Features

Compliance

12 new state privacy and security laws explained: Is your business ready?

States from Maine to California have recently enacted privacy, data security, cybersecurity, and data breach notification laws. Let's break down what each of these laws entails and how businesses and consumers are affected.

conference / convention / audience / applause / clapping

The CSO guide to top security conferences, 2020

Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.

A network of linked question marks.

6 board of directors security concerns every CISO should be prepared to address

The COVID pandemic and spike in cybercriminal activity has raised interest in security among corporate boards. These are the concerns and questions CISOs say they are now hearing from them.

CCPA | California Consumer Privacy Act  >  Satellite view of California's network of lights / lock

CPRA explained: New California privacy law ramps up restrictions on data use

The California Privacy Rights Act (CPRA) is a new law that toughens some data security requirements, brings California more in line with Europe's General Data Protection Regulation, and creates a new state agency—the California...

Security system alert, warning of a cyberattack.

How to prepare for the next SolarWinds-like threat

It is possible to minimize the risk from nation-state attacks like SolarWinds. This is the best advice based on what experts have learned so far.

HTTP prefix sympolizing a web address / URL/ domain being manipulated by a hacker.

What is typosquatting? A simple but effective attack technique

Typosquatting is a type of social engineering attack that uses purposely misspelled domains for a variety of malicious purposes.

retro boss hiring interview job happy executive handshake greeting office

CISO playbook: 3 steps to breaking in a new boss

As CISOs know all too well, change is inevitable—and that includes organizational regime change. Here, security leaders share their best advice for starting new C-suite relationships off on the right foot.

wan bank networking finance2

GLBA explained: What the Graham-Leach-Bailey Act means for privacy and IT security

The Graham-Leach-Bailey Act (GLBA) is a 1999 law that allowed financial services companies to offer both commercial and investment banking, something that had been banned since the Great Depression. It has an infosec reach that goes...

Shaking hands

Perfect strangers: How CIOs and CISOs can get along

The rise of security as a strategic imperative has altered the relationship between IT and infosec leaders. Here’s how CIOs and CISOs can become better partners.

malicious email with skull and crossbones

14 tips to prevent business email compromise

Criminals fool victims into clicking on malicious links or assisting in financial theft by sending emails that mimic real senders and real companies. Here's how to stop BEC.

digital fingerprint / binary code

Privacy, data protection regulations clamp down on biometrics use

The highly sensitive nature of biometric data and new regulations aimed to protect it are cause to rethink how it's used for authentication.

programmer certification skills code devops glasses student by kevin unsplash

Top 10 in-demand cybersecurity skills for 2021

The list of needed security skills is long and growing. Here's what experts say is driving the demand.

intro ts binoculars by marco piunti gettyimages 610855316 2400x1600

The multicloud challenge: Building the future everywhere

At a time when procuring on-prem infrastructure and personnel seems more daunting than ever, organizations are increasingly turning to multiple clouds to provide just the array of functionality they need.

cso ts multicloud by lordrunar getty images 2400x1600

Building stronger multicloud security: 3 key elements

If complexity is the enemy of security, multicloud presents a formidable foe. Here, experts offer advice on rising to the challenges of securing multicloud environments.

Two figures within a data center / server maze, strewn with clouds.

What CISOs need to know about Europe's GAIA-X cloud initiative

A new cloud platform based on "European values" around data sovereignty, data protection and privacy will be an alternative to the likes of AWS or Azure.

trojan horse malware virus binary by v graphix getty

TrickBot explained: A multi-purpose crimeware tool that haunted businesses for years

TrickBot is one of the longest-lived botnets on the internet and represents a major threat to businesses and other organizations because it serves as a distribution platform for the infamous Ryuk ransomware and other threat actors.

Declining line graph / decreasing trend chart showing impact of the virus

Top 4 security trends to watch for 2021

Bad news: Ransomware becomes a bigger threat, and it becomes harder to find security talent. Good news: CISOs gain clout, and security infrastructure will improve.

CSO  >  security threats / laptop bombarded by attacks

6 new ways threat actors will attack in 2021

Cyber criminals will leverage improved capabilities and vulnerabilities introduced during the COVID crisis to improve the efficiency of their attacks.

Windows security and protection [Windows logo/locks]

How attackers exploit Windows Active Directory and Group Policy

Attackers have learned to use Active Directory and Group Policy to find weaknesses in Windows networks and identify targets. Here's what you can do to prevent that.

Social media threats / risks / dangers / headaches  >  Text bubbles bearing danger signs

4 tips for partnering with marketing on social media security

Threat actors watch social media accounts to gather intelligence about a targeted company. Here's how to get marketing to work with security to minimize the risk.

Load More