Everybody in tech is talking about ChatGPT, the AI-based chatbot from Open AI that writes convincing prose and usable code. The trouble is malicious cyber attackers can use generative AI tools like ChatGPT to craft convincing prose and usable code just like everybody else. How does this powerful new category of tools affect the ability of criminals to launch cyberattacks, including social engineering attacks? When Every Social Engineering Attack Uses Perfect English ChatGPT is a public tool based on a language model created by the San Francisco-based company, OpenAI. It uses machine learning t ..read more

It’s easy to read today’s headlines and think that now isn’t the best time to look for a job in the tech industry. However, that’s not necessarily true. When you read deeper into the stories and numbers, cybersecurity positions are still very much in demand. Cybersecurity professionals are landing jobs every day, and IT professionals from other roles may be able to transfer their skills into cybersecurity relatively easily. As cybersecurity continues to remain a top business priority, organizations will likely keep hiring for cybersecurity roles. Companies are increasingly recognizing that wit ..read more

More than ever, cybersecurity strategy is a core part of business strategy. For example, a company’s cyber risk can directly impact its credit rating.  Credit rating agencies continuously strive to gain a better understanding of the risks that companies face. Today, those agencies increasingly incorporate cybersecurity into their credit assessments. This allows agencies to evaluate a company’s capacity to repay borrowed funds by factoring in the risk of cyberattacks. Getting Hacked Impacts Credit Scoring As per the Wall Street Journal (WSJ), credit-rating agencies are placing greater emph ..read more

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently released a new 31-page document outlining best practices for identity and access management (IAM) administrators.  As the industry increasingly moves towards cloud and hybrid computing environments, managing the complexities of digital identities can be challenging. Nonetheless, the importance of IAM cannot be overstated in today’s world, where data security is more critical than ever. Meanwhile, IAM itself can be a source of vulnerability if not implemented and managed effectively ..read more

The World Economic Forum recently published a list of trends that are likely to shape the future of cybersecurity by 2030. The article names “progress in cybersecurity, but access must be widened” as a top trend. If these two goals seem contradictory, it’s because they are. Today’s business model requires that systems, people and devices have the ability to access data. But at the same time, that ability can enable a cyberattack that causes significant business disruption. Many businesses struggle to walk the fine line between allowing access to all who need it while still protecting thei ..read more

With every step towards better cyber defense, malicious attackers counter with new tactics, techniques and procedures. It’s not like the attackers are going to say, “All right, you made it too tough for us this time; we’re checking out.” That is not happening. Increased use of virtualization comes with both operational efficiencies and abilities to deploy a sound resilience strategy specifically related to recovery. With solid backup and restoration methods and disaster recovery planning, spinning up some images and backups can be relatively easy when needed. Done well, they facilitate qu ..read more

For small organizations, the current cyber threat landscape is brutal. While big-name breaches steal the headlines, small businesses suffer the most from ransomware attacks. Additionally, other studies reveal that only half of all small businesses are prepared for a cyberattack. In the face of these challenges, NIST is creating a new initiative to help.  To help smaller organizations face the growing cyber threat, NIST recently launched its Small Business Cybersecurity Community of Interest (COI). Here’s how this new association can help your organization move forward with a cyber readine ..read more

Many, if not the majority of, big decisions at organizations come from the boardroom. Typically, the board of directors focuses on driving the direction of the company. Because most boards approve yearly budgets, they have significant oversight of resources and areas of investment. As cybersecurity attacks continue to increase, organizations must make key budgeting decisions that can affect the future of the company. Cybersecurity issues are now increasingly brought up to the board of directors at organizations across all industries. “Overseeing cyber risk is incredibly challenging,” Dottie Sc ..read more

The cybersecurity industry is littered with acronyms. SIEM. EDR. APT. CISO. CISA. The list goes on and on. So it wasn’t surprising that there were a lot of acronyms in RSAC 2023’s sessions and keynotes, as well as in the dozens of news items and studies released during the conference. The hottest acronym, by far, was AI, as everyone (literally everyone, including keynote speaker Eric Idle) had something to say about ChatGPT and the skyrocketing popularity of generative AI. But there were a few other, less familiar, acronyms discussed at RSAC this year: HEAT and EASM. Neither are new terms, And ..read more

A proactive approach to cybersecurity includes ensuring all software is up-to-date across assets. This also includes applying patches to close up vulnerabilities. This practice minimizes risk, as it eliminates outdated software versions in the process. Does this make patching a catch-all cybersecurity solution? While patching is an important component of cybersecurity, other security solutions and strategies must complement it. These include firewalls, antivirus software and employee security risk awareness training. Interestingly, the most recent X-Force Threat Intelligence Index reports that ..read more