to shore up defenses.

What is an insider threat? 7 warning signs to watch for

What is an insider threat? 7 warning signs to watch for

While the security industry often focuses on the nation-state and cyber criminals, often some of the biggest dangers are hiding in plain sight within your own company.

Load More