Data Breaches

CISOs have long been tasked with building response and recovery capabilities, the objective being to have teams that can react to a security incident as quickly as possible and can restore business functions with as little damage as possible. The need for those activities is certainly not going to go away, but many security chiefs are seeking to take more proactive steps to balance out reactive ones. “On the proactive side, you’re trying to predict…

Read More

A secure by design approach is vital to protecting the internet of things (IoT) and smart cities, according to Lindy Cameron, CEO of the UK National Cyber Security Centre (NCSC). Cameron spoke during Singapore International Cyber Week, calling for swift ongoing action to ensure connected devices are designed, built, deployed, and managed securely to prevent malicious actors, improve national resilience, and reap the benefits of emerging technologies. Growth of IoT giving rise to increased security…

Read More

The Atomic Energy Organization of Iran on Sunday confirmed that an email server at its  Bushehr Nuclear Power Plant was hacked. The organization blamed a foreign country, but an Iranian hacking group that goes by the name Black Reward has claimed responsibility for the breach. The Atomic Energy Organization said that the IT group serving the Bushehr plant has examined and issued a report on the breach, and denied any sensitive information being exposed. The…

Read More

There’s a joke cryptographer Jon Callas likes to tell: CISO stands for Chief Intrusion Scapegoat Officer, “because CISOs are often thrown into a position where they can’t succeed.” Callas, who is the director of public interest tech at the Electronic Frontier Foundation, says that security officers are often “simultaneously in charge and powerless.” They know what they should do to mitigate risks, but they can’t get enough support. This predicament threatens to overwhelm them. Almost…

Read More

We’ve made a point of shoring up security for infrastructure-as-a-service clouds since they are so complex and have so many moving parts. Unfortunately, the many software-as-a-service systems in use for more than 20 years now have fallen down the cloud security priority list. Organizations are making a lot of assumptions about SaaS security. At their essence, SaaS systems are applications that run remotely, with data stored on back-end systems that the SaaS provider encrypts on…

Read More

Freeman Health System has around 8,000 connected medical devices in its 30 facilities in Missouri, Oklahoma, and Kansas. Many of these devices have the potential to turn deadly at any moment. “That’s the doomsday scenario that everyone is afraid of,” says Skip Rollins, the hospital chain’s CIO and CISO. Rollins would love to be able to scan the devices for vulnerabilities and install security software on them to ensure that they aren’t being hacked. But…

Read More

Looking for a qualified candidate or new job? CSO’s security recruiter directory is your one-stop shop. The recruiters listed below can help you find your next chief information security officer (CISO) or VP of security and fill hard-to-hire positions in risk management, security operations, security engineering, compliance, application security, penetration testers, and computer forensics, among many others. If you’re a security recruiting firm, we want your information! Our goal is to provide the most complete…

Read More

The vast majority of organizations lack confidence in securing their data in cloud, while many companies acknowledge they lack sufficient security even for their most sensitive data, according to a new report by the Cloud Security Alliance (CSA). The CSA report surveyed 1,663 IT and security professionals from organizations of various sizes and in various locations. “Only 4% report sufficient security for 100% of their data in the cloud. This means that 96% of organizations…

Read More

The number of ransomware attacks observed over the previous three months declined compared to the previous quarter, according to reports from two threat intelligence companies. However, the gap left by the Conti gang has been filled by other players, with LockBit cementing itself in the top position and likely to serve as a future source for ransomware spin-offs. From July to September, security firm Intel 471 counted 455 attacks from 27 ransomware variants, with LockBit…

Read More