Accountability, CSO and Risk - Cyber Security Informer

Inactive accounts pose significant account takeover security risks

CSO Magazine

MAY 25, 2023

Inactive and non-maintained accounts pose significant security risks to users and businesses, with cybercriminals adept at using information stolen from forgotten or otherwise non-upheld accounts to exploit active accounts. To read this article in full, please click here

Accountability

Accountability Risk Passwords

Spotlight: Traceable CSO Richard Bird on Securing the API Economy

The Security Ledger

APRIL 5, 2023

In this Spotlight episode of the Security Ledger podcast, I interview Richard Bird, the CSO of the firm Traceable AI about the challenge of securing application programming interfaces (APIs), which are increasingly being abused to steal sensitive data. The post Spotlight: Traceable CSO Richard Bird on Securing the API Economy appeared first.

CSO

CSO Digital transformation Cyber Attacks Financial Services

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

MAY 5, 2022

Let’s walk through some practical steps organizations can take today, implementing zero trust and remote access strategies to help reduce ransomware risks: •Obvious, but difficult – get end users to stop clicking unknown links and visiting random websites that they know little about, an educational challenge. Best practices.

Ransomware

Ransomware Risk Internet Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

IT asset disposal is a security risk CISOs need to take seriously

CSO Magazine

JUNE 21, 2021

Lack of a program signals data may be at risk when equipment is recycled; presence of a program signals attention to data protection. Sign up for CSO newsletters. ]. Sign up for CSO newsletters. ]. Learn 12 tips for effectively presenting cybersecurity to the board and 6 steps for building a robust incident response plan.

CISO

CISO Risk CSO Accountability

From Compliance to Resilience: Cyber Governance as the Cornerstone of CISO Strategy

SecureWorld News

MAY 2, 2024

By spearheading cybersecurity programs, CISOs empower organizations to fend off cyber threats from criminal enterprises, insider risks, hackers, and other malicious entities that pose significant risks to operations, critical infrastructure, and even national security. RELATED: Uber CSO Found Guilty: The Sky Is Not Falling.

CISO

CISO Government CSO Artificial Intelligence

Critical flaw in AI testing framework MLflow can lead to server and data compromise

CSO Magazine

MARCH 24, 2023

Basically, every organization that uses this tool is at risk of losing their AI models, having an internal server compromised, and having their AWS account compromised," Dan McInerney, a senior security engineer with cybersecurity startup Protect AI, told CSO. It's pretty brutal."

CSO

CSO Authentication Engineering Internet

GAO calls out US government agencies: Get your supply chain security act together

CSO Magazine

JUNE 8, 2021

In December 2020, the US Government Accounting Office (GAO) made 145 recommendations to 23 federal agencies relating to supply chain risks. D’Souza, testified before Congress on supply chain risks. Get the latest from CSO by signing up for our newsletters. ]. Get the latest from CSO by signing up for our newsletters. ].

Government

Government CSO Risk Accountability

Researchers show ways to abuse Microsoft Teams accounts for lateral movement

CSO Magazine

MAY 17, 2023

Researchers from security firm Proofpoint investigated how attackers could abuse access to a Teams account and found some interesting attack vectors that could allow hackers to move laterally by launching further phishing attacks or getting users to download malicious files. To read this article in full, please click here

Accountability

Accountability Phishing Risk

BrandPost: Why a Culture of Awareness and Accountability Is Essential to Cybersecurity

CSO Magazine

DECEMBER 19, 2022

From following best practices for updating and patching systems and software to knowing and understanding the everyday risks posed by phishing emails, malicious websites, or other attack vectors, everyone — not just the dedicated IT/security professionals — has some level of responsibility for cybersecurity.

Accountability

Accountability Cybersecurity Phishing Technology

Top 7 CIAM tools

CSO Magazine

NOVEMBER 28, 2022

Customer identity and access management (CIAM), a subset of identity access management (IAM), is used to manage authentication and authorization of account creation and login process for public facing applications. Marketers want to collect data about customers and their devices.

CSO

CSO Data collection Marketing Accountability

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 2)

The Last Watchdog

DECEMBER 14, 2023

We asked two questions: •What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization? Kerberoasting” and “Golden Ticket” attacks were both introduced in 2014 and yet enterprises continue to have hundreds of accounts configured with unconstrained delegation. Part three to follow on Friday.

Cybersecurity

Cybersecurity Risk Cyber threats CSO

GAO report faults CIOs, OMB for slow adoption of cybersecurity recommendations

CSO Magazine

AUGUST 3, 2021

The US General Accountability Office (GAO) issued the 19-page report , “Cybersecurity and Information Technology: Federal Agencies need to Strengthen Efforts to Address High-Risk Areas” on July 29. Sign up for CSO newsletters. ]. Both pointed out shortcomings in the cyber readiness of the United States government.

CSO

CSO Cybersecurity Government Accountability

12 risk-based authentication tools compared

CSO Magazine

MARCH 1, 2022

Risk-based authentication (RBA), also called adaptive authentication, has come of age, and it couldn’t happen fast enough for many corporate security managers. What is risk-based authentication? It creates a risk profile of the person or device requesting access to the system. To read this article in full, please click here

Authentication

Authentication Risk Phishing Accountability

Secrets to building a healthy CISO-vendor partnership

CSO Magazine

MAY 3, 2022

Conversely, one that is problematic and incohesive can have the opposite effect, negatively impacting a company’s security practices and leaving them vulnerable to risks and wasted investment. A well-oiled relationship built on trust, communication and mutual understanding can reap significant benefits for a business’s cybersecurity posture.

CISO

CISO CSO Cybersecurity Accountability

Booking.com account takeover flaw shows possible pitfalls in OAuth implementations

CSO Magazine

MARCH 2, 2023

Booking.com, one of the world's largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to customer accounts by simply tricking them into clicking a link.

Accountability

Accountability Risk

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

Duo's Security Blog

NOVEMBER 20, 2023

“It took nearly 11 months (328 days) to identity and contain data breaches resulting from stolen or compromised credentials.” – IBM’s Cost of Data Breach Report 2023 I recently came across a 2012 article from CSO Online , and realized that it has been more than 11 years since the phrase “Identity is the new perimeter” was coined!

Threat Detection

Threat Detection Authentication Accountability Data breaches

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Lots of accounts including Bezos, Elon Musk, Joe Biden, Barack Obama, Bill Gates, Mr Beast, and a ton more getting hacked for a bitcoin scheme.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Safe Security debuts two free risk assessment tools for businesses

CSO Magazine

AUGUST 16, 2022

Cybersecurity risk assessment company Safe Security on Tuesday rolled out two new online risk assessment tools for businesses to use, in order to help them understand their vulnerability to cyberattacks and the costs of insuring against them. Risk tools measure financial impact of cyberthreats.

Risk

Risk Cyber Insurance Insurance Data breaches

December 15 Marks Deadline for SEC's New Cyber Disclosure Rules

SecureWorld News

DECEMBER 11, 2023

Public companies will also have to share details about their "cybersecurity risk management, strategy, and governance" on an annual basis. Risk Management and Strategy Disclosure: Companies must disclose their cybersecurity risk management policies, governance procedures, and incident response plans in their annual reports.

CISO

CISO Risk Cybersecurity CSO

Clorox's Cybersecurity Chief Departs Amidst Incident Recovery Efforts

SecureWorld News

NOVEMBER 16, 2023

Conversely, if a CISO is to be held accountable in the same manner as a CFO or General Counsel concerning matters of investor confidence, the executive contours of the CISO role should be revisited to ensure that it has sufficient authority, agency, and institutional backing to defend data assets as a fiduciary."

CISO

CISO Cybersecurity CSO Risk

Weak credentials, unpatched vulnerabilities, malicious OSS packages causing cloud security risks

CSO Magazine

APRIL 18, 2023

That’s according to the Unit 42 Cloud Threat Report, Volume 7 , which analyzed the workloads in 210,000 cloud accounts across 1,300 different organizations to gain a comprehensive look at the current cloud security landscape.

Risk

Risk Threat Reports Authentication Accountability

Minnesota Passes Data Privacy Law, Joining Growing State Movement

SecureWorld News

MAY 21, 2024

Organizations have long struggled with whether and when to designate a Chief Privacy Officer to their ranks, where that role should sit (in compliance, legal, or other department), and who the CPO or privacy official should report to and be accountable for," said Myriah Jaworski Esq., RELATED: Uber CSO Found Guilty: The Sky Is Not Falling.

Data privacy

Data privacy CISO Small Business CSO

New SEC Rules Require Breach Disclosure within Four Days

eSecurity Planet

JULY 27, 2023

Securities and Exchange Commission this week announced new rules mandating the disclosure of cybersecurity incidents as well as ongoing risk management, strategy, and governance. “This added layer of accountability can thus create a safer environment for consumers’ personal information.”

Data privacy

Data privacy Risk Government Cyber threats

Online retailers should prepare for a holiday season spike in bot-operated attacks

Security Boulevard

NOVEMBER 24, 2022

With the holiday shopping season in full swing, retail websites can expect a spike in account takeover fraud, DDoS, and other attacks, including attacks via APIs, which now represent almost half of e-commerce traffic. Leer más CSO Online. To read this article in full, please click here.

Retail

Retail DDOS CSO Marketing

Wells Notice Against SolarWinds CISO Could Be First of Its Kind

SecureWorld News

JUNE 26, 2023

It will be interesting to watch how the SEC navigates this next stage and its broader impact on the approach by executives in managing cyber risk." While these Wells Notices are official investigations, they are a sign of a potential intent to investigate the CISO and CFO.

CISO

CISO CSO Data privacy Cyber Risk

Guardz debuts with cybersecurity-as-a-service for small businesses

CSO Magazine

JANUARY 31, 2023

Guardz automatically enrolls all user accounts upon activation, and monitors risk posture, performs threat detection on all monitored accounts and devices, and offers one-click remediation for some threats. The premise of the company’s main offering is tight API integration with Microsoft 365 and Google Workspace.

Small Business

Small Business Cybersecurity Threat Detection Accountability

Passwordless company claims to offer better password security solution

CSO Magazine

JULY 18, 2022

The cloud-based solution addresses four common problems with passwords that create security risks and account friction. When someone tries to access an account covered by the Stytch solution, the password is automatically vetted at HaveIBeenPwnd, a dataset of 12 billion compromised passwords. Account de-duplicating.

Passwords

Passwords Authentication Accountability Risk

How Machine Identities Can Imperil Enterprise Security

eSecurity Planet

OCTOBER 18, 2021

Machine identities now outnumber humans in enterprises, according to Nathanael Coffing, co-founder and CSO of Cloudentity. Gartner’s list of the top security risks and trends for 2021 included machine identity management for the first time. Poor Machine Identity Management Introduces Risks. Machine Identity Risks Go Overlooked.

IoT

IoT Risk Architecture CSO

7 top privileged access management tools

CSO Magazine

MAY 26, 2022

One of the main objectives of the bad guys is to escalate to privileged account access wherever possible. As a result, organizations recognize that they need to take special care with the way that they manage and grant access to the most powerful privileged accounts in their environments.

Accountability

Accountability Risk

VulnRecap 1/29/24 – Apple, Apache & VMware Under Attack

eSecurity Planet

JANUARY 29, 2024

The most significant risk for enterprises isn’t the speed at which they are applying critical patches; it comes from not applying the patches on every asset,” noted Brian Contos, CSO of Sevco Security. As of January 24th, Shadowserver researchers still detected 5,300 older and internet-exposed GitLab accounts.

Software

Software Authentication CSO Accountability

Volkswagen Fires Cybersecurity Whistleblower

SecureWorld News

JANUARY 26, 2022

million could be stolen from company accounts, according to the Financial Times. Martin Jartelius, CSO of Outpost24, shares his thoughts: "If a member of a team believes something is a risk, it's important to investigate and escalate according to your process and making your decision based on the facts.

Cybersecurity

Cybersecurity CSO Cyber Attacks Government

CISO’s Guide to Presenting Cybersecurity to Board Directors

CyberSecurity Insiders

MARCH 30, 2023

Seasoned CISOs/CSOs understand the importance of effectively communicating cyber risk and the need for investment in cybersecurity defense to the board of directors. One key aspect of successful communication is understanding the business objectives and risk appetite of the organization.

Cybersecurity

Cybersecurity Cyber Risk CISO Risk

Beyond Awareness: How to Cultivate the Human Side of Security

CyberSecurity Insiders

MAY 16, 2022

By Amanda Fennell, CSO and CIO, Relativity. Security programs must shoulder accountability for setting employees in different roles up for success. Effective learning management systems are available that take into account the human attention span. But tools and processes alone are two variables in an incomplete equation.

CSO

CSO Passwords Password Management Accountability

How to check for Active Directory Certificate Services misconfigurations

CSO Magazine

JULY 7, 2021

I read with interest about Active Directory Certificate Services (AD CS) misconfigurations and the risks they present to my network. However, I wanted to get a head start to see if my domain was vulnerable to attacks that could result in account or domain takeover. To read this article in full, please click here (Insider Story)

Network Security

Network Security Accountability Risk

GAO report: government departments need dedicated leaders to oversee privacy goals

CSO Magazine

NOVEMBER 2, 2022

The US Government Accountability Office (GAO) released a comprehensive report in late September 2022 that discussed the need for dedicated privacy leadership within the departments and agencies of the executive branch of government if goals surrounding privacy are to be achieved.

Government

Government Accountability Risk

Cyber Security Awareness and Risk Management

Spinone

DECEMBER 26, 2018

In this article we will learn how to address and effectively respond to major enterprise cybersecurity threats and provide tips to mitigate IT security risk. Be On Your Guard with the Most Treacherous Insider Roles A paramount priority when addressing the threat is to distinguish the fundamental insider risks.

Security Awareness

Security Awareness Risk Cyber threats Cyber Risk

Global companies say supply chain partners expose them to ransomware

CSO Magazine

SEPTEMBER 8, 2022

Global organizations say they are increasingly at risk of ransomware compromise via their extensive supply chains. Supply chain and other partners include providers of IT hardware, software and services, open-source code repositories, and non-digital suppliers ranging from law firms and accountants to building maintenance providers.

Ransomware

Ransomware Accountability Software Risk

Searchlight Cyber launches Stealth Browser for safe dark web access

CSO Magazine

APRIL 12, 2023

Dark web intelligence company Searchlight Cyber has announced the launch of Stealth Browser – a new, secure virtual machine for cyber professionals to access the dark web and conduct investigations anonymously, reducing the risk to themselves and their organization.

Engineering

Engineering Phishing Risk Accountability

Nvidia targets insider attacks with digital fingerprinting technology

CSO Magazine

JANUARY 23, 2023

Nvidia today announced that a digital lab playground for its latest security offering is now available, letting users try out an AI-powered system designed to monitor individual user accounts for potentially hazardous behavior. To read this article in full, please click here

Technology

Technology Accountability Risk

ForgeRock offers AI-based solution for identity-based cyberattacks

CSO Magazine

MAY 11, 2022

Our approach is to use AI to stop bad actors at a massive scale and reduce the risk of account takeovers." To read this article in full, please click here

Authentication

Authentication Accountability Risk

Online retailers should prepare for a holiday season spike in bot-operated attacks

CSO Magazine

NOVEMBER 23, 2022

With the holiday shopping season in full swing, retail websites can expect a spike in account takeover fraud, DDoS, and other attacks, including attacks via APIs, which now represent almost half of e-commerce traffic.

Retail

Retail DDOS Marketing Accountability

Lloyd’s of London to exclude state-backed attacks from cyber insurance policies

CSO Magazine

AUGUST 22, 2022

In a market bulletin published on August 16, 2022, Lloyd’s stated that whilst it “remains strongly supportive of the writing of cyberattack cover” it recognizes that “cyber-related business continues to be an evolving risk.” Nation-state attacks pose systemic risk to insurers. To read this article in full, please click here

Cyber Insurance

Cyber Insurance Insurance Marketing Risk

Legendary Entertainment Relies on MVISION CNAPP Across Its Multicloud Environment

McAfee

NOVEMBER 10, 2021

Under the guidance of Dan Meacham, VP of Global Security and Corporate Operations and CSO/CISO, the multi-billion dollar organization transitioned from on-premises data centers to the cloud in 2012. Unacceptable levels of risk. MVISION CNAPP helps me keep my system administrators and developers accountable for what they are doing.

Data breaches

Data breaches Risk CSO Media

Equifax Makes Security Controls Framework Available to All for Free

SecureWorld News

MAY 30, 2023

Its flexible, risk-based structure can also be tailored to meet a company's specific needs." For instance, users should only be given access to database content on a 'need to know basis'; giving general access to any 'trusted' users means that an attacker can seize control of those user accounts and run wild.

CISO

CISO CSO Data breaches Cybersecurity

Inactive accounts pose significant account takeover security risks

Spotlight: Traceable CSO Richard Bird on Securing the API Economy

Webinars

Trending Sources

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

Webinars

IT asset disposal is a security risk CISOs need to take seriously

From Compliance to Resilience: Cyber Governance as the Cornerstone of CISO Strategy

Critical flaw in AI testing framework MLflow can lead to server and data compromise

GAO calls out US government agencies: Get your supply chain security act together

Researchers show ways to abuse Microsoft Teams accounts for lateral movement

BrandPost: Why a Culture of Awareness and Accountability Is Essential to Cybersecurity

Top 7 CIAM tools

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 2)

GAO report faults CIOs, OMB for slow adoption of cybersecurity recommendations

12 risk-based authentication tools compared

Secrets to building a healthy CISO-vendor partnership

Booking.com account takeover flaw shows possible pitfalls in OAuth implementations

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

Top Cybersecurity Accounts to Follow on Twitter

Safe Security debuts two free risk assessment tools for businesses

December 15 Marks Deadline for SEC's New Cyber Disclosure Rules

Clorox's Cybersecurity Chief Departs Amidst Incident Recovery Efforts

Weak credentials, unpatched vulnerabilities, malicious OSS packages causing cloud security risks

Minnesota Passes Data Privacy Law, Joining Growing State Movement

New SEC Rules Require Breach Disclosure within Four Days

Online retailers should prepare for a holiday season spike in bot-operated attacks

Wells Notice Against SolarWinds CISO Could Be First of Its Kind

Guardz debuts with cybersecurity-as-a-service for small businesses

Passwordless company claims to offer better password security solution

How Machine Identities Can Imperil Enterprise Security

7 top privileged access management tools

VulnRecap 1/29/24 – Apple, Apache & VMware Under Attack

Volkswagen Fires Cybersecurity Whistleblower

CISO’s Guide to Presenting Cybersecurity to Board Directors

Beyond Awareness: How to Cultivate the Human Side of Security

How to check for Active Directory Certificate Services misconfigurations

GAO report: government departments need dedicated leaders to oversee privacy goals

Cyber Security Awareness and Risk Management

Global companies say supply chain partners expose them to ransomware

Searchlight Cyber launches Stealth Browser for safe dark web access

Nvidia targets insider attacks with digital fingerprinting technology

ForgeRock offers AI-based solution for identity-based cyberattacks

Online retailers should prepare for a holiday season spike in bot-operated attacks

Lloyd’s of London to exclude state-backed attacks from cyber insurance policies

Legendary Entertainment Relies on MVISION CNAPP Across Its Multicloud Environment

Equifax Makes Security Controls Framework Available to All for Free

Stay Connected