CISO | Breaking Cybersecurity News | The Hacker News

CISOs are finding themselves more involved in AI teams, often leading the cross-functional effort and AI strategy. But there aren't many resources to guide them on what their role should look like or what they should bring to these meetings.  We've pulled together a framework for security leaders to help push AI teams and committees further in their AI adoption—providing them with the necessary visibility and guardrails to succeed. Meet the CLEAR framework. If security teams want to play a pivotal role in their organization's AI journey, they should adopt the five steps of CLEAR to show immediate value to AI committees and leadership: C – Create an AI asset inventory L – Learn what users are doing E – Enforce your AI policy A – Apply AI use cases R – Reuse existing frameworks If you're looking for a solution to help take advantage of GenAI securely, check out Harmonic Security .  Alright, let's break down the CLEAR framework.  Create an AI Asset Invent...

The FBI and CISA Issue Joint Advisory on New Threats and How to Stop Ransomware Note: on August 29, the FBI and CISA issued a joint advisory as part of their ongoing #StopRansomware effort to help organizations protect against ransomware. The latest advisory, AA24-242A , describes a new cybercriminal group and its attack methods. It also details three important actions to take today to mitigate cyber threats from ransomware – Installing updates as soon as they are released, requiring phishing-resistant MFA (i.e. non-SMS text-based), and training users. The growth in the number of victims of ransomware attacks and data breaches has become so profound that the new cyber defense challenge is just keeping up with the number of new attacks and disclosures from victims. This is the product of stunning advancements in cybercriminal attack methods combined with a too-slow response by many organizations in adjusting to new attack methods. As predicted, Generative AI has indeed been a game ch...

Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and credential misconfigurations caused 80% of security exposures. Subtle signs of a compromise get lost in the noise, and then multi-stage attacks unfold undetected due to siloed solutions. Think of an account takeover in Entra ID, then privilege escalation in GitHub, along with data exfiltration from Slack. Each seems unrelated when viewed in isolation, but in a connected timeline of events, it's a dangerous breach. Wing Security's SaaS platform is a multi-layered solution that combines posture management with real-time identity threat detection and response. This allows organizations to get a ...

Events like the recent massive CDK ransomware attack – which shuttered car dealerships across the U.S. in late June 2024 – barely raise public eyebrows anymore.  Yet businesses, and the people that lead them, are justifiably jittery. Every CISO knows that cybersecurity is an increasingly hot topic for executives and board members alike. And when the inevitable CISO/Board briefing rolls around, everyone wants answers: Are we safe from attacks? Are we making progress? Could <insert name of CVE or incident that keeps you up at night here> happen to us? These are all fair concerns.  The question is, how do we best answer them? A company board deserves clear, concise information tied to business goals , not technical details about fixes or attack methods. A communication gap between the CISO and the board can lead to misunderstandings, increased risk, and potentially devastating cyberattacks. And this is why one of the overriding challenges for CISOs today remains: ...

Introduction The Colonial Pipeline ransomware attack (2021) and SolarWinds supply chain attack (2020) were pivotal moments in cybersecurity, starting a new challenge for Chief Information Security Officers ( CISOs ). These attacks highlighted the importance of collaboration between CISOs and DevOps teams to ensure proper cloud security configurations. In this article, we will outline the 6-step approach to fostering strong partnerships between CISOs, DevOps teams, IT management, and organizations that can help to drive innovation while maintaining a robust security posture. You will learn how a CISO can effectively communicate with IT leadership and what methods to try. Our narrative will emphasize the most crucial aspect of an organization's security - growing your strong security team and moving to a proactive approach.  Understanding such breaches, such as the Capital One data breach (2019), Epsilon data breach (2019), Magecart compromises (ongoing), and MongoDB breaches (2...

Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of  compliance frameworks  and the specificity of the security controls, policies, and activities they include. For CISOs and their teams, that means compliance is a time-consuming, high-stakes process that demands strong organizational and communication skills on top of security expertise. We tapped into the CISO brain trust to get their take on the best ways to approach data security and privacy compliance requirements. In this blog, they share strategies to reduce the pain of dealing with the compliance process, including risk management and stakeholder alignment. Read on for recommendations for turning compliance from a "necessary evil" into a strategic tool that helps you evaluate cyber risk, gain budget and buy-in, and increase customer and shareholder confidence. Which CISOs care most about compliance? How CISOs view cybersecurit...

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern...

In an era where digital transformation drives business across sectors, cybersecurity has transcended its traditional operational role to become a cornerstone of corporate strategy and risk management. This evolution demands a shift in how cybersecurity leaders—particularly Chief Information Security Officers (CISOs)—articulate the value and urgency of cybersecurity investments to their boards.  The Strategic Importance of Cybersecurity Cybersecurity is no longer a backroom IT concern but a pivotal agenda item in boardroom discussions. The surge in cyber threats, coupled with their capacity to disrupt business operations, erode customer trust, and incur significant financial losses, underscores the strategic value of robust cybersecurity measures. Moreover, as companies increasingly integrate digital technologies into their core operations, the significance of cybersecurity in safeguarding corporate assets and reputation continues to rise. The Current State of Cybersecurity in C...

Being a CISO is a balancing act: ensuring organizations are secure without compromising users' productivity. This requires taking multiple elements into consideration, like cost, complexity, performance and user experience. CISOs around the globe use Cato SSE 360, as part of the  Cato SASE Cloud platform  to balance these factors without compromise. This article details how CISOs are leveraging Cato across different touchpoints of their  SASE  and SSE transition journey. It shows the top 3 achievements CISOs can accomplish: visibility, real-time threat prevention, and data sovereignty. Read and discover how it's done. Since Cato is easy to deploy, adopt and manage, you can soon benefit from these capabilities as well. To read a more in-depth explanation of these findings, click  here . Achievement #1: Comprehensive Visibility Sites can be quickly onboarded using Cato's zero-touch Socket edge SD-WAN devices or IPSEC tunnels. At the same time, remote users ca...