Profiles in Leadership: Amit Basu, International Seaways

Tom Field • September 20, 2021

Like his peer CISOs, Amit Basu of International Seaways is concerned about complexity and the shifting landscape. But not just the threat landscape – he also is challenged by the shifting dynamics of business priorities and processes, as well as what "protection" in this new environment now entails.

►

COVID-19

Profiles in Leadership: Nandhini Duraisamy

Latest

Global Compliance

How to Keep Cybercrime's Foot off the Pedal with ISO/SAE 21434

Information Security Media Group • September 21, 2021

With automotive standard ISO 21434 just around the corner, this tutorial focuses on how it will form a key protective component against the cyber threats facing automation software developers.

CISO Trainings

Profiles in Leadership: Tim Nedyalkov, Commonwealth Bank

Jeremy Kirk • September 16, 2021

Cloud-based services are affecting governance, risk management and compliance practices in Australia, says Tim Nedyalkov, who is a technology information security officer with Commonwealth Bank. He discusses the differences between how managers and practitioners approach the problems.

COVID-19

Profiles in Leadership: Tammy Klotz, CISO, Covanta

Tom Field • September 15, 2021

Tammy Klotz took on a new job at a new company and even in a new state in 2020 - and she was charged with both establishing herself and raising the firm's cybersecurity posture. No challenge during a global pandemic, right? Here is how she has begun to pave her way.

Access Management

Travis CI Flaw Exposed Secrets From Public Repositories

Jeremy Kirk • September 15, 2021

Travis CI, a Berlin-based continuous integration testing vendor, has patched a serious flaw that exposed signing keys, API keys and access credentials, potentially putting thousands of organizations at risk. Those using Travis CI should change their secrets immediately.

3rd Party Risk Management

Top Initial Attack Vectors: Passwords, Bugs, Trickery

Mathew J. Schwartz • September 14, 2021

The top three tactics attackers have been using to break into corporate and government networks are brute-forcing passwords, exploiting unpatched vulnerabilities, and social engineering via malicious emails, says security firm Kaspersky in a roundup of its 2020 incident response investigations.

3rd Party Risk Management

The 'Basics We Need to Get Right'

Anna Delaney • September 14, 2021

"There are so many basics we need to get right," says Daniel Dresner, professor of cyber security at Manchester University. In this interview, he discusses the cybersecurity practices that he recommends to make the task of securing small- to medium-sized enterprises less overwhelming.

3rd Party Risk Management

BitSight, Mastercard and Tenable Make Acquisitions

Doug Olenick • September 14, 2021

Merger and acquisition activity picked up in September with BitSight, Tenable and Mastercard, all making deals. Moody's became BitSight's largest shareholder after making a $250 million investment in the company.

Application Security

Apple Patched iMessage. But Can It Be Made Safer Overall?

Jeremy Kirk • September 14, 2021

Apple patched a software vulnerability on Monday that researchers say was used to deliver spyware via its iMessage platform to the mobile phones of activists. But a few changes to iMessage could make it safer overall for individuals at high risk of surveillance, says an Apple security expert.

Business Continuity Management / Disaster Recovery

House Bill Seeks to Insulate CISA Director From Politics

Scott Ferguson • September 13, 2021

A bipartisan group of lawmakers wants to better insulate the director of CISA from political pressure by giving the role a defined five-year term that could keep the agency's leader in place even when presidential administrations change. Currently, the position of CISA director lacks a set term.

Business Continuity Management / Disaster Recovery

20 Years Later: A Cyber 9/11 Is Unlikely

Doug Olenick • September 10, 2021

The possibility of a terrorist group launching a massive Sept. 11, 2001-scale cyberattack against the U.S. or an ally has been a concern for years, but cybersecurity pros with a background in intelligence and military affairs say such worries are likely unwarranted.

Blockchain & Cryptocurrency

ISMG Editors' Panel: Ransomware Affiliates Seek New Gangs

Anna Delaney • September 10, 2021

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including how ransomware affiliates change operators and why terrorists aren't launching massive cyberattacks.

Cybercrime

United Nations Says Attackers Breached Its Systems

Jeremy Kirk • September 10, 2021

The United Nations says its networks were accessed by attackers earlier this year, leading to follow-on intrusions. One cybercrime analyst reports that he'd alerted NATO after seeing access credentials for one of its enterprise resource planning software systems for sale via the cybercrime underground.