#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

CISO | Breaking Cybersecurity News | The Hacker News

Crafting and Communicating Your Cybersecurity Strategy for Board Buy-In

Crafting and Communicating Your Cybersecurity Strategy for Board Buy-In
Mar 19, 2024 Regulatory Compliance / Cloud Security
In an era where digital transformation drives business across sectors, cybersecurity has transcended its traditional operational role to become a cornerstone of corporate strategy and risk management. This evolution demands a shift in how cybersecurity leaders—particularly Chief Information Security Officers (CISOs)—articulate the value and urgency of cybersecurity investments to their boards.  The Strategic Importance of Cybersecurity Cybersecurity is no longer a backroom IT concern but a pivotal agenda item in boardroom discussions. The surge in cyber threats, coupled with their capacity to disrupt business operations, erode customer trust, and incur significant financial losses, underscores the strategic value of robust cybersecurity measures. Moreover, as companies increasingly integrate digital technologies into their core operations, the significance of cybersecurity in safeguarding corporate assets and reputation continues to rise. The Current State of Cybersecurity in Corpo

3 Things CISOs Achieve with Cato

3 Things CISOs Achieve with Cato
Mar 14, 2024 Data Protection / Cybersecurity
Being a CISO is a balancing act: ensuring organizations are secure without compromising users' productivity. This requires taking multiple elements into consideration, like cost, complexity, performance and user experience. CISOs around the globe use Cato SSE 360, as part of the  Cato SASE Cloud platform  to balance these factors without compromise. This article details how CISOs are leveraging Cato across different touchpoints of their  SASE  and SSE transition journey. It shows the top 3 achievements CISOs can accomplish: visibility, real-time threat prevention, and data sovereignty. Read and discover how it's done. Since Cato is easy to deploy, adopt and manage, you can soon benefit from these capabilities as well. To read a more in-depth explanation of these findings, click  here . Achievement #1: Comprehensive Visibility Sites can be quickly onboarded using Cato's zero-touch Socket edge SD-WAN devices or IPSEC tunnels. At the same time, remote users can easily download the Ca

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

The SEC Won't Let CISOs Be: Understanding New SaaS Cybersecurity Rules

The SEC Won't Let CISOs Be: Understanding New SaaS Cybersecurity Rules
Jan 31, 2024 SaaS Security / Regulations
The SEC isn't giving SaaS a free pass. Applicable public companies, known as "registrants," are now subject to cyber incident disclosure and cybersecurity readiness requirements for data stored in SaaS systems, along with the 3rd and 4th party apps connected to them.  The new cybersecurity mandates  make no distinction between data exposed in a breach that was stored on-premise, in the cloud, or in SaaS environments. In the SEC's own words: "We do not believe that a reasonable investor would view a significant data breach as immaterial merely because the data are housed on a cloud service." This evolving approach comes as SaaS security shortcomings continually make headlines and tech leaders debate  how the SEC may change cybersecurity  after charging both SolarWinds and its CISO with fraud.  Why SaaS and SaaS-to-SaaS Connection Risks Matter to the SEC — And To Your Organization  The perception and reality of SaaS security are, in many cases, miles apart. SaaS security leader  App

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

AI Solutions Are the New Shadow IT

AI Solutions Are the New Shadow IT
Nov 22, 2023 AI Security / SaaS Security
Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security Risks Like the  SaaS shadow IT  of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot.  Employees are covertly using AI  with little regard for established IT and cybersecurity review procedures. Considering  ChatGPT's meteoric rise to 100 million users within 60 days of launch , especially with little sales and marketing fanfare, employee-driven demand for AI tools will only escalate.  As new studies show  some workers boost productivity by 40% using generative AI , the pressure for CISOs and their teams to fast-track AI adoption — and turn a blind eye to unsanctioned AI tool usage — is intensifying.  But succumbing to these pressures can introduce serious SaaS data leakage and breach risks, particularly as employees flock to AI tools developed by small businesses, solopreneurs, and indie developers. AI Security Guide Download AppOmni's CISO Guide to AI Security - Part 2 AI e

Three CISOs Share How to Run an Effective SOC

Three CISOs Share How to Run an Effective SOC
Sep 06, 2023 Security Operations Center (SOC)
The role of the CISO keeps taking center stage as a business enabler: CISOs need to navigate the complex landscape of digital threats while fostering innovation and ensuring business continuity. Three CISOs; Troy Wilkinson, CISO at IPG; Rob Geurtsen, former Deputy CISO at Nike; and Tammy Moskites, Founder of CyAlliance and former CISO at companies like Time Warner and Home Depot – shared their perspectives on how to run an effective SOC in 2023. 1) Prioritize Cost Efficiency While Remaining 'Secure' As a world-renowned speaker, a co-author of an Amazon Best Seller, and a trusted commentator on prominent news networks such as NBC, CBS, and Fox, Troy Wilkinson, knows a thing or two about cybersecurity. When adopting new technologies, Troy reinforces that CISOs don't have the luxury of waiting months or years to see the value of new investments; "Time to Value is critical. New solutions need to deliver value quickly." Rob Geurtsen, former Deputy CISO at Nike,  jo

CISOs Tout SaaS Cybersecurity Confidence, But 79% Admit to SaaS Incidents, New Report Finds

CISOs Tout SaaS Cybersecurity Confidence, But 79% Admit to SaaS Incidents, New Report Finds
Aug 22, 2023
A  new State of SaaS Security Posture Management Report  from SaaS cybersecurity provider  AppOmni  indicates that Cybersecurity, IT, and business leaders alike recognize SaaS cybersecurity as an increasingly important part of the cyber threat landscape. And at first glance, respondents appear generally optimistic about their SaaS cybersecurity. Over 600 IT, cybersecurity, and business leaders at companies between 500-2,500+ employees were surveyed and responded with confidence in their SaaS cybersecurity preparedness and capabilities. For example: When asked to rate the SaaS cybersecurity maturity level of their organizations, 71% noted that their organizations' SaaS cybersecurity maturity has achieved either a mid-high level (43%) or the highest level (28%). For the security levels of the SaaS applications authorized for use in their organization, sentiment was similarly high. Seventy-three percent rated SaaS application security as mid-high (41%) or the highest maturity level (

Cloud Security Tops Concerns for Cybersecurity Leaders: EC-Council's Certified CISO Hall of Fame Report 2023

Cloud Security Tops Concerns for Cybersecurity Leaders: EC-Council's Certified CISO Hall of Fame Report 2023
Jun 03, 2023 CISO / Cybersecurity
A survey of global cybersecurity leaders through the 2023 Certified CISO Hall of Fame Report commissioned by the EC-Council identified 4 primary areas of grave concern: cloud security, data security, security governance, and lack of cybersecurity talent. EC-Council, the global leader in cybersecurity education and training, released its Certified Chief Information Security Officer Hall of Fame Report today, honoring the top 50 Certified CISOs globally. This report reveals that approximately 50% of surveyed information security leaders identified cloud security as their top concern. Findings from the report suggest the top cybersecurity concerns with which organizations struggle and highlight the need for implementing robust security frameworks with skilled cybersecurity professionals to effectively contain emerging threats. On average, an enterprise uses approximately 1,295 cloud services, while an employee uses at least 36 cloud-based services daily. Cloud security risk is real for

[eBook] A Step-by-Step Guide to Cyber Risk Assessment

[eBook] A Step-by-Step Guide to Cyber Risk Assessment
Apr 11, 2023 Cybersecurity / Guide
In today's perilous cyber risk landscape, CISOs and CIOs must defend their organizations against relentless cyber threats, including ransomware, phishing, attacks on infrastructure, supply chain breaches, malicious insiders, and much more. Yet at the same time, security leaders are also under tremendous pressure to reduce costs and invest wisely.  One of the most effective ways for CISOs and CIOs to make the best use of their limited resources to protect their organizations is by conducting a cyber risk assessment. A comprehensive cyber risk assessment can help: Identify vulnerabilities and threats Prioritize security investments Assess cybersecurity maturity Communicate cyber risk to executives Provide the basis for cyber risk quantification A new guide by cybersecurity optimization provider CYE ( download here ) explains how this can be accomplished. The guide outlines several approaches to cyber risk assessments and describes the necessary steps that can yield solid in

CISOs Are Stressed Out and It's Putting Companies at Risk

CISOs Are Stressed Out and It's Putting Companies at Risk
Mar 01, 2023 Threat Detection and Response
Employee well-being has become a primary focus for many businesses. Even before the pandemic, the C-suite was acutely aware of how employee mental health impacts business outcomes.  But for cybersecurity professionals, stress has always been a part of the job. A  new survey  revealed that one of the most concerning aspects of employee mental health is how it impacts cybersecurity programs and, more broadly, a business' ability to protect itself from cyberattacks. CISOs and their teams appear to be taking the brunt of unmitigated work-related stress levels and it's affecting the entire organization.  CISOs at small to midsize businesses with teams of five employees or fewer were surveyed to better understand how work-related stress is impacting CISOs – from their ability to do their job and lead their team to how it's affecting their own professional outlook and personal life. Here's what the survey results revealed.  The Impact of CISO Work-Stress Levels on Small
Cybersecurity Resources