ISMG Editors: Why Communications Skills Matter for CISOs

Anna Delaney • June 2, 2023

In the latest weekly update, ISMG editors discuss why communication is vital to be an effective CISO in 2023, how the hack of Florida-based dental insurer MCNA affects nearly 9 million people, and how CyberArk is securing privileged users with a new browser.

Endpoint Security

Insider Threat: Organizations Must Focus on Risk

Latest

Fraud Management & Cybercrime

Highlights of Verizon Data Breach Investigations Report 2023

Anna Delaney • June 6, 2023

Pretexting incidents, a social engineering technique that manipulates victims into divulging information, have nearly doubled, representing 50% of all social engineering attacks, according to Verizon's 2023 Data Breach Investigations Report, which analyzed more than 16,312 security incidents.

Artificial Intelligence & Machine Learning

Securing OT and IoT Assets in an Interconnected World

Steve King • June 6, 2023

In this episode of "Cybersecurity Insights," Antoinette Hodes of Check Point Research discusses the need to consolidate an organization's cybersecurity posture, gain visibility into OT and IT assets, and use cybersecurity education to increase worker safety.

Cyberwarfare / Nation-State Attacks

Why Cyber Defenders Need Partnerships, Tools and Education

Steve King • June 5, 2023

In this episode of "Cybersecurity Insights," Lonnie Price of Peraton discusses the importance of partnerships between the public and private sectors to help Ukrainians with the war effort. He also shares how we can become better educated and more efficient as cyber defenders.

Network Detection & Response

Cisco's New XDR Tool Emphasizes Robust Telemetry Correlation

Michael Novinson • May 31, 2023

Cisco Security Executive Vice President and General Manager Jeetu Patel said the industry struggles to address multifaceted attacks that originate in email and include bad links, malware downloads to a device and more. Cyber defenders need correlated data from multiple sources of telemetry, he said.

Video

Why Identity Is Key to Baselining API Security Programs

Anna Delaney • May 31, 2023

Change management is a critical part of a robust API management program, said Shaam Farooq, vice president of technology at Atlas Energy Solutions and a CyberEdBoard member. Team members must review and approve changes as they happen and communicates those changes across IT and OT security teams.

Artificial Intelligence & Machine Learning

Integrating Generative AI Into the Threat Detection Process

Steve King • May 31, 2023

In this episode of "Cybersecurity Insights," Chen Burshan and Amir Shachar of Skyhawk Security discuss how they integrated generative AI into their threat detection process and significantly increased the speed and lowered the costs of detecting breaches based by focusing on anomalous activity.

3rd Party Risk Management

Synopsys Extends Lead in Gartner MQ for App Security Testing

Michael Novinson • May 30, 2023

Synopsys stands head and shoulders above the competition in Gartner's application security testing rankings, with Snyk rising and HCL Software falling from the leaders category. Longtime app security players Veracode, Checkmarx and OpenText joined Synopsys and Snyk atop the Gartner Magic Quadrant.

HIPAA/HITECH

Where Hospitals Are Still More Cyber Reactive Than Proactive

Marianne Kolbasuk McGee • May 30, 2023

Many hospitals are still more reactive than proactive in terms of embracing recommended best practices that can advance their cybersecurity maturity level, said Steve Low, president of KLAS Research, and Ed Gaudet, CEO of consulting firm Censinet, who discuss findings of a recent benchmarking study.

Card Not Present Fraud

Invoice and CEO Scams Dominate Fraud Affecting Businesses

Mathew J. Schwartz • May 29, 2023

Losses to fraud reported by Britain's financial services sector exceeded $1.5 billion in 2022, declining by 8% from 2021, says trade association UK Finance. About 40% of losses tied to authorized push payment fraud, in which victims get tricked into transferring funds to attackers.

Audit

Sports Warehouse Fined $300,000 Over Payment Card Data Theft

Mathew J. Schwartz • May 29, 2023

Online sports retailer Sports Warehouse has agreed overhaul its security program and pay a $300,000 fine to New York State after hackers stole 20 years' worth of payment card data and customer information the company was storing in plaintext on its e-commerce server.

Managed Detection & Response (MDR)

Expel, CrowdStrike, Red Canary Dominate MDR Forrester Wave

Michael Novinson • May 26, 2023

Expel, CrowdStrike and Red Canary held steady atop Forrester's MDR rankings, while Secureworks and Binary Defense tumbled from the leaders category. Providers have turned their attention from maximizing their efficacy at detecting ransomware to finding faster and better ways to respond to attacks.

Cyberwarfare / Nation-State Attacks

ISMG Editors: How Ukraine's Cyber Defenders Prepped for War

Anna Delaney • May 26, 2023

In the latest weekly update, ISMG editors discuss top takeaways from Ukraine's cyber defense success, how a European regulator suspended Facebook data transfers to the United States, and the state of the EU General Data Protection Regulation on its five-year anniversary.