Latest articles for CSO magazine

The International Association of Privacy Professionals (IAPP), SANS Institute, and other organizations are releasing new AI certifications in the areas of governance and cybersecurity or…

Ransomware payments hit $1.1 billion in 2023, a record high and twice what they were in 2022. The frequency, scope and volume of attacks were…

Generative AI is expected to help write secure code, improve code analysis, create tests, write documentation, and assist with many other DevSecOps functions. But the…

Security operations centers (SOCs) are using generative AI systems to automate repetitive triage and documentation tasks, allowing entry-level security analysts to spend more time on…

Artificial intelligence can help businesses through automation or by improving existing tasks, but like any technology it comes with risks if not managed well. For…

Companies that find themselves with old, vulnerable code in their environment are likely to be short of resources to fix them. Most organizations will find…

Data loss prevention (DLP) vendors are racing to add support for generative AI use cases to their platforms, following the popularity and increasing adoption of…

Adopting zero trust is no fail-safe against cyberattacks. Attackers are constantly finding new ways to get around zero trust, and this often happens because not…

Over the past decade, the average value of ransoms demanded by hackers has gone from hundreds of dollars to hundreds of thousands — even into…

Australian energy company Jemena has been using APIs, in some form, for about a decade. Its use of APIs — application programming interfaces — has…

The rapid pace of change in AI makes it difficult to weigh the technology’s risks and benefits and CISOs should not wait to take charge…

Companies with cyber insurance are more likely to get hit by ransomware, more likely to be attacked multiple times, and more likely to pay ransoms,…

Siemens has been working to be on top of vulnerabilities found in its products, but more importantly, to ensure the security of its internal operations.…

Concerns about the reach of ChatGPT and how easier it may get for bad actors to find sensitive information have increased following Microsoft’s announcement of…

ChatGPT, OpenAI’s free chatbot based on GPT-3.5, was released on 30 November 2022 and racked up a million users in five days. It is capable of…

Digital twins are a digital representation of objects, structures or systems that give organizations greater insight into the life cycle of these objects, but this…

When a cell phone or other mobile device connects to the nearest cell tower, the communication takes place over something called a RAN — a…

Companies have been developing and executing identity and access management (IAM) strategies for decades. “It started with mainframe time sharing, so nothing is new,” says Jay Bretzmann,…

As more companies roll out artificial intelligence (AI) and machine learning (ML) projects, securing them becomes more important. A report released by IBM and Morning Consult in…

Machine learning and artificial intelligence (AI) are becoming a core technology for some threat detection and response tools. The ability to learn on the fly…

Machine identities are a large, and fast-growing part of the enterprise attack surface. The number of machines—servers, devices, and services—is growing rapidly and efforts to…

Open source is a double-edged sword for information security. On the one hand, security professionals rely on countless open source security software tools, frameworks, and…

As an infosec professional, you’ve likely heard about using a cyber kill chain to help identify and prevent intrusions. Attackers are evolving their methods, which…

The idea of the cyber kill chain was first developed by Lockheed Martin more than a decade ago. The basic idea is that attackers perform reconnaissance, find…

In mid-2017, Russian state-sponsored attackers installed a malicious worm in a Ukrainian financial software package. When businesses updated their software, it became infected. The worm,…

Data residency laws require that companies operating in a country keep data about its citizens on servers located in that country. For companies that have…

According to a  ransomware survey report  released in June by Keeper Security, 49% of companies hit by ransomware paid the ransom–and another 22% declined to…

As companies move applications to the cloud and expose functionality via application programming interfaces (APIs), criminals have been moving quickly to take advantage of this…

In early May, fitness company Peloton announced that it had exposed customer account data on the internet. Anyone could access users’ account data from Peloton’s…

Threat hunting isn’t just for the biggest organizations anymore. As the SolarWinds attack demonstrated, any size company can be vulnerable to stealthy attackers who worm…