Expert corner

How to make sense of the new SEC cyber risk disclosure rules

How to make sense of the new SEC cyber risk disclosure rules 2024-02-20 at 08:01 By Help Net Security SEC’s new cybersecurity risk management, strategy, governance, and incident disclosure rules, which require increased transparency around cybersecurity incidents, have been in effect since December 18, 2023. For businesses that already harbor concerns over their cybersecurity protections, […]

How to make sense of the new SEC cyber risk disclosure rules Read More »

Balancing “super app” ambitions with privacy

Balancing “super app” ambitions with privacy 2024-02-19 at 08:31 By Help Net Security When Elon Musk’s ambitions to transform X into an “everything app” were divulged last year, he joined several companies known to be exploring or actively working on developing super apps, suggesting there’s clearly a niche to be filled. In fact, since the

Balancing “super app” ambitions with privacy Read More »

Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge

Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge 2024-02-16 at 08:01 By Help Net Security The essence of cybersecurity is not just about defense but enabling business through trust and reliability. As Gmail and Yahoo take steps to enforce stricter email authentication, organizations that are proactive in their DMARC compliance will

Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge Read More »

AI outsourcing: A strategic guide to managing third-party risks

AI outsourcing: A strategic guide to managing third-party risks 2024-02-15 at 08:01 By Help Net Security In an era of artificial intelligence (AI) revolutionizing business practices, many companies are turning to third-party AI services for a competitive edge. However, this approach comes with its own set of risks. From data security concerns to operational disruptions,

AI outsourcing: A strategic guide to managing third-party risks Read More »

We can’t risk losing staff to alert fatigue

We can’t risk losing staff to alert fatigue 2024-02-14 at 08:32 By Help Net Security The oft-quoted Chinese military strategist Sun Tzu famously claimed: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Exchange “battles” for “cyberattacks”, and the maxim will hold. But too much information

We can’t risk losing staff to alert fatigue Read More »

February 2024 Patch Tuesday forecast: Zero days are back and a new server too

February 2024 Patch Tuesday forecast: Zero days are back and a new server too 2024-02-09 at 08:32 By Mirko Zorz January 2024 Patch Tuesday is behind us. A relatively light release from Microsoft with 39 CVEs addressed in Windows 10, 35 in Windows 11, and surprisingly no zero-day vulnerabilities from Microsoft to start the new

February 2024 Patch Tuesday forecast: Zero days are back and a new server too Read More »

10 tips for creating your security hackathon playbook

10 tips for creating your security hackathon playbook 2024-02-08 at 08:01 By Help Net Security For more than 12 years, I’ve been organizing and running hackathons with the goal of finding security vulnerabilities and fixing them before a product hits the market. These events can play a pivotal role in the product development lifecycle, increasing

10 tips for creating your security hackathon playbook Read More »

3 ways to achieve crypto agility in a post-quantum world

3 ways to achieve crypto agility in a post-quantum world 2024-02-06 at 07:31 By Help Net Security Working at the speed of digital business is a constant challenge. But in today’s increasingly automated operational environment, crypto agility—i.e., an organization’s ability to (at the moment of compromise) switch rapidly and seamlessly between certificate authorities, encryption standards

3 ways to achieve crypto agility in a post-quantum world Read More »

The effect of omission bias on vulnerability management

The effect of omission bias on vulnerability management 2024-01-24 at 08:31 By Help Net Security Whether we’d like to admit it to ourselves or not, all humans harbor subconscious biases that powerfully influence our behavior. One of these is the omission bias, which has interesting ramifications in the world of cyber security, specifically vulnerability management.

The effect of omission bias on vulnerability management Read More »

Why cyberattacks mustn’t be kept secret

Why cyberattacks mustn’t be kept secret 2024-01-23 at 08:01 By Help Net Security No company is immune to cyberattacks, but when the inevitable happens, too many companies still try to maintain a wall of silence. In fact, over half of security professionals admit their organizations maintain a culture of security through obscurity, with over one-third

Why cyberattacks mustn’t be kept secret Read More »

Without clear guidance, SEC’s new rule on incident reporting may be detrimental

Without clear guidance, SEC’s new rule on incident reporting may be detrimental 2024-01-22 at 08:01 By Help Net Security The SEC has instituted a set of guidelines “requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance.” These new

Without clear guidance, SEC’s new rule on incident reporting may be detrimental Read More »

Out with the old and in with the improved: MFA needs a revamp

Out with the old and in with the improved: MFA needs a revamp 2024-01-19 at 08:02 By Help Net Security From AI to ZTA (zero-trust architecture), the technology responsible for protecting your company’s data has evolved immensely. Despite the advances, cybercriminals repeatedly find new and creative ways to gain access to sensitive information. This can

Out with the old and in with the improved: MFA needs a revamp Read More »

Attribute-based encryption could spell the end of data compromise

Attribute-based encryption could spell the end of data compromise 2024-01-18 at 08:02 By Help Net Security The future of data privacy is the end of compromise. With the world producing data at astounding rates, we need ways to put data to the best use while protecting against breaches and ensuring privacy, data protection and access

Attribute-based encryption could spell the end of data compromise Read More »

Security considerations during layoffs: Advice from an MSSP

Security considerations during layoffs: Advice from an MSSP 2024-01-17 at 08:01 By Help Net Security Navigating layoffs is complex and difficult for many reasons. Not only do human resources and direct managers bear the onus of responsibility when conducting exit conversations, but security teams should also make the necessary preparations for monitoring anomalies in employee

Security considerations during layoffs: Advice from an MSSP Read More »

3 ways to combat rising OAuth SaaS attacks

3 ways to combat rising OAuth SaaS attacks 2024-01-16 at 07:31 By Help Net Security OAuth attacks are on the rise. In December, the Microsoft Threat Intelligence team observed threat actors misusing OAuth apps to take over a cloud server and mine cryptocurrency, establish persistence following business email compromise and launch spam activity using the

3 ways to combat rising OAuth SaaS attacks Read More »

Flipping the BEC funnel: Phishing in the age of GenAI

Flipping the BEC funnel: Phishing in the age of GenAI 2024-01-15 at 08:02 By Help Net Security For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic (and usually poorly-written) email and fire it out to thousands of recipients in the hope that a few might take the

Flipping the BEC funnel: Phishing in the age of GenAI Read More »

Cloud security predictions for 2024

Cloud security predictions for 2024 2024-01-12 at 07:31 By Help Net Security As we reflect on the cybersecurity landscape and the trajectories of threat vectors, it’s evident that we’re on the cusp of a paradigm shift in cloud security. Businesses and cybersecurity professionals must stay abreast of these changes, adapting their strategies to ensure a

Cloud security predictions for 2024 Read More »

Purple teaming and the role of threat categorization

Purple teaming and the role of threat categorization 2024-01-11 at 07:31 By Help Net Security Organizations constantly work to ensure optimal threat detection and prevention across their systems. One question gets asked repeatedly: “Can we detect the threats we’re supposed to be able to detect?” Red team assessment, penetration testing, and even purple team assessments

Purple teaming and the role of threat categorization Read More »

Top LLM vulnerabilities and how to mitigate the associated risk

Top LLM vulnerabilities and how to mitigate the associated risk 2024-01-10 at 07:31 By Help Net Security As large language models (LLMs) become more prevalent, a comprehensive understanding of the LLM threat landscape remains elusive. But this uncertainty doesn’t mean progress should grind to a halt: Exploring AI is essential to staying competitive, meaning CISOs

Top LLM vulnerabilities and how to mitigate the associated risk Read More »

If you prepare, a data security incident will not cause an existential crisis

If you prepare, a data security incident will not cause an existential crisis 2024-01-09 at 08:02 By Help Net Security Why is it that when a company becomes aware of a potential data security incident, the team working on it (and others who are made aware that “something” is going on) have an immediate and

If you prepare, a data security incident will not cause an existential crisis Read More »

Scroll to Top