When people go through the recruitment process for a new job, it’s common to forget it’s a two-way street. Not only is it an opportunity for a company to figure out whether they should hire a candidate, but it’s also a chance for the individual applying for the role to work out if the company is a good match for them. In the case of the CISO, where job satisfaction is currently on a downward trend and more are looking to jump ship, it’s even more crucial now to know the right questions to ask before taking on a new job.  Recent research by the IANS Research and Artico Search indicated t ..read more

The key to minimize personal liability for CSOs and CISOs after a data breach is to act responsibly and reasonably. The current state of the law is that those involved in an organization that is threatened or affected by a data breach are expected to react reasonably under the circumstances. To meet this standard, one should engage and follow legal advice, communicate effectively, and demonstrate a commitment to addressing the breach and preventing future incidents. By following these recommendations, CSOs, and CISOs can navigate the challenging terrain of a data breach while minimizing thei ..read more

CSO ASEAN is proud to launch the fourth edition of the CSO30 ASEAN Awards in 2024 – recognising the top 30 cybersecurity executives driving innovation, strengthening resilience, and influencing industry change. In 2024, CSO30 ASEAN nominees will be judged based on the core pillars of business value and leadership. Judges will assess cybersecurity initiatives introduced over the past two years that have improved an organisation’s security and operations, as well as how a cybersecurity leader has demonstrated leadership both within the organisation and across the wider community. CSO30 ASEAN A ..read more

Sizable fines assessed for data breaches in recent years suggest that regulators are getting more serious about cracking down on organizations that don’t properly protect consumer data. Hit with a $ 1.3 billion fine for unlawfully transferring personal data from the European Union to the US, Meta tops the list of recent big-ticket sanctions, with one other ten figure fine being levied against the Chinese firm Didi Global for violating that nation’s data protection laws. The third largest penalty was the $877 million fine against Amazon in 2021 for running afoul of the General Data Protection ..read more

Because of its ubiquity as a network platform, Windows all too often gets blamed as the source of a host of network security vulnerabilities. But recent events have shown the truth — that all sorts of network components have flaws and that there are many nefarious means attackers can use to enter and take control. With every day that passes, security professionals have blindly relied on false concepts such as Apple’s ecosystem being closed (and therefore not as susceptible to attack) and the conceit that many eyeballs mean vulnerabilities will be found and neutralized. It’s naive at best and ..read more

As we near the halfway point of the year, organizations are under tremendous pressure to grow businesses across all industries. It’s no secret: bottom lines must rise and 2024 has been earmarked as a pivotal year to revert to growth mode. Many organizations will find an uphill battle here; the previous few years have taken a significant toll. From supply chain issues, layoffs, delayed pipelines, and stalled progress due to pulled focus, we are due for a burst of innovation. Of course, there are a multitude of paths businesses can take to achieve this, all afforded by an increased focus on ge ..read more

Salt Security has added a new OAuth security offering to its API protection platform to help organizations detect attempts to exploit OAuth and fix vulnerabilities associated with the protocol. OAuth is an open-standard authorization protocol or framework, that describes how unrelated servers and services can safely allow authenticated access to their assets without actually sharing the initial, related, single logon credential. “Our new OAuth protection package comes in two parts,” said Eric Schwake, director of cybersecurity strategy at Salt Security. “The first is to strengthen our indust ..read more

Cisco has urged its customers to upgrade their software after disclosing that state-sponsored hackers have compromised some of its security devices. In a blog post, the company said hackers exploited previously undetected vulnerabilities in its Adaptive Security Appliances, a product that combines multiple cybersecurity functions. The threat actor, termed UAT4356, deployed two backdoors, which were used to conduct malicious actions, including configuration modification, reconnaissance, network traffic capture/exfiltration, and potentially lateral movement.   “This actor utilized be ..read more

2023 was a big year for threat intelligence. The sheer volume of threats and attacks revealed through Microsoft’s analysis of 78 trillion daily security signals indicates a shift in how threat actors are scaling and leveraging nation-state support. We saw more attacks than ever before, with attack chains growing increasingly complex; dwell times becoming shorter; and tactics, techniques, and procedures (TTPs) evolving to become nimbler and more evasive. By looking back at the details of key security incidents in 2023, we can begin to isolate patterns and identify learnings for how we should ..read more

ToddyCat, a Chinese advanced persistent threat (APT) group that has been targeting Asian and European government and military organizations over the past four years, is using several different traffic tunneling tools to ensure persistent access to compromised networks, according to researchers at Kaspersky Lab. The group’s primary goal is the exfiltration of large volumes of sensitive information, which can take a long time and is prone to detection, researchers from the security firm said in a new report. “Having several tunnels to the infected infrastructure implemented with different tool ..read more