Latest articles for CSO magazine

Open RAN enables interoperability among hardware, software, and interfaces used in cellular networks but also changes their attack surface.

Mistakes when implementing identity and access management systems, especially during upgrades, can have lasting effects. Here’s how to spot and avoid the worst of them.

Threat actors have several ways to fool or exploit artificial intelligence and machine learning systems and models, but you can defend against their tactics.

Machine learning algorithms will improve security solutions, helping human analysts triage threats and close vulnerabilities quicker. But they are also going to help threat actors…

Managing machine identities can be just as important as managing human identities, especially in a zero-trust environment.

Open source software plays a key role in keeping data centers secure. Here are just a few projects making a difference.

The cyber kill chain describes the phases of a targeted cyberattack where defenders can identify and stop it.

Many of the most popular cyberattacks don’t follow all the steps of the cyber kill chain, but you have other methods to detect threats.

NotPetya proved the effectiveness of an attack on the software supply chain, and attackers are targeting it more now. Here’s advice to reduce risk to…

Many countries now require companies that operate within its boundaries to store data on their residents locally. Using residency-as-a-service providers is becoming an important option.

The best way to recover from a ransomware attack is to have a reliable and fast backup process. Here’s how to do it.

CSO–The use of botnets to target applications for illegal and unethical purposes is growing, yet implementation of bot detection tools and best practices lags.

CSO–Attackers know how to get around WAFs and API gateways when targeting APIs. Here’s how some companies are coping with the rapid increase in API…

CSO–Having internal threat hunting capability is becoming a necessity for many organizations. Here are the most common things they look for and how they respond…

CSO ONLINE–IR has become a chess match with attackers who can cleverly spoil responders’ efforts and keep a foothold in systems. Here’s how they do…

CSO ONLINE–An effective approach to data protection controls embraces ethical standards and anticipates new requirements. Here’s how some CISOs and other experts tackle the issue.

CSO ONLINE–The weak link in your enterprise security might lie with partners and suppliers. Here’s how to understand and mitigate that risk.

CSO ONLINE–The California Privacy Rights Act more closely aligns with the EU’s General Data Protection Regulation. Mid-sized companies not yet GDPR compliant face the biggest…

CSO–Artificial intelligence and machine learning bring new vulnerabilities along with their benefits. Here’s how several companies have minimized their risk.

CSO–Ransomware is getting smarter, attacking backups to prevent recovery. Prevent this from happening by taking a few simple steps.

CSO–The weak link in your enterprise security might lie with partners and suppliers. Here’s how to understand and mitigate that risk.

CSO–So-called confidential computing approaches allow data to remain encrypted while in use. That’s best done in hardware, and IBM, AMD and Intel are following different…

CSO–Stressed and stretched, IT security teams look to automation for relief from high volumes of alerts from their detection and response systems. Here’s how three…

CSO–California’s new privacy law, AB 375, might not burden security as much as the GDPR, but details are subject to change.

CSO–Can’t update your old security information and event management system now? Use this advice to maintain its effectiveness.

CSO–Aflac says artificial intelligence made its honeypot rollout faster, less complicated, and it produces high-quality alerts. A healthcare facility deploys deception technology for protection during…

CSO–Any organization that processes credit card payments risks large fines and loss of their merchant accounts if they are not PCI DSS compliant when a…

Executive management anxiety over the California Consumer Privacy Act will rise as the enforcement deadline looms. Security managers will need to know the answers to…

APIs now account for 40% of the attack surface for all web-enabled apps. OWASP has identified 10 areas where enterprises can lower that risk.

Jira is just the most recent company to expose its customers via a path traversal vulnerability. This risk is easily avoidable, but developers keep making…