Organizations in all sectors "need to look at the CISO role as an executive position with holistic understanding and a more well-rounded background" to help ensure security goals align with business goals, says consultant Ed Amoroso, former AT&T chief security officer.
As CISO at Hearst Corp., David Hahn's security strategy must be mindful of the challenges and brand risks for well-known media properties, including ESPN and Esquire, as well as smaller, lesser-known units within the corporation. Each requires a risk management strategy.
As threats and threat actors multiply and evolve, digital attribution becomes ever more critical, says Gartner's Avivah Litan. She discusses how to approach attribution and also offers her take on the technologies that could help secure U.S. elections.
About half of today's cyberattacks are malware-free and don't involve having to write any files to disk, says Dan Larson of Crowdstrike. These attacks get around conventional defenses, such as firewalls and antivirus programs, so they require new defenses, he says.
Data breach truism: So many organizations get breached, and remain breached, but don't find out until months or even years later, says Paul White of the cybersecurity firm Cyber adAPT. He offers insights on speeding reaction time by watching for clues.
Most large organizations at least pay lip service to breach preparedness. But when it comes to proper policies, planning and practice, far too many still fall short, says Stuart Mort of the Australian telecommunications firm Optus. Here's what they are overlooking.
Penetration tests can reveal holes in an organization's security. But framing the scope of a penetration test can be challenging, and good results don't necessarily mean 100 percent security. says attorney Kay Lam-MacLeod.
When it comes to risk, attorney Mark Doepel sees what he describes as "high cyber awareness, but low cyber literacy" among senior business leaders. But as nations adopt new breach legislation, boards and C-suites need to develop a deeper, granular understanding of risk - and fast.
Australia's mandatory data breach notification law, which goes into effect next February, brings a host of new requirements. Gordon Hughes, an attorney and data protection expert, discusses what organizations need to be aware of ahead of its implementation.
By 2020, organizations will be spending $100 billion annually on cybersecurity products and services. But are they securing the assets that matter most to their enterprises? RSA's Peter Beardmore discusses the emerging concept of business-driven security.
It's boom time for the ransomware business as criminals continue to make easy cryptocurrency paydays via crypto-locking attacks. AlienVault's Javvad Malik and Chris Doman detail how crowdsourced threat intelligence can help in the fight against this threat.
Organizations rely on a variety of outside firms to deliver security services. But how can they get the most value? Catherine Buhler, CISO of BlueScope Steel, shares how she challenges managed security services providers.
Millions of connected devices already have been potentially compromised - inside and outside of the enterprise. Phil Marshall of Tolaga Research is concerned about when and how attackers will take advantage of these in the next big IoT strike.