May 29, 2024 at 06:53AM In litigation, the standard of proof varies for criminal and civil cases. Regulators overseeing enterprise cybersecurity practices rely on the concept of “reasonable cybersecurity,” which lacks a precise definition. Quantifying cyber risk is crucial in determining what constitutes a “reasonable” cybersecurity defense, with regulatory frameworks such as NIST CSF and … Read more
May 10, 2024 at 02:28PM At the 2024 RSA Conference, tech giants like Microsoft, Amazon Web Service, IBM, and Fortinet have voluntarily agreed to meet a set of seven cyber security objectives outlined by the US’s cyber authority, CISA. The initiative lacks legal enforcement but aims to foster good security practices and investments across industries, … Read more
May 10, 2024 at 06:16AM The 2024 RSA Conference in San Francisco saw numerous companies presenting their products and services. SecurityWeek offered a daily digest summarizing significant announcements made by vendors throughout the event, including new product releases, partnership announcements, and reports. Additionally, companies like Aqua Security, Censys, and CrowdStrike revealed various security solutions and … Read more
May 9, 2024 at 11:18AM Trend Micro’s 2023 investigation at the 2024 RSA Conference revealed criminals continue to lag in AI adoption. They identified a criminal LLM called WormGPT and potential scams, like EscapeGPT and FraudGPT. Criminals prefer mainstream AI products over building their own systems and use deepfake services for illicit activities. Trend Micro … Read more
May 9, 2024 at 05:18AM The 2024 RSA Conference in San Francisco featured numerous product and service announcements. Highlights from the third day include AuditBoard’s InfoSec Solutions enhancements, Cado Security’s forensic investigations in distroless container environments, and CrowdStrike and NinjaOne’s partnership for endpoint protection. CyberSaint, Cyolo, ForAllSecure, Netcraft, OpenText, SentinelOne, and Skyhigh Security also introduced … Read more
May 8, 2024 at 05:26PM runZero unveiled the inaugural runZero Research Report at the RSA Conference, highlighting alarming trends in enterprise asset security. Key findings include the convergence of IT and OT, limited visibility into network devices, and risks associated with end-of-life hardware and operating systems. The report emphasizes the significance of asset discovery for … Read more
May 8, 2024 at 03:35AM Ransomware has plagued the information security landscape for a decade, with attacks increasingly targeting corporations for big payouts. Mikko Hyppönen, chief research officer at WithSecure, warns that the rise in attacks and the value of Bitcoin has created lucrative opportunities for criminals. Despite this, the security industry offers a promising … Read more
May 7, 2024 at 04:39PM The CISO role is changing, with many aspiring to become CIOs or CTOs. Renee Guttmann-Stark mentors such transitions, though she herself prefers focusing on cybersecurity. Some CISOs, like Jamil Farschi of Equifax, are moving into CTO roles. Challenges persist, including job vacancies and handling relentless cyber attacks. The rise of … Read more
May 7, 2024 at 04:24PM Renee Guttmann-Stark, a former CISO, acknowledges the trend of CISOs transitioning to CTO roles, citing examples like Jamil Farschi’s promotion. Challenges facing CISOs include job vacancies, insurance issues, and tool procurement. Guttmann-Stark advocates for AI deployment in automating tasks. She also emphasizes the importance of CISOs gaining proficiency in AI … Read more
May 6, 2024 at 10:19PM Ransomware attacks have evolved into psychological warfare as criminals resort to increasingly personal and aggressive tactics, such as contacting executives’ family members and disrupting critical services. The shift from targeting companies to individuals poses new dilemmas, particularly for healthcare organizations handling sensitive data. Cryptocurrency has facilitated extortion, making it challenging … Read more