Opinions

A binary map of china.
CSO: Have you met these hackers? [slide 04]

A person leaps between platforms surrounded by sharks. [danger / risk / challenges]

Enhancing zero trust access through a context-aware security posture

Cybercriminals prefer to attack organizations at sensitive times such as during a merger or earnings release. Adjusting zero-trust policies during those times will help mitigate that risk.

eliminate insider threats 1

What CISOs can learn from the US Navy insider who stole nuclear secrets

The theft of government secrets by Jonathan Toebbe and others raises the question: How should CISOs deal with insider threats who have had insider threat training?

security detection monitoring

Will XDR modernize the SOC?

Organizations are both adopting XDR technology and modernizing the SOC. New ESG research points to areas of potential overlap and even conflict between those two initiatives.

please stand by problem technical difficulties tv mistake test screen by filo getty

Facebook outage a prime example of insider threat by machine

A buggy automated audit tool and human error took Facebook offline for six hours. Key lesson for CISOs: Look for single points of failure and hedge your bets.

Insider threats  >  Employees suspiciously peering over cubicle walls

How disinformation creates insider threats

Employees who believe disinformation are more susceptible to social engineering and phishing campaigns, and attackers know it.

international flags / global business discussion

White House international ransomware initiative outlines hopes and challenges

More than 30 nations discussed tactics for collaborating in the fight against ransomware, but it competes with a Russian-led UN initiative.

broken binary code matrix / breached / failed / hacked

Twitch breach highlights dangers of choosing ease of access over security

Attackers essentially broke into the Twitch house and cleaned out everything. Following least-privilege access principles and encrypted datasets will help others avoid that scenario.

dashboard / report / metrics / results / analysis  / management

Device identity: The overlooked insider threat

Device/machine identity, especially in association with robotic process automation, can be a conduit for intentional and unintentional insider breaches.

One red umbrella stands out among a mass of black umbrellas.

6 steps for third-party cyber risk management

If you have third-party partners, you need a third-party cyber risk management program. Here are six key steps to follow.

healthcare data breach / medical patient privacy security violation

Breach reporting required for health apps and devices, FTC says

A new policy statement makes it clear that the US Federal Trade Commission will hold healthcare app and device makers accountable for reporting data breaches.

FBI Flag

Yes, the FBI held back REvil ransomware keys

The ransomware keys might have been acquired by an ally, which would invoke the third-party doctrine where the decision to release was not the FBI's alone.

radar grid / computer circuits / intrusion detection / scanning

5 observations about XDR

The technology is evolving, so security professionals and pundits must be open-minded and closely track market developments.

Russian hammer and sickle / binary code

Russia is fully capable of shutting down cybercrime

With internet blocks and high-profile arrests, Russia shows it can crack down on cybercrime when properly motivated. New analysis suggests the Biden administration’s sanctions may be providing some motivation.

software development / application testing / planning / flow chart / diagram

The case for a SaaS bill of material

A SaaSBOM will provide greater visibility into the components of cloud-based software infrastructure. This proposal shows how to begin to develop one.

Stack of legal documents with compliance and regulatory stamp

Lack of C3PAO assessors jeopardizes DoD CMMC certification goal

Only 100 approved assessors are available to certify that 300,000 US DoD providers are in compliance with the Cybersecurity Maturity Model Certification by the 2023 deadline.

A man casts the shadow of an ominous hooded figure against a circuit-based wall.

Proofpoint lawsuits underscore risk of employee offboarding

Nearly every employee leaving a company takes data or intellectual property, but few companies adequately screen and monitor for it. Recent court cases underscore the risk.

Insider threats  >  Employees suspiciously peering over cubicle walls

China theft of US agriculture sector trade secrets prompts government guidance

China and other countries have used insiders to steal intellectual property from agricultural research. The government has responded with guidance for identifying insider threats.

shutterstock editorial 12065997e jen easterly

CISA’s Joint Cyber Defense Collaborative: Why it just might work

New CISA director Jen Easterly is tasked with implementing the JCDC, which promises to make US critical infrastructure more resilient to cyberattacks. Her history makes her the right person for the job.

Load More