Opinions

programmer certification skills code devops glasses student by kevin unsplash

7 key data points on the cybersecurity skills shortage

The global cybersecurity skills shortage is as bad as it has ever been, and most organizations are feeling the pinch, new research finds. But cybersecurity professionals have many recommendations for addressing this situation.

cso security global breach networking hack invasion infiltrate 5g connected gettyimages 1211443622

Data sovereignty laws place new burdens on CISOs

More than 100 countries now require data on their citizens be stored or processed within their boundaries, presenting new data protection challenges.

The shadow of hand unsettlingly hovers over a keyboard.

Recent shadow IT related incidents present lessons to CISOs

Employee use of unauthorized applications and services have resulted in high-profile data losses and exposure. CISOs need to understand why shadow IT exists before they can address it.

Tech Spotlight   >   Cloud [CSO]   >   Conceptual image of laptop users with cloud security overlay.

CISOs: Do you know what's in your company’s products?

CISOs need to take a more direct role in the operations side of the business to help build security in by design.

Insider Pro | Computerworld  >  IT Salary Survey 2021  >  Satisfaction

4 things you should know about cybersecurity pros

ESG/ISSA research report reveals that a strong cybersecurity culture really matters.

United States Capitol building / United States Congress / abstract security concept

GAO report faults CIOs, OMB for slow adoption of cybersecurity recommendations

The US agency highlight four areas where cybersecurity gaps in federal agencies threaten national security. Cites OMB for not helping CIOs get available funds.

industrial power plant hacked skull and crossbone pixels security breach power plant by jason black

CISA: China successfully targeted US oil and natural gas infrastructure

CISA alert details past network compromises and exposes a lack of preparedness among ICS companies.

data analytics / risk assessment / tracking data or trends

Move over XDR, it's time for security observability, prioritization, and validation (SOPV)

Independent tools and data repositories are coming together for better threat management, impacting organizations, security professionals, and the industry. We need to take the same approach to security hygiene and posture management....

Russian hammer and sickle / binary code

US and UK issue rare joint guidance in response to Russian GRU brute force campaign

CISOs should leverage this guidance to help get the resources they need to make these and other cyberattacks too costly for nation-state threat actors and criminals.

Dark net warning sign against black and yellow warning stripes in the background.

What is the dark web? How to access it and what you'll find

The dark web is part of the internet that isn't visible to search engines and requires the use of an anonymizing browser called Tor to be accessed.

hsm shredder

IT asset disposal is a security risk CISOs need to take seriously

Sensitive company and personal data often leaves organizations on disposed devices. An auditable chain of custody that shows data destruction is essential for any ITAD program.

Insider threats  >  Employees suspiciously peering over cubicle walls

Security firm COO indicted for allegedly aiding hospital's attackers: What CSOs should know

A grand jury has indicted Securolytics COO Vikas Singla for allegedly helping attackers access Gwinnett Medical Center's phone system and printers. This breach of trust presents a dilemma for CISOs.

supply chain management controls - ERP - Enterprise Resource Planning

GAO calls out US government agencies: Get your supply chain security act together

The US Government Accounting Office tells Congress that federal agencies have largely ignored its supply chain risk management guidance for nearly ten years.

A Colonial Pipeline facility in Baltimore, Maryland, USA, 10 May 2021.

Colonial Pipeline take-away for CISOs: Embrace the mandates

The DarkSide attack on Colonial is yet another wake-up call for companies to harden their systems against ransomware. History suggests that might not happen despite new government guidance.

light string in a jar at sunset / lightbulbs / ideas / innovation / brainstorming

Defining linchpins: An industry perspective on remediating Sunburst

The concept of linchpin software can be useful in assessing risk and focusing security efforts, but it comes with challenges.

SD-WAN  >  The concept of a visual transition from hardware cables to software code.

5 things CISOs want to hear about SASE at the RSA Conference

Organizations are planning for secure access service edge (SASE) but have questions on how to get from their current state to converged, cloud-delivered networking and security. They’ll be looking for answers at RSA.

bucket with holes breach security vulnerability

Microsoft Azure Blob leak a lesson to CISOs about cloud security responsibility

Microsoft's apparent misconfiguration of its own cloud bucket exposed third-party intellectual property. Here are the takeaways for CISOs.

network security / secure connections / integrated system of locks

5 things CISOs want to hear about zero trust at the RSA Conference

Security executives are interested in how ZT vendors will integrate with existing technologies, supplement ongoing projects, and support business processes.

New York City / digital technology framework / binary code

To better defend digital assets, follow physical security's playbook

It’s high time that the owners and managers of corporate networks take the same approach and sense of urgency to protecting corporate digital assets that their physical security counterparts have taken with building security.

Conceptual images of a woman listening to a stream of abstract letters.

8 things CISOs want to hear from XDR vendors

Beyond industry rhetoric, vendors must use their time at the RSA Conference to provide clarity around what XDR is, where it fits, and how it complements existing security technologies.

Load More