CISO | Breaking Cybersecurity News | The Hacker News

According to a  recent survey , 90% of CISOs running teams in small to medium-sized enterprises (SMEs) use a managed detection and response (MDR) service. That's a 53% increase from last year. Why the dramatic shift to MDR? CISOs at organizations of any size, but especially SMEs, are realizing that the threat landscape and the way we do cybersecurity are among the many things that will never look the same in a post-2020 world.  The increase in the number of sophisticated attacks, the heavy reliance on the cloud, limited resources and budgets (exacerbated by economic uncertainty), and a growing skills gap are all major contributors to why having an MDR service to support security operations is becoming a necessity.  Beyond that, there are a number of reasons for why incorporating an MDR service into your security strategy can provide exceptional value that even the people who are tightening your budget at your organization can't deny.  Here are just seven reasons why you (yes, you

Virtual Chief Information Security Officer (vCISO) services (also known as 'Fractional CISO' or 'CISO-as-a-Service') are growing in popularity, especially as growing cyber threats, tightening regulatory demands and strict cyber insurance requirements are driving small to medium-sized enterprises demand for strategic cybersecurity and compliance guidance and management. But vCISO services are labor intensive, require highly skilled experts, and are difficult to scale. So, how exactly do successful vCISO providers overcome these obstacles? When you want advice on how to overcome challenges, scale and expand, who better to go to than the people who have been there, seen it, and done it with success? In a new eBook, titled ' Top virtual CISOs share: 7 tips on how vCISO service providers can maximize services, increase revenues, and improve margins " ( Download here ), vCISO platform provider Cynomi interviewed some of America's top vCISO service providers (MS

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

The only threat more persistent to organizations than cyber criminals? The cyber security skills crisis.  Nearly  60% of enterprises  can't find the staff to protect their data (and reputations!) from new and emerging breeds of cyber-attacks, reports the Information Systems Security Association (ISSA) in its 5th annual global industry study.  The result?  Heavier workloads, unfilled positions, and burnout.  And technology  isn't  easing the burden in many organizations, especially smaller ones. In fact, it's making the problem worse, suggests  Cynet's recent CISO survey . Big Tech Pushes Small Teams to the Limits Tech stacks normally supercharge cyber security teams, but in the case of crews of five or fewer — it just leads to overwhelm. For example, it took them an average of 18 months to fully implement and feel proficient in endpoint detection and response (EDR) tools — making the technology yet another barrier to cyber security for the  85% of teams adopting it in 2022 .  Su

Growing cyber threats, tightening regulatory demands and strict cyber insurance requirements are driving small to medium-sized enterprises demand for strategic cybersecurity and compliance guidance and management. Since most companies this size don't have in-house CISO expertise – the demand for virtual CISO (vCISO) services is also growing. Yet current vCISO services models still rely on manual, humanCISO expertise. This makes these services costly and tough to scale – leaving MSPs, MSSPs and consulting firms unable to add vCISO service to their portfolio or scale their existing vCISO services to meet the growing demand. This is the challenge  Cynomi's Automated vCISO platform  is trying to solve. The company's AI-powered vCISO platform automatically generates everything vCISO service providers need to provide their clients, fully customized for each and every client: risk and compliance assessments, gap analysis, tailored security policies, strategic remediation plans w

New survey reveals lack of staff, skills, and resources driving smaller teams to outsource security. As business begins its return to normalcy (however "normal" may look), CISOs at small and medium-size enterprises (500 – 10,000 employees) were asked to share their  cybersecurity challenges and priorities , and their responses were compared the results with those of a similar survey from 2021. Here are the 5 key things we learned from 200 responses: 1  —  Remote Work Has Accelerated the Use of EDR Technologies In 2021, 52% of CISOs surveyed were relying on endpoint detection and response (EDR) tools. This year that number has leapt to 85%. In contrast, last year 45% were using network detection and response (NDR) tools, while this year just 6% employ NDR. Compared to 2021, double the number of CISOs and their organizations are seeing the value of extended detection and response (XDR) tools, which combine EDR with integrated network signals. This is likely due to the increase in re

Communication is a vital skill for any leader at an organization, regardless of seniority. For security leaders, this goes double. Communicating clearly works on multiple levels. On the one hand, security leaders and CISOs must be able to communicate strategies clearly – instructions, incident response plans, and security policies. On the other, they must be able to communicate the importance of security and the value of having robust defenses to the C-level.  For CISOs and other security leaders, this latter skill is crucial but often overlooked or not prioritized. A new webinar: " How to ace your Infosec board deck ," looks to shed light on both the importance of being able to communicate clearly with management, and key strategies to do so effectively. The webinar will feature a conversation with vCISO and Cybersecurity Consultant Dr. Eric Cole, as well as Norwest Venture Partners General Partner Dave Zilberman.  More so than just talking about the dollar value of a sec

Chief Information Security Officers (CISOs) are an essential pillar of an organization's defense, and they must account for a lot. Especially for new CISOs, this can be a daunting task. The first 90 days for a new CISO are crucial in setting up their security team, so there is little time to waste, and much to accomplish.  Fortunately. A new guide by XDR provider Cynet ( download here ) looks to give new and veteran CISOs a durable foundation to build a successful security organization. The challenges faced by new CISOs aren't just logistical. They include securing their environment from both known and unknown threats, dealing with stakeholders with unique needs and demands, and interfacing with management to show the value of strong security.  Therefore, having clearly defined steps planned out can help CISOs seize the opportunity for change and implement security capabilities that allow organizations to grow and prosper. Security leaders can also leverage the willingness of orga

There is a person in every organization that is the direct owner of breach protection. His or her task is to oversee and govern the process of design, build, maintain, and continuously enhance the security level of the organization. Title-wise, this person is most often either the CIO, CISO, or Directory of IT. For convenience, we'll refer to this individual as the CISO. This person is the subject-matter expert in understanding the standard set of active cyber risks, benchmarking to what degree the organization's exposure influences potential impact. They then take appropriate steps to ensure the major risks are addressed. On top of being engaged 24/7 in the organization's actual breach protection activity, the CISO has another critical task: to articulate the risks, potential impacts and appropriate steps to take to the company's management – or in other words, they must effectively translate security issues for non-security-savvy executives in a clear and busi

Leaders in the InfoSec field face a strange dilemma. On the one hand, there are hundreds of thousands of resources available to find online to read (or watch) if they have questions – that's a benefit of a digital-first field. On the other hand, most leaders face challenges that – while not entirely unique each time – tend to require a specific touch or solution. For most, it would be great to have a sympathetic ear or a fresh perspective that has faced similar challenges. Where does the tip of the spear turn to for a helping hand? One popular avenue is to turn to a virtual CISO (or vCISO), an external consultant who can offer strategic advice, suggestions and help find insights that can be instrumental in building better security systems. For many organizations, having the benefits of a CISO, even on a temporary basis, can be incredibly helpful and valuable. With that in mind, Chris Roberts, Cynet's chief security strategist, is offering a new program ( you can learn more

InfoSec leaders tend to be a specific type. Their jobs require them to think of possible threats, take actions that may not pay immediate results, plan for unknown security risks, and react quickly when emergencies arise, often before the morning's first coffee. The high-stakes position also means that CISOs need to keep their knowledge and skills sharp – you can never really know what's around the corner. So, what can security leaders do to make sure they're prepared and hone their skills ahead of the next inevitable threat? Now, they can test themselves and their knowledge at a new website, 'The CISO Challenge' ( visit it here ). The website, launched by XDR provider Cynet, aims to let information security leaders test their cybersecurity mettle. The website features a challenge for InfoSec leaders (and those who are looking to become one) to test their knowledge in an exciting, high-stakes, realistic series of scenarios. The challenge consists of 25 scenario

The pressure on small to medium-sized enterprises to protect their organizations against cyberthreats is astronomical. These businesses face the same threats as the largest enterprises, experience the same (relative) damages and consequences when breaches occur as the largest enterprises but are forced to protect their organizations with a fraction of the resources as the largest enterprises.  Cybersecurity company Cynet just released findings from a survey of 200 CISOs in charge of small security teams ( Download here ) to shine "a spotlight into the challenges of small security teams everywhere." In addition to better understanding the challenges these CISOs face, the 2021 Survey of CISOs with Small Security Teams delves into the strategies CISOs will employ to ensure their organizations are protected from the ongoing onslaught of cyber threats - all while saddled with limited budgets and headcount. The survey findings will also be presented in a live webinar,  register

Most companies with small security teams face the same issues. They have inadequate budgets, inadequate staff, and inadequate skills to face today's onslaught of sophisticated cyberthreats. Many of these companies turn to virtual CISOs (vCISOs) to provide security expertise and guidance. vCISOs are typically former CISOs with years of experience building and managing information security programs across large and small organizations. Autonomous XDR company Cynet, a provider of an automated breach protection platform and MDR service for even the smallest security teams, is conducting a webinar with well-known vCISO Brian Haugli to understand the common challenges faced by CISOs with small security teams [ register here ]. In the first part of the webinar, Haugli will share the four foundational risks that are common across most companies he helps. He will then discuss the most common pieces of advice he provides across the companies he serves. Haugli will also share a situation

Cybersecurity is hard. For a CISO that faces the cyber threat landscape with a small security team, the challenge is compounded. Compared to CISOs at large enterprises, CISOs small to medium-sized enterprises (SMEs) have smaller teams with less expertise, smaller budgets for technology and outside services, and are more involved in day-to-day protection activities. CISOs at SMEs are increasingly relying on virtual CISOs (vCISOs) to provide security expertise and guidance. vCISOs are typically former CISOs with years of experience building and managing information security programs across large and small organizations. Helpful Advice for CISOs with Small Security Teams Brian Haugli, a well-known vCISO in the US, recently collaborated with cybersecurity company  Cynet —which provides autonomous XDR platforms tailored to small security teams—to provide a series of educational videos for CISOs with small security teams with relevant information about their challenges and possible solu

CISOs with small security teams hold an intensive juggling act. They're responsible for sustaining the company's security resilience, ensuring compliance is adhered to and implementing privacy controls. In between these tasks, they need to follow up on board updates, lead cross-team communications and collaboration, and fight fires that may or may not be related to cybersecurity. All the while, they're doing this with a small security team, trying to get the most out of existing resources, preventing team burnout, and most likely taking an active, hands-on approach to ensure that all the goals are met. While each CISO has their game plan, what's certain is that CISOs with small security teams are all about efficiency. Efficiency takes on various forms based on each CISO's background, capacity, industry, and even company culture. In the e-Book "10 CISOs With Small Security Teams Share Their Must Dos and Don'ts"  (Download it here) , CISOs of teams

Coronavirus crisis introduces a heavy burden on the CISOs with the collective impact of a mass transition to working remotely coupled with a surge of cyberattacks that strive to monetize the general chaos. Security vendors, unintendedly, contribute to this burden by a relentless generation of noise in the form of attack reports, best practices, tips, and threat landscape analysis. Here we have a new " CISO Checklist for Secure Remote Working " ( download here ) that has been built to assist CISOs in navigating through this noise, providing them with a concise and high-level list of the absolute essentials needed to ensure their organization is well protected in these challenging times. The Coronavirus quarantine forces us to face a new reality. It is critical to acknowledge this new reality in order to understand how to successfully confront these changes. Make no mistake – these changed apply to any organization, regardless of its former security posture. For exa

You are a cybersecurity professional with the responsibility to keep your organization secured, you know your job chapter and verse, from high level reporting duties to the bits and bytes of what malware targeted your endpoints a week ago. But it's a lot to hold in one's mind, so to make your life easier, The Ultimate Security Pros' Checklist , created by Cynet, provides you with a concise and actionable checklist enabling you to keep track of all your operational, management and reporting tasks. 'We are constantly interacting with the security managers of our customers,' says Eyal Gruner, founder, and CEO of Cynet, 'and this gives us a unique perspective on what are the core duties they all care about. So, you can think of the checklist templates as an aggregated crowd-sourcing from the numerous CISOs, security directors, architects, and SOC managers we have worked with across the years.' The Ultimate Security Pros' Checklist fully maps the co

The realistic approach to security is that incidents occur. While ideally, the CISO would want to prevent all of them, in practice, some will succeed to a certain degree—making the ability to efficiently manage an incident response process a mandatory skill for any CISO. Moreover, apart from the management of the actual response process, the CISO must also be able to efficiently communicate the ongoing activities and status to the executive level. While the IR process is mostly technical, reporting to the organization's management should take place on a much higher level in order for the non-security -savvy executives to understand. To assist CISOs with these tasks, Cynet created the IR Management and Reporting PowerPoint template ( download here ), which apart from providing an actionable response framework, is also clear and intuitive for the executive level. Let's drill down on the two aspects of the template: IR Management The template was built on the SANS\

Today's CISOs operate in an overly intensive environment. As the ones who are tasked with the unenviable accountability for failed protection and successful breaches, they must relentlessly strive to improve their defense lines with workforce education, training their security teams and last but definitely not least — looking for products that will upgrade and adjust their security against the rapidly evolving threat landscape. Finding the right solution is everything but an easy task. Part of what makes it hard is the tremendous number of security vendors that offer an infinite number of security products, promising that each can solve all the cyber problems of the planet with one hand tied behind its back. These CISO/vendor encounters are the theme of six short humoristic videos released this week that take them to the ultimate extreme. Here is one of the videos: If you want, you can watch all 6 funny videos here . These videos were partly inspired by David Spark

CISOs and CIOs need to know better than anyone the security pulse of their organizations. On the other hand, they cannot be flooded with every changing detail. Finding the right balance that enables them to clearly grasp the big picture required in making sound decisions is a task many security executives find challenging. Threat actors do not acknowledge off-hours or weekends, introducing the need for constant vigilance. Moreover, CIOs and CISOs are heavily dependent on their team for knowledge and often lack the immediate interaction with the events in real-time. This situation is also far from favorable – after all, who if not the security executive should have the ability to be in-the-know and initiate action at the heart of things? Cynet rises to this challenge with the recently launched Cynet Dashboard application, which provides 24/7 insight into the overall security posture, real-time visibility into newly detected threats, and the ability to take rapid action if the nee