Ian Keller, security director and executive member of the CyberEdBoard

A CISO's View: How to Handle an Insider Threat

CyberEdBoard • June 7, 2023

In this post of his blog "A CISO's View," security director Ian Keller discusses the importance of having mechanisms in place to report potential personal compromise or potential compromise of another person in your company and provides simple steps for making security everyone's responsibility.

►

Breach Notification

Ex-Uber CSO Joe Sullivan Avoids Federal Prison

Latest

Endpoint Security

Shift5 Gets $33M to Help Safeguard Commercial Transportation

Michael Novinson • June 9, 2023

Moore Strategic Ventures led a $33 million investment into a military and transportation security startup founded by officers who stood up U.S. Army Cyber Command. The funds will help Shift5 expand from safeguarding military vehicles to protecting commercial modes of transportation.

Fraud Management & Cybercrime

Point32Health, Harvard Pilgrim Facing 4 Data Breach Lawsuits

Marianne Kolbasuk McGee • June 9, 2023

An April ransomware attack that compromised the personal information of more than 2.5 million individuals has triggered at least four proposed federal class action lawsuits against Massachusetts health insurer Harvard Pilgrim Health and its parent company, Point32Health.

Cloud Security

Cloud Security Trends, Best Practices Everyone Should Know

Tom Field • June 9, 2023

As cloud migration continues across regions and sectors, how are organizations choosing security tools, and how are those tools being operationalized? Which practices are producing the best security outcomes? Explore these cloud security tips from Palo Alto Networks' Ben Nicholson.

3rd Party Risk Management

Mastering Stakeholder Comms: How to Get Buy-In From the Top

Tom Field • June 9, 2023

CISOs need to bridge the gap between security concerns and business outcomes to ensure everyone plays an active role in third-party risk management. But effectively communicating that risk comes down to knowing your audience - from employees to the board, said CyberGRX's Caitlin Gruenberg.

Cryptocurrency Fraud

ISMG Editors: Verizon's DBIR Reveals Surge in BEC Scams

Anna Delaney • June 9, 2023

In the latest weekly update, four ISMG editors discuss highlights from Verizon's 16th annual Data Breach Investigations Report, what's on the mind of CISOs in Malaysia and the Philippines, and how the U.S. SEC sued crypto trading platforms Binance and Coinbase over securities violations.

Cloud Security

Threat Detection for 'DEED' Environments of Enterprises Today

Steve King • June 9, 2023

Martin Roesch, CEO of Netography, discusses the company's platform, which is for dispersed, ephemeral, encrypted and diverse - what he refers to as "DEED" - environments. DEED works with the multi-cloud, hybrid and on-premises, IT and OT environments that modern large enterprises have today.

Governance & Risk Management

Blackpoint Gets $190M From Bain Capital to Boost MSP Defense

Michael Novinson • June 8, 2023

Bain Capital led a $190 million investment into a managed detection and response provider founded by a former National Security Agency computer operations expert. The money will support development of Blackpoint's security technology and enable its MSP partners to combat a changing threat landscape.

Governance & Risk Management

Dragos Lays Off 9% of Workers as OT Security Spending Slows

Michael Novinson • June 7, 2023

Dragos has axed 50 workers after longer sales cycles and smaller initial deployment sizes caused the industrial cybersecurity vendor to miss its first quarter revenue target. Dragos revealed plans to reduce its staff by 9% to ensure the company can stay independent through an IPO or Series E round.

3rd Party Risk Management

Shedding New Light on Software Visibility in the Age of SBOM

Anna Delaney • June 7, 2023

With the federal government's software bill of materials regulations looming, many organizations are not ready to respond, warned CISO Sean Atkinson of the Center for Internet Security. He provided tips for ensuring transparency in the software supply chain and preparing for SBOM regulations.

Fraud Management & Cybercrime

Highlights of Verizon Data Breach Investigations Report 2023

Anna Delaney • June 6, 2023

Pretexting incidents, a social engineering technique that manipulates victims into divulging information, have nearly doubled, representing 50% of all social engineering attacks, according to Verizon's 2023 Data Breach Investigations Report, which analyzed more than 16,312 security incidents.

Artificial Intelligence & Machine Learning

Securing OT and IoT Assets in an Interconnected World

Steve King • June 6, 2023

In this episode of "Cybersecurity Insights," Antoinette Hodes of Check Point Research discusses the need to consolidate an organization's cybersecurity posture, gain visibility into OT and IT assets, and use cybersecurity education to increase worker safety.

Cyberwarfare / Nation-State Attacks

Why Cyber Defenders Need Partnerships, Tools and Education

Steve King • June 5, 2023

In this episode of "Cybersecurity Insights," Lonnie Price of Peraton discusses the importance of partnerships between the public and private sectors to help Ukrainians with the war effort. He also shares how we can become better educated and more efficient as cyber defenders.