Business Operations
Business Operations | News, how-tos, features, reviews, and videos
GitHub to mandate 2FA for all code contributors by 2023
The world’s largest development platform will require all code-contributing users to enroll in two-factor authentication by the end of 2023 to enhance software supply chain security.
![CSO: Have you met these hackers? [slide 04]](https://images.idgesg.net/images/article/2018/04/cso_ss_hacker_types_slide_04_spy_by_david_sinclair_cc0_via_unsplash__binary_code_by_gettyimages_petmal-100755728-small.3x2.jpg?auto=webp&quality=85,70)
Chinese APT group Winnti stole trade secrets in years-long undetected campaign
The Operation CuckooBees campaign used zero-day exploits to compromise networks and leveraged Windows' Common Log File System to avoid detection.
Cybersecurity litigation risks: 4 top concerns for CISOs
Cybersecurity and data protection are expected to become top drivers of legal disputes. What litigation risks should CISOs be most concerned about and what can they do about it?
JHL Biotech's theft of Genentech data holds lessons for infosec
Genentech employees stole the company's data on behalf of JHL Biotech for years. What could they have done to spot the theft sooner?
New insider threat: Bad business decisions that put IP at risk
The U.S. FTC forced Weight Watchers to destroy algorithms after it violated privacy laws, giving CISOs another worry over protecting intellectual property.
Exiger launches data-agnostic supply chain risk platform
With supply chain risks abounding, extra visibility into potential problems could stand manufacturers in good stead.
Anchore Enterprise software SCM platform adds SBOM capabilities
The new release of Anchore's software SCM (supply chain management) platform generates an SBOM (software bill of materials) for individual builds and steps in a development cycle, automatically triggering alerts for possible...
Fortress creates center for security information on energy suppliers
Vendor library offers means to bolster supply-chain security through data sharing and communication.
Webroot files patent infringement claim against Trend Micro
The lawsuit accuses Trend Micro of using Webroot's patented malware detection, network security, and endpoint protection technologies without authorization.
![Tech Spotlight > Cybersecurity [CSO] > Hands gesture in conversation](https://images.idgesg.net/images/article/2021/03/spot_cybersecurity_02_cso_hands_gestures_talking_by_rawpixel_cc0_abstract_security_by_jeff_hu_gettyimages-1221975486_hero-100879634-small.3x2.jpg?auto=webp&quality=85,70){kind=tracking}
HackerOne calls for end of security by obscurity
The bug hunting platform offers a proposal for greater corporate cybersecurity responsibility and transparency.
3 steps to supply chain resilience
Malicious actors are targeting your third- and fourth-party vendors, causing supply chain disruption and risk to your own network. Mitigate that risk by taking these actions.
Motorola case shows importance of detecting insider IP theft quickly
Departing Motorola employees took thousands of documents with them in 2008 when they were hired by a competitor, but it wasn't discovered until 2017.
NCSC warns industry, academia of foreign threats to their intellectual property
Russia and China continue to engage in IP theft to bolster their defense technology and economic standing, respectively. The National Counterintelligence and Security Center urges action.
Russian cyberspies target cloud services providers and resellers to abuse delegated access
A new Microsoft advisory claims Russia's Nobelium group is trying to gain long-term access to the technology supply chain and offers mitigation advice.
Detecting anomalies with TLS fingerprints could pinpoint supply chain compromises
Researchers at Splunk outline a technique, pioneered by Salesforce, that could detect malicious activity in the software supply chain, but with some limitations.
Proofpoint lawsuits underscore risk of employee offboarding
Nearly every employee leaving a company takes data or intellectual property, but few companies adequately screen and monitor for it. Recent court cases underscore the risk.
China theft of US agriculture sector trade secrets prompts government guidance
China and other countries have used insiders to steal intellectual property from agricultural research. The government has responded with guidance for identifying insider threats.
Intellectual property protection: 10 tips to keep IP safe
Your company's intellectual property, whether that's patents, trade secrets or just employee know-how, may be more valuable than its physical assets. This primer covers everything from establishing basic policies and procedures for IP...
7 steps to protect against ransomware-related lawsuits
How a CISO prepares for and responds to a ransomware attack can have huge consequences should customers or partners decide to sue.
![Tech Spotlight > Cloud [CSO] > Conceptual image of laptop users with cloud security overlay.](https://images.idgesg.net/images/article/2021/06/spot_cloud_3x2_03_cso_laptop_users_with_ccloud_security_overlay__by_metamorworks_gettyimages-1132912672_b-100891925-small.3x2.jpg?auto=webp&quality=85,70)
CISOs: Do you know what's in your company’s products?
CISOs need to take a more direct role in the operations side of the business to help build security in by design.