#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Search results for Security | Breaking Cybersecurity News | The Hacker News

AI Adoption in the Enterprise: Breaking Through the Security and Compliance Gridlock

AI Adoption in the Enterprise: Breaking Through the Security and Compliance Gridlock

Apr 03, 2025 Enterprise Security / Compliance
AI holds the promise to revolutionize all sectors of enterpriseーfrom fraud detection and content personalization to customer service and security operations. Yet, despite its potential, implementation often stalls behind a wall of security, legal, and compliance hurdles. Imagine this all-too-familiar scenario : A CISO wants to deploy an AI-driven SOC to handle the overwhelming volume of security alerts and potential attacks. Before the project can begin, it must pass through layers of GRC (governance, risk, and compliance) approval, legal reviews, and funding hurdles. This gridlock delays innovation, leaving organizations without the benefits of an AI-powered SOC while cybercriminals keep advancing. Let's break down why AI adoption faces such resistance, distinguish genuine risks from bureaucratic obstacles, and explore practical collaboration strategies between vendors, C-suite, and GRC teams. We'll also provide tips from CISOs who have dealt with these issues extensively as w...
Resolving Availability vs. Security, a Constant Conflict in IT

Resolving Availability vs. Security, a Constant Conflict in IT

Aug 05, 2022
Conflicting business requirements is a common problem – and you find it in every corner of an organization, including in information technology. Resolving these conflicts is a must, but it isn't always easy – though sometimes there is a novel solution that helps. In IT management there is a constant struggle between security and operations teams. Yes, both teams ultimately want to have secure systems that are harder to breach. However, security can come at the expense of availability – and vice versa. In this article, we'll look at the availability vs. security conflict, and a solution that helps to resolve that conflict. Ops team focus on availability… security teams lock down Operations teams will always have stability, and therefore availability, as a top priority. Yes, ops teams will make security a priority too but only as far as it touches on either stability or availability, never as an absolute goal. It plays out in the "five nines" uptime goal that sets an incredibly high...
Automated Security Validation: One (Very Important) Part of a Complete CTEM Framework

Automated Security Validation: One (Very Important) Part of a Complete CTEM Framework

Aug 08, 2024 Cyber Threat Management
The last few years have seen more than a few new categories of security solutions arise in hopes of stemming a never-ending tidal wave of risks. One of these categories is Automated Security Validation (ASV), which provides the attacker's perspective of exposures and equips security teams to continuously validate exposures, security measures, and remediation at scale. ASV is an important element of any cybersecurity strategy and by providing a clearer picture of potential vulnerabilities and exposures in the organization, security teams can identify weaknesses before they can be exploited.  However, relying solely on ASV can be limiting. In this article, we'll take a look into how combining the detailed vulnerability insights from  ASV  with the broader threat landscape analysis provided by the Continuous Threat Exposure Management Framework (CTEM) can empower your security teams to make more informed decisions and allocate resources effectively. (Want to learn more abo...
cyber security

New Webinar: Defend Against Scattered Spider's Latest TTPs for 2025

websitePush SecurityThreat Intelligence / Cyber Attack
Learn about Scattered Spider's latest identity attack techniques and how to defend your organization.
cyber security

Get Proactive About Protecting Your Digital Identity 

websiteVeeam SoftwareData Security / Microsoft Entra ID
Security threats are just one reason you need to protect Microsoft Entra ID data. Learn all 6 reasons today.
The Gap in Your Zero Trust Implementation

The Gap in Your Zero Trust Implementation

Sep 22, 2021
Over the last several years, there have been numerous high-profile security breaches. These breaches have underscored the fact that traditional cyber defenses have become woefully inadequate and that stronger defenses are needed. As such, many organizations have transitioned toward a zero trust security model. A zero trust security model is based on the idea that no IT resource should be trusted implicitly. Prior to the introduction of zero trust security, a user who authenticated into a network was trustworthy for the duration of their session, as was the user's device. In a zero trust model, a user is no longer considered to be trustworthy just because they entered a password at the beginning of their session. Instead, the user's identity is verified through multi-factor authentication, and the user may be prompted to re-authenticate if they attempt to access resources that are particularly sensitive or if the user attempts to do something out of the ordinary. How Complic...
4 Key Takeaways from "XDR is the Perfect Solution for SMEs" webinar

4 Key Takeaways from "XDR is the Perfect Solution for SMEs" webinar

Sep 07, 2022
Cyberattacks on large organizations dominate news headlines. So, you may be surprised to learn that small and medium enterprises (SMEs) are actually  more frequent  targets of cyberattacks. Many SMEs understand this risk firsthand.  In a recent  survey , 58% of CISOs of SMEs said that their risk of attack was higher compared to enterprises. Yet, they don't have the same resources as enterprises – making it nearly impossible to protect their organizations from widespread and increasingly more sophisticated attacks that don't discriminate based on company size. What's their solution? Extended detection and response (XDR).  During a recent webinar, Cynet's Director of Product Strategy, George Tubin ,  and guest speaker Senior Analyst at Forrester,Allie Mellen, discussed the most serious cybersecurity challenges for SMEs and how they can benefit from XDR platforms.  Here are the four key takeaways from the  conversation .  The Bigges...
Facebook Adds FIDO U2F Security Keys Feature For Secure Logins

Facebook Adds FIDO U2F Security Keys Feature For Secure Logins

Jan 27, 2017
Hacking password for a Facebook account is not easy, but also not impossible. We have always been advising you to enable two-factor authentication — or 2FA — to secure your online accounts, a process that requires users to manually enter, typically a six-digit secret code generated by an authenticator app or received via SMS or email. So even if somehow hackers steal your login credentials, they would not be able to access your account without one-time password sent to you. But, Are SMS-based one-time passwords Secure? US National Institute of Standards and Technology (NIST) is also no longer recommending SMS-based two-factor authentication systems , and it's not a reliable solution mainly because of two reasons: Users outside the network coverage can face issues Growing number of sophisticated attacks against OTP schemes So, to beef up the security of your account, Facebook now support Fido-compliant Universal 2nd Factor Authentication (U2F), allows users to log into ...
Guide: How Google Workspace-based Organizations can leverage Chrome to improve Security

Guide: How Google Workspace-based Organizations can leverage Chrome to improve Security

Aug 16, 2023 Browser Security/ Online Security
More and more organizations are choosing Google Workspace as their default employee toolset of choice. But despite the productivity advantages, this organizational action also incurs a new security debt. Security teams now have to find a way to adjust their security architecture to this new cloud workload. Some teams may rely on their existing network security solutions. According to a  new guide , this is a hit and a miss. Network solutions, the guide claims, just don't cover all SaaS and browsing requirements. Meanwhile, Google offers a wide range of native security functionalities built-in to Chrome. These functionalities enable the organization to leverage the browser for consolidating security, simplifying operations and reducing costs. If you're wary about trusting Chrome with your security, then the guide is recommended to read. In great detail, it explains which security features Chrome offers users. These include: Forcing users to sign into Chrome, to ensure the ...
5 Security Lessons for Small Security Teams for the Post COVID19 Era

5 Security Lessons for Small Security Teams for the Post COVID19 Era

Feb 23, 2021
A full-time mass work from home (WFH) workforce was once considered an extreme risk scenario that few risk or security professionals even bothered to think about. Unfortunately, within a single day, businesses worldwide had to face such a reality. Their 3-year long digital transformation strategy was forced to become a 3-week sprint during which offices were abandoned, and people started working from home. Like in an eerie doomsday movie, servers were left on in the office, but nobody was sitting in the chairs. While everyone hopes that the world returns to its previous state, it's evident that work dynamics have changed forever. From now on, we can assume a hybrid work environment. Even companies that will require their employees to arrive daily at their offices recognize that they have undergone a digital transformation, and work from home habits will remain. The eBook "5 Security Lessons for Small Security Teams for a Post-COVID19 Era" ( download here ) helps ...
EC-Council Launches Center of Advanced Security Training (CAST) !

EC-Council Launches Center of Advanced Security Training (CAST) !

Mar 10, 2011
EC-Council Launches Center for Advanced Security Training (CAST) to Address the Growing Need for Advanced Information Security Knowledge Mar 9, 2011, Albuquerque, NM  - According to the report, Commission on Cybersecurity for the 44 th  President, released in November 2010 by Center for Strategic and International Studies (CSIS), it is highlighted that technical proficiency is critical to the defense of IT networks and infrastructures. And there is evidently a shortage of such personnel in the current cyber defense workforce. The United States alone needs between 10,000 to 30,000 well-trained personnel who have specialized skills required to effectively guard its national assets. In essence, there is a huge shortage of highly technically skilled information security professionals. The problem is both of quantity, and quality, and this is not a problem just for the government space. Public and private companies are also in dire straits trying to fill such staffing needs. Th...
Top 7 Trends Shaping SaaS Security in 2024

Top 7 Trends Shaping SaaS Security in 2024

Dec 18, 2023 SaaS Security / Data Protection
Over the past few years, SaaS has developed into the backbone of corporate IT. Service businesses, such as medical practices, law firms, and financial services firms, are almost entirely SaaS based. Non-service businesses, including manufacturers and retailers, have about 70% of their software in the cloud.  These applications contain a wealth of data, from minimally sensitive general corporate information to highly sensitive intellectual property, customer records, and employee data. Threat actors have noted this shift, and are actively working to breach apps to access the data. Here are the top trends influencing the state of SaaS Security for 2024 — and what you can do about it.  Democratization of SaaS  SaaS apps have transformed the way organizations purchase and use software. Business units purchase and onboard the SaaS tools that best fit their needs. While this is empowering for business units that have long been frustrated by delays in procuring and onboardi...
How SSPM Simplifies Your SOC2 SaaS Security Posture Audit

How SSPM Simplifies Your SOC2 SaaS Security Posture Audit

Feb 03, 2022
An accountant and a security expert walk into a bar… SOC2 is no joke.  Whether you're a publicly held or private company, you are probably considering going through a Service Organization Controls (SOC) audit. For publicly held companies, these reports are required by the Securities and Exchange Commission (SEC) and executed by a Certified Public Accountant (CPA). However, customers often ask for SOC2 reports as part of their vendor due diligence process.  Out of the three types of SOC reports, SOC2 is the standard to successfully pass regulatory requirements and signals high security and resilience within the organization — and is based on the American Institute of Certified Public Accountants (AICPA) attestation requirements. The purpose of this report is to evaluate an organization's information systems relevant to security, availability, processing integrity, confidentiality, and privacy — over a period of time (roughly six to twelve months).  As part of a SOC2 au...
Expert Insights Articles Videos
Cybersecurity Resources