Latest articles for CSO magazine

Ransomware recovery: 8 steps to successfully restore from backup

Ransomware recovery: 8 steps to successfully restore from backup

According to a ransomware survey report released in June by Keeper Security, 49% of companies hit by ransomware paid the ransom—and another 22% declined to say whether…

Botnet attacks on APIs: Why most companies are unprepared

Botnet attacks on APIs: Why most companies are unprepared

As companies move applications to the cloud and expose functionality via application programming interfaces (APIs), criminals have been moving quickly to take advantage of this…

How API attacks work, and how to identify and prevent them

How API attacks work, and how to identify and prevent them

In early May, fitness company Peloton announced that it had exposed customer account data on the internet. Anyone could access users’ account data from Peloton’s…

Tips and tactics of today’s cybersecurity threat hunters

Tips and tactics of today’s cybersecurity threat hunters

Threat hunting isn’t just for the biggest organizations anymore. As the SolarWinds attack demonstrated, any size company can be vulnerable to stealthy attackers who worm…

5 ways attackers counter incident response, and how to stop them

5 ways attackers counter incident response, and how to stop them

Last month, the UK’s National Cyber Security Centre reported that one organization paid nearly $9 million to attackers for a decryption key after falling victim to a ransomware attack.…

How strong, flexible data protection controls can help maintain regulatory compliance

How strong, flexible data protection controls can help maintain regulatory compliance

Privacy and security regulations are evolving quickly. The European Union’s GDPR and California’s new CPRA law are only the most high-profile examples. According to Privacy Desk, around 110 countries have…

Supply chain attacks show why you should be wary of third-party providers

Supply chain attacks show why you should be wary of third-party providers

What is a supply chain attack? A supply chain attack, also called a value-chain or third-party attack, occurs when someone infiltrates your system through an…

CPRA explained: New California privacy law ramps up restrictions on data use

CPRA explained: New California privacy law ramps up restrictions on data use

In November, Californians approved a ballot measure, Proposition 24, a.k.a. the California Privacy Rights Act (CPRA), to create a new consumer data privacy agency. It…

How secure are your AI and machine learning projects?

How secure are your AI and machine learning projects?

When enterprises adopt new technology, security is often on the back burner. It can seem more important to get new products or services to customers…

How to protect backups from ransomware

How to protect backups from ransomware

Despite a recent decline in attacks, ransomware still poses significant threats to enterprises, as the attacks against several major newspapers demonstrated this month. It is also becoming more capable.…

Supply chain attacks show why you should be wary of third-party providers

Supply chain attacks show why you should be wary of third-party providers

A supply chain attack, also called a value-chain or third-party attack, occurs when someone infiltrates your system through an outside partner or provider with access…

IBM, Intel, AMD take different routes to hardware-based encryption

IBM, Intel, AMD take different routes to hardware-based encryption

We have encryption for data in motion. We have encryption for data at rest. But one type of data is difficult to keep encrypted —…

Getting started with security automation

Getting started with security automation

Network engineer Jose Arellano concedes that “the hardest part of my day” is keeping the network safe for 12,700 students, 1,900 staff and more than…

California Consumer Privacy Act (CCPA): What you need to know to be compliant

California Consumer Privacy Act (CCPA): What you need to know to be compliant

In late June, 2018, California passed a consumer privacy act, AB 375, that could have more repercussions on U.S. companies than the European Union’s General…

8 ways to get more life out of an old SIEM

8 ways to get more life out of an old SIEM

As the COVID-19 pandemic drags global economies to a halt, enterprises are having to tighten their belts across the board, including in IT. In May Gartner…

AI-powered deception technology speeds deployment, improves results

AI-powered deception technology speeds deployment, improves results

Over the past few weeks, the cybersecurity landscape has changed dramatically. Employees working at home mean more exposed attack surface and plenty of unusual user…

8 PCI DSS questions every CISO should be able to answer

8 PCI DSS questions every CISO should be able to answer

At the end of this year, the Payment Card Industry Data Security Standard (PCI DSS) is expected to get an upgrade to version 4.0. It…

9 CCPA questions every CISO should be prepared to answer

9 CCPA questions every CISO should be prepared to answer

The California Consumer Privacy Act (CCPA) went into effect on January 1 and it is affecting companies not just in California but across the United…

What you need to know about the new OWASP API Security Top 10 list

What you need to know about the new OWASP API Security Top 10 list

OWASP, the Open Web Application Security Project known for its top 10 list of web application vulnerabilities, published the release candidate version of its API Security…

Directory traversal explained: Definition, examples and prevention

Directory traversal explained: Definition, examples and prevention

Directory traversal examples In September, researchers discovered a “critical severity” directory traversal vulnerability in Atlassian’s Jira Service Desk Server and Jira Service Desk Data Center that could allow…

7 ways 5G mobile networks will change IoT security, and how to prepare

7 ways 5G mobile networks will change IoT security, and how to prepare

Super-fast 5G mobile networks promise to link not only people more efficiently, but also allow for greater interconnectivity and control of machines, objects and devices. Its high…

Business email compromise attacks cost millions, losses doubling each year

Business email compromise attacks cost millions, losses doubling each year

In August 2019, someone at Japan’s Toyota Boshoku Corp. received fraudulent payment instructions by email to send 4 billion yen (about $37 million) to a…

Rich PII enables sophisticated impersonation attacks

Rich PII enables sophisticated impersonation attacks

As companies ramp up protections against account takeovers, spearphishing and other impersonation attacks, attackers are upping their game by collecting more and richer personally identifiable information (PII).…

How secure are your AI and machine learning projects?

How secure are your AI and machine learning projects?

When enterprises adopt new technology, security is often on the back burner. It can seem more important to get new products or services to customers…

6 ways cybercriminals use commercial infrastructure

6 ways cybercriminals use commercial infrastructure

When it comes to cybercriminal infrastructure, the dark web gets the glory with its secret criminal marketplaces, illegal money laundering services and botnets as a service. Criminals also get…

6 API security lessons from the Venmo breach

6 API security lessons from the Venmo breach

Earlier this summer, a computer science student was able to access information on seven million Venmo transactions, including the full names of people sending money…

How to close SIEM visibility gaps created by legacy apps

How to close SIEM visibility gaps created by legacy apps

As companies get better at analyzing log data to spot potential security threats, legacy applications create blindspots that can be hard to tackle. “Modern SIEMs…

4 security concerns for low-code and no-code development

4 security concerns for low-code and no-code development

Low-code and no-code development promises to speed up the deployment of new applications and to allow non-technical users to create apps. The idea has been…

6 ways malware can bypass endpoint protection

6 ways malware can bypass endpoint protection

Sixty-three percent of IT security professionals say the frequency of attacks has gone up over the past 12 months, according to Ponemon’s 2018 State of Endpoint Security…

How First Citrus Bank got rid of employee passwords

How First Citrus Bank got rid of employee passwords

Security experts have been bemoaning the endless array of problems associated with using passwords — they’re either too easy for criminals to guess or too…