Latest articles for CSO magazine

How AI chatbot ChatGPT changes the phishing game

How AI chatbot ChatGPT changes the phishing game

ChatGPT, OpenAI’s free chatbot based on GPT-3.5, was released on 30 November 2022 and racked up a million users in five days. It is capable of…

The cybersecurity challenges and opportunities of digital twins

The cybersecurity challenges and opportunities of digital twins

Digital twins are a digital representation of objects, structures or systems that give organizations greater insight into the life cycle of these objects, but this…

Top 5 security risks of Open RAN

Top 5 security risks of Open RAN

When a cell phone or other mobile device connects to the nearest cell tower, the communication takes place over something called a RAN — a…

6 signs your IAM strategy is failing, and how to fix it

6 signs your IAM strategy is failing, and how to fix it

Companies have been developing and executing identity and access management (IAM) strategies for decades. “It started with mainframe time sharing, so nothing is new,” says Jay Bretzmann,…

Adversarial machine learning explained: How attackers disrupt AI and ML systems

Adversarial machine learning explained: How attackers disrupt AI and ML systems

As more companies roll out artificial intelligence (AI) and machine learning (ML) projects, securing them becomes more important. A report released by IBM and Morning Consult in…

9 ways hackers will use machine learning to launch attacks

9 ways hackers will use machine learning to launch attacks

Machine learning and artificial intelligence (AI) are becoming a core technology for some threat detection and response tools. The ability to learn on the fly…

7 machine identity management best practices

7 machine identity management best practices

Machine identities are a large, and fast-growing part of the enterprise attack surface. The number of machines—servers, devices, and services—is growing rapidly and efforts to…

Fantastic Open Source Cybersecurity Tools and Where to Find Them

Fantastic Open Source Cybersecurity Tools and Where to Find Them

Open source is a double-edged sword for information security. On the one hand, security professionals rely on countless open source security software tools, frameworks, and…

What is the cyber kill chain? A model for tracing cyberattacks

What is the cyber kill chain? A model for tracing cyberattacks

As an infosec professional, you’ve likely heard about using a cyber kill chain to help identify and prevent intrusions. Attackers are evolving their methods, which…

How attackers sidestep the cyber kill chain

How attackers sidestep the cyber kill chain

The idea of the cyber kill chain was first developed by Lockheed Martin more than a decade ago. The basic idea is that attackers perform reconnaissance, find…

Why DevOps pipelines are under attack and how to fight back

Why DevOps pipelines are under attack and how to fight back

In mid-2017, Russian state-sponsored attackers installed a malicious worm in a Ukrainian financial software package. When businesses updated their software, it became infected. The worm,…

Data residency laws pushing companies toward residency as a service

Data residency laws pushing companies toward residency as a service

Data residency laws require that companies operating in a country keep data about its citizens on servers located in that country. For companies that have…

Ransomware recovery: 8 steps to successfully restore from backup

Ransomware recovery: 8 steps to successfully restore from backup

According to a  ransomware survey report  released in June by Keeper Security, 49% of companies hit by ransomware paid the ransom–and another 22% declined to…

Botnet attacks on APIs: Why most companies are unprepared

Botnet attacks on APIs: Why most companies are unprepared

As companies move applications to the cloud and expose functionality via application programming interfaces (APIs), criminals have been moving quickly to take advantage of this…

How API attacks work, and how to identify and prevent them

How API attacks work, and how to identify and prevent them

In early May, fitness company Peloton announced that it had exposed customer account data on the internet. Anyone could access users’ account data from Peloton’s…

Tips and tactics of today’s cybersecurity threat hunters

Tips and tactics of today’s cybersecurity threat hunters

Threat hunting isn’t just for the biggest organizations anymore. As the SolarWinds attack demonstrated, any size company can be vulnerable to stealthy attackers who worm…

5 ways attackers counter incident response, and how to stop them

5 ways attackers counter incident response, and how to stop them

Last month, the UK’s  National Cyber Security Centre reported  that one organization paid nearly $9 million to attackers for a decryption key after falling victim…

How strong, flexible data protection controls can help maintain regulatory compliance

How strong, flexible data protection controls can help maintain regulatory compliance

Privacy and security regulations are evolving quickly. The European Union’s  GDPR  and California’s new  CPRA  law are only the most high-profile examples.  According to Privacy…

Supply chain attacks show why you should be wary of third-party providers

Supply chain attacks show why you should be wary of third-party providers

What is a supply chain attack? A supply chain attack, also called a value-chain or third-party attack, occurs when someone infiltrates your system through an…

CPRA explained: New California privacy law ramps up restrictions on data use

CPRA explained: New California privacy law ramps up restrictions on data use

In November, Californians approved a ballot measure, Proposition 24, a.k.a. the California Privacy Rights Act (CPRA), to create a new consumer data privacy agency. It…

How secure are your AI and machine learning projects?

How secure are your AI and machine learning projects?

When enterprises adopt new technology, security is often on the back burner. It can seem more important to get new products or services to customers…

How to protect backups from ransomware

How to protect backups from ransomware

Despite a recent decline in attacks,  ransomware  still poses significant threats to enterprises, as the  attacks against several major newspapers  demonstrated this month. It is…

Supply chain attacks show why you should be wary of third-party providers

Supply chain attacks show why you should be wary of third-party providers

A supply chain attack, also called a value-chain or third-party attack, occurs when someone infiltrates your system through an outside partner or provider with access…

IBM, Intel, AMD take different routes to hardware-based encryption

IBM, Intel, AMD take different routes to hardware-based encryption

We have encryption for data in motion. We have encryption for data at rest. But one type of data is difficult to keep encrypted –…

Getting started with security automation

Getting started with security automation

Network engineer Jose Arellano concedes that “the hardest part of my day” is keeping the network safe for 12,700 students, 1,900 staff and more than…

California Consumer Privacy Act (CCPA): What you need to know to be compliant

California Consumer Privacy Act (CCPA): What you need to know to be compliant

In late June, 2018, California passed a consumer privacy act, AB 375, that could have more repercussions on U.S. companies than the European Union’s General…

8 ways to get more life out of an old SIEM

8 ways to get more life out of an old SIEM

As the COVID-19 pandemic drags global economies to a halt, enterprises are having to tighten their belts across the board, including in IT. In May…

AI-powered deception technology speeds deployment, improves results

AI-powered deception technology speeds deployment, improves results

Over the past few weeks, the cybersecurity landscape has changed dramatically. Employees working at home mean more exposed attack surface and plenty of unusual user…

8 PCI DSS questions every CISO should be able to answer

8 PCI DSS questions every CISO should be able to answer

At the end of this year, the Payment Card Industry Data Security Standard (PCI DSS) is expected to get an upgrade to version 4.0. It…

9 CCPA questions every CISO should be prepared to answer

9 CCPA questions every CISO should be prepared to answer

The California Consumer Privacy Act (CCPA) went into effect on January 1 and it is affecting companies not just in California but across the United…