CSO and Government - Cyber Security Informer

Spotlight Podcast: CSO Chris Walcutt on Managing 3rd Party OT Risk

The Security Ledger

MAY 16, 2024

In this Spotlight Podcast, host Paul Roberts talks with Chris Walcutt, the CSO of DirectDefense about the rising cyber threats facing operational technology (OT) and how organizations that manage OT - including critical infrastructure owners can best manage increased cyber risks to OT environments. Read the whole entry. »

CSO

CSO Risk Energy and Utilities Social Engineering

From Compliance to Resilience: Cyber Governance as the Cornerstone of CISO Strategy

SecureWorld News

MAY 2, 2024

These incidents underscore the critical importance of effective governance in cybersecurity programs. RELATED: Uber CSO Found Guilty: The Sky Is Not Falling. In this expansive landscape, governance emerges as a vital tool for CISOs to safeguard their organizations and mitigate legal risks.

CISO

CISO Government CSO Artificial Intelligence

9 notable government cybersecurity initiatives of 2021

CSO Magazine

SEPTEMBER 2, 2021

Cybersecurity has steadily crept up the agenda of governments across the globe. This has led to initiatives designed to address cybersecurity issues that threaten individuals and organizations.

Government

Government Cybersecurity CSO Data breaches

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Prevent supply chain attacks with access governance

Security Boulevard

JUNE 23, 2023

Top 5 ways access governance prevents supply chain attacksIn today's interconnected digital landscape, organizations rely heavily on their supply chains to deliver products, services, and software solutions. According to CSO Online, […] The post Prevent supply chain attacks with access governance appeared first on SafePaaS.

Government

Government CSO Software Risk

Why you need a SaaS governance plan, and what should be in it

CSO Magazine

AUGUST 17, 2021

They must also consider a SaaS governance plan that implements security measures to reduce risk associated with their SaaS usage. Get the latest from CSO by signing up for our newsletters. ] Follow these 5 tips for better cloud security. | To read this article in full, please click here

Government

Government CSO Risk

The Week in Security: Former Uber CSO convicted over hack cover-up, supply chain attack targets media

Security Boulevard

NOVEMBER 10, 2022

This week: Former Uber CSO is convicted for his attempted cover-up of a 2016 hack of the company. The post The Week in Security: Former Uber CSO convicted over hack cover-up, supply chain attack targets media appeared first on Security Boulevard.

CSO

CSO Media Hacking Software

GAO calls out US government agencies: Get your supply chain security act together

CSO Magazine

JUNE 8, 2021

In December 2020, the US Government Accounting Office (GAO) made 145 recommendations to 23 federal agencies relating to supply chain risks. Get the latest from CSO by signing up for our newsletters. ]. Get the latest from CSO by signing up for our newsletters. ]. D’Souza, testified before Congress on supply chain risks.

Government

Government CSO Risk Accountability

Apple plan to scan users’ iCloud photos raises new fears of government-mandated data access

CSO Magazine

AUGUST 9, 2021

Learn what's next for encryption if the RSA algorithm is broken | Get the latest from CSO by signing up for our newsletters. ] The new protections address three areas, including communications tools for parents and updates to Siri and search to help children and parents deal with unsafe situations.

CSO

CSO Government Encryption

China theft of US agriculture sector trade secrets prompts government guidance

CSO Magazine

SEPTEMBER 2, 2021

Sign up for CSO newsletters. ]. The guide, quietly published in late July, is in essence a primer on how to create an insider risk/insider threat program. Learn 12 tips for effectively presenting cybersecurity to the board and 6 steps for building a robust incident response plan. NCSC and CDSE insider threat program guidance.

CSO

CSO Government Risk Cybersecurity

France bans TikTok, all social media apps from government devices

CSO Magazine

MARCH 27, 2023

The French government has banned TikTok and all other “recreational apps” from phones issued to its employees. The Minister of Transformation and the Public Service Stanislas Guerini, said in a statement that recreational applications do not have sufficient levels of cybersecurity and data protection to be deployed on government equipment.

Government

Government Media Cybersecurity

Proposed bill would create a new federal agency to protect consumer data

CSO Magazine

JULY 6, 2021

In mid-June, Senator Kirsten Gillibrand (D-NY) reintroduced a new version of her bill , the Data Protection Act of 2021 , that would create a new independent, executive-level government agency, the Data Protection Agency (DPA). Check out CSO's ultimate guide to security and privacy laws, regulations, and compliance. |

CSO

CSO Government

BEST PRACTICES: Why pursuing sound ‘data governance’ can be a cybersecurity multiplier

The Last Watchdog

APRIL 1, 2020

Related: What we’ve learned from the massive breach of Capitol At RSA 2020 , I learned about how one of the routine daily chores all large organizations perform — data governance — has started to emerge as something of a cybersecurity multiplier. A robust data archiving strategy puts data into tiers, Lahiri says.

Government

Government Cybersecurity CSO Banking

Cyberattacks against governments jumped 95% in last half of 2022, CloudSek says

CSO Magazine

JANUARY 4, 2023

The number of attacks targeting the government sector increased by 95% worldwide in the second half of 2022 compared to the same period in 2021, according to a new report by AI-based cybersecurity company CloudSek. There is also a risk that national security and military data can be used by terrorist organizations.

Government

Government Risk Cybersecurity

APT group Winter Vivern exploits Zimbra webmail flaw to target government entities

CSO Magazine

MARCH 30, 2023

An APT group known in the security industry as Winter Vivern has been exploiting a vulnerability in the Zimbra Collaboration software to gain access to mailboxes from government agencies in several European countries.

Government

Government Telecommunications Cybersecurity Software

Veza releases access security, governance solution for SaaS applications

CSO Magazine

MAY 2, 2023

Data security authorization vendor Veza has announced a new solution for access security and governance across SaaS applications including Salesforce, GitHub, and Slack. Securing access is complicated due to app-specific role-based access controls that many SaaS apps use.

Government

ACT government falls victim to Barracuda’s ESG vulnerability

CSO Magazine

JUNE 8, 2023

The Australian Capital Territory government is one of the victims of a vulnerability found in Barracuda’s email security gateway (ESG).

Government

Why today’s cybersecurity threats are more dangerous

CSO Magazine

OCTOBER 4, 2021

Over the past two years, the rise of big-ticket ransomware attacks and revelations of harmful software supply chain infections have elevated cybersecurity to the top of the government's agenda. Get the latest from CSO by signing up for our newsletters. ] Learn the The 5 types of cyberattack you're most likely to face. |

CSO

CSO Cybersecurity Government Ransomware

REvil gang suddenly goes silent leaving victims unable to recover systems

CSO Magazine

JULY 13, 2021

The dark web sites operated by the notorious REvil ransomware group suddenly went offline on Tuesday, prompting speculation that the US or Russian governments stepped in. Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here

CSO

CSO Ransomware Government Malware

U.S. government proposals spell out 5G security advancements

CSO Magazine

MAY 31, 2022

federal government introduced a proposed five-step 5G Security Evaluation Process Investigation. “[It] Last week the U.S. It] was developed to address gaps in existing security assessment guidance and standards that arise from the new features and services in 5G technologies," Eric Goldstein, executive assistant director for the U.S.

Government

Government Engineering Technology Cybersecurity

GAO report: government departments need dedicated leaders to oversee privacy goals

CSO Magazine

NOVEMBER 2, 2022

The US Government Accountability Office (GAO) released a comprehensive report in late September 2022 that discussed the need for dedicated privacy leadership within the departments and agencies of the executive branch of government if goals surrounding privacy are to be achieved.

Government

Government Accountability Risk

New Chinese regulatory body expected to streamline data governance rules

CSO Magazine

MARCH 9, 2023

The new governent body will streamline data governance policies in the country, amid increasing confusion from businesses that deal with multiple bodies presiding over different aspects of data governance within the country's borders, according to a Wall Street Journal report citing sources familiar with the issues.

Government

Insider risk management: Where your program resides shapes its focus

CSO Magazine

MAY 29, 2023

There’s no getting around it, I am long in the tooth and have been dealing with individuals who break trust within their work environment for more than 30 years, both in government (where we called it counterespionage or counterintelligence) and in the private sector.

Risk

Risk CSO Government

Google forms Cybersecurity Action Team to support customer security transformation

CSO Magazine

OCTOBER 13, 2021

Google has announced the formation of a cybersecurity action team to provide support to governments, critical infrastructure, enterprises, and small businesses. Get the latest from CSO by signing up for our newsletters. ] Get the latest from CSO by signing up for our newsletters. ]

Digital transformation

Digital transformation CSO Cybersecurity Small Business

UK government considers strengthening security rules for MSPs to address supply chain risks

CSO Magazine

MAY 18, 2021

Get the latest from CSO by signing up for our newsletters. ]. As a result, managed service providers (MSPs) could be required to adhere to strengthened security rules or guidance going forward. Learn the 7 keys to better risk assessment. |

Risk

Risk CSO Government Cyber Risk

Governments worldwide grapple with regulation to rein in AI dangers

CSO Magazine

JUNE 5, 2023

The stakes are high — just last week, technology leaders signed an open public letter saying that if government officials get it wrong, the consequence could be the extinction of the human race. To read this article in full, please click here

Government

Government Technology

The most dangerous (and interesting) Microsoft 365 attacks

CSO Magazine

AUGUST 9, 2021

Government-sponsored hackers, who carry out cyberespionage campaigns, invest more resources than ever to find new ways of attacking the cloud. Microsoft 365 is a gold mine," Doug Bienstock, incident response manager at Mandiant, tells CSO. From an intelligence collector's perspective, it makes sense to target it.

CSO

CSO Government

Conti gang says it's ready to hit critical infrastructure in support of Russian government

CSO Magazine

FEBRUARY 25, 2022

The infamous cybercriminal group behind the Conti ransomware has publicly announced its full support for the Russian government while the country's army is invading Ukraine and threatened to strike the critical infrastructure of anyone launching cyberattacks or war actions against Russia. To read this article in full, please click here

Government

Government DDOS Cybercrime Accountability

UK bans TikTok on government devices over data security fears

CSO Magazine

MARCH 16, 2023

Social media app TikTok has been banned on UK government electronic devices, the Cabinet Office has announced. To read this article in full, please click here

Government

Government Media Risk

U.S. and UK warn local governments, businesses of China's influence operations

CSO Magazine

JULY 7, 2022

In a concerted effort to spread the word on the threat posed by China to governments at the state and local level as well as businesses of all sizes, the U.S. Protecting Government and Business Leaders at the U.S. National Counterintelligence and Security Centre (NSCS), issued a “ Safeguarding Our Future ” bulletin.

Government

Recent shadow IT related incidents present lessons to CISOs

CSO Magazine

AUGUST 12, 2021

As one who spent most of his adult life within government dealing with home-based IT capabilities that far outstripped those in the office, I know this feeling. Sign up for CSO newsletters. ]. Learn the 5 key qualities of successful CISOs, and how to develop them and 7 security incidents that cost CISOs their jobs.

CISO

CISO CSO Technology Government

UK parliament follows government by banning TikTok over cybersecurity concerns

CSO Magazine

MARCH 24, 2023

The commissions of the House of Commons and House of Lords have followed the UK government by banning social media app TikTok over cybersecurity concerns. To read this article in full, please click here

Government

Government Cybersecurity Media Risk

8 notable open-source security initiatives of 2022

CSO Magazine

SEPTEMBER 12, 2022

Vendors, tech firms, collectives and governments have contributed to helping raise the open-source security bar amid organizations’ increasing use of and reliance upon open-source resources, along with the complex security risks and challenges that come with it. In sum: things are just getting started, but progress has been made,” David A.

CSO

CSO Government Software Risk

The new math of cybersecurity value

CSO Magazine

SEPTEMBER 21, 2021

It doesn’t communicate enough to other executives,” says Marinkovic, who provides virtual CISO services through Tiro Security and serves on the Emerging Trends Working Group with the IT governance association ISACA. Sign up for CSO newsletters. ].

Cybersecurity

Cybersecurity CSO CISO Government

Chris Wysopal: Open source is becoming a national security risk

CSO Magazine

MAY 25, 2022

Chris Wysopal, founder and chief technology officer of application security company Veracode, sat down with CSO Senior Writer Lucian Constantin at a recent Security Summit to discuss just that.

CSO

CSO Risk Software Government

GAO warns government agencies: focus on IoT and OT within critical infrastructure

CSO Magazine

DECEMBER 15, 2022

The US Government Accounting Office (GAO) continues to highlight shortcomings in the cybersecurity posture of government entities responsible for the protection of United States infrastructure when it comes to internet of things (IoT) and operational technology (OT) devices and systems.

IoT

IoT Government Internet Internet

New US DHS grant program can boost local governments’ cybersecurity strength

CSO Magazine

OCTOBER 4, 2022

Local governments continue to grapple with ransomware and other cyberattacks that have crippled their school systems and halted other civic functions. The latest crisis in a long string of local government cyber incidents involves the Los Angeles Unified School District.

Government

Government Cybersecurity Ransomware

GAO report faults CIOs, OMB for slow adoption of cybersecurity recommendations

CSO Magazine

AUGUST 3, 2021

Both pointed out shortcomings in the cyber readiness of the United States government. Sign up for CSO newsletters. ]. It was preceded by President Biden’s comments made to the Office of the Director National Intelligence and staff and the leadership of the intelligence community on July 27.

CSO

CSO Cybersecurity Government Accountability

Global trends will increase nation-state threats for the US in next 20 years

CSO Magazine

APRIL 21, 2021

Competitive and adversarial relations with China, Russia, Iran, and North Korea percolate to the top, while global issues like the pandemic and economic migration will strain governments around the world, including the US. Sign up for CSO newsletters. ].

CSO

CSO Government Cybersecurity

APT29 targets Active Directory Federation Services with stealthy backdoor

CSO Magazine

SEPTEMBER 30, 2021

Security researchers have recently seen a notorious cyberespionage group with ties to the Russian government deploy a new backdoor that's designed to hook into Active Directory Federation Services (AD FS) and steal configuration databases and security token certificates. [ Sign up for CSO newsletters ! ].

CSO

CSO Malware Government Software

Key takeaways from CSA’s SaaS Governance Best Practices guide

CSO Magazine

JUNE 30, 2022

SaaS governance and security is gaining attention among IT and security leaders. That’s why the Cloud Security Alliance (CSA) created the SaaS Governance Best Practices for Cloud Customers whitepaper, for which I was honored to serve as its co-lead. To read this article in full, please click here

Government

Government Software

Ryuk ransomware explained: A targeted, devastatingly effective attack

CSO Magazine

MARCH 19, 2021

Ryuk is a sophisticated ransomware threat that has been targeting businesses, hospitals, government institutions and other organizations since 2018. Get the latest from CSO by signing up for our newsletters. ] Get the latest from CSO by signing up for our newsletters. ] What is Ryuk ransomware?

Ransomware

Ransomware CSO Encryption Government

After Brief Exposure in Public Repo, GitHub Rotated Private SSH Key

Security Boulevard

APRIL 3, 2023

Out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com,” GitHub CSO and SVP. In an attempt to get ahead of fallout from the exposure of its private SSH key in a public repository, the software development platform GitHub proactively rotated its host key last week.

CSO

CSO Software Risk Government

APT group hits IIS web servers with deserialization flaws and memory-resident malware

CSO Magazine

JULY 27, 2021

A sophisticated, likely government-sponsored threat actor has been compromising major public and private organizations over the past year by exploiting deserialization flaws in public-facing ASP.NET applications to deploy fileless malware. Sign up for CSO newsletters. ]. Sign up for CSO newsletters. ].

Malware

Malware CSO Internet Internet

SolarWinds attacker Nobelium targets over 150 companies in new mass email campaign

CSO Magazine

MAY 28, 2021

Sign up for CSO newsletters. ]. The hacking group, known in the security industry as APT29 , Cozy Bear, The Dukes and Nobelium, has been tied to the Russian Foreign Intelligence Service (SVR) by the US and UK governments.

CSO

CSO Government Marketing Hacking

Spotlight Podcast: CSO Chris Walcutt on Managing 3rd Party OT Risk

From Compliance to Resilience: Cyber Governance as the Cornerstone of CISO Strategy

Webinars

Trending Sources

9 notable government cybersecurity initiatives of 2021

Webinars

Prevent supply chain attacks with access governance

Why you need a SaaS governance plan, and what should be in it

The Week in Security: Former Uber CSO convicted over hack cover-up, supply chain attack targets media

GAO calls out US government agencies: Get your supply chain security act together

Apple plan to scan users’ iCloud photos raises new fears of government-mandated data access

China theft of US agriculture sector trade secrets prompts government guidance

France bans TikTok, all social media apps from government devices

Proposed bill would create a new federal agency to protect consumer data

BEST PRACTICES: Why pursuing sound ‘data governance’ can be a cybersecurity multiplier

Cyberattacks against governments jumped 95% in last half of 2022, CloudSek says

APT group Winter Vivern exploits Zimbra webmail flaw to target government entities

Veza releases access security, governance solution for SaaS applications

ACT government falls victim to Barracuda’s ESG vulnerability

Why today’s cybersecurity threats are more dangerous

REvil gang suddenly goes silent leaving victims unable to recover systems

U.S. government proposals spell out 5G security advancements

GAO report: government departments need dedicated leaders to oversee privacy goals

New Chinese regulatory body expected to streamline data governance rules

Insider risk management: Where your program resides shapes its focus

Google forms Cybersecurity Action Team to support customer security transformation

UK government considers strengthening security rules for MSPs to address supply chain risks

Governments worldwide grapple with regulation to rein in AI dangers

The most dangerous (and interesting) Microsoft 365 attacks

Conti gang says it's ready to hit critical infrastructure in support of Russian government

UK bans TikTok on government devices over data security fears

U.S. and UK warn local governments, businesses of China's influence operations

Recent shadow IT related incidents present lessons to CISOs

UK parliament follows government by banning TikTok over cybersecurity concerns

8 notable open-source security initiatives of 2022

The new math of cybersecurity value

Chris Wysopal: Open source is becoming a national security risk

GAO warns government agencies: focus on IoT and OT within critical infrastructure

New US DHS grant program can boost local governments’ cybersecurity strength

GAO report faults CIOs, OMB for slow adoption of cybersecurity recommendations

Global trends will increase nation-state threats for the US in next 20 years

APT29 targets Active Directory Federation Services with stealthy backdoor

Key takeaways from CSA’s SaaS Governance Best Practices guide

Ryuk ransomware explained: A targeted, devastatingly effective attack

After Brief Exposure in Public Repo, GitHub Rotated Private SSH Key

APT group hits IIS web servers with deserialization flaws and memory-resident malware

SolarWinds attacker Nobelium targets over 150 companies in new mass email campaign

Stay Connected