How effective are your cybersecurity awareness programs—and do your employees agree?
This central question was the cornerstone of this research project which assessed the efficacy of cybersecurity
awareness programs from both perspectives—the security professional
and the non-security employee.
As a veteran CISO who enjoys the startup culture and energy, Aleksandr Zhuk of crypto broker sFOX likens himself to the first family doctor coming to a growing village. He's addressing an important need that certainly existed prior, but was overlooked or maybe outsourced.
How does a CISO map his goals to the security investments made by a company long before he came onboard? How can you balance the short-term and long-terms goals at a new organization? Aditya Vardhan, CISO of Jindal Power & Steel, shares his insights on ensuring a smooth transition.
Nation-state attackers are not just looking for major vulnerabilities to gain control of the enterprise. They are exploiting minor flaws to gain access and increase the severity of their attacks, says Matanda Doss, executive director of cybersecurity and technology controls at JPMorgan Chase.
In the latest weekly update, ISMG editors discuss why being a CISO is like being the first family doctor in a small village, why you can't trust ransomware gangs such as LockBit, and why cloud security vendor Netskope took on $401 million in debt from Morgan Stanley to fuel its SASE offering.
In this episode of "Cybersecurity Unplugged," Steve Stone of Rubrik Zero Labs discusses the State of Data Security Report, which focuses on the impact of cybersecurity attacks on IT leaders, especially CISOs. Stone outlines areas of concern after an attack and changes needed to improve security.
Technology implementations should be paired with a thought process of prioritizing automation, innovation and continuous improvement. Eliminating passwords and implementing AI/ML at the front end can reduce risks from human carelessness, says Nikhil Chawla of Colgate Global Business Services.
In the latest update, four ISMG editors discuss important issues of 2022, including: CISO Marene Allison's unique career path; Ukrainian government cybersecurity official Victor Zhora on lessons learned from countering cyberattacks; and insights from CEO Nikesh Arora of Palo Alto Networks.
She has been a CISO almost longer than there has been cybersecurity. And now Marene Allison, CISO at Johnson & Johnson, eyes retirement and her next adventures. She reflects on her career, her accomplishments and what she wishes for her successor and the next generation of cybersecurity leaders.
A salute to the career of Johnson & Johnson CISO Marene Allison leads this week's Information Security Media Group Editors' Panel, which also reviews essentials for implementing a zero trust strategy and the use of banking standards to regulate blockchain-based digital assets.
"Disruptive" is the operative word, and Atefeh "Atti" Riazi uses it to describe the impact digital transformation has had on how we live, work, learn and conduct commerce. Newly hired as CIO of Hearst, she opens up on AI and the power of disruptive technologies to drive new business outcomes.
In his latest rant, Ian Keller, the Troublemaker CISO, decries lazy and bad coding practices, mistakes CISOs may make and unwarranted CISO-blaming by the media, unanswered requests for more funding and staff - and the epic failures all these can produce when a breach happens, as it inevitably will.
In October, former Uber CSO Joe Sullivan was convicted of covering up a 2016 data breach. The trial likely marked the first time a chief security officer had faced criminal charges over incident response. Attorney Jonathan Armstrong says, "This trend is going to be difficult to put back in the box."
The latest edition of the ISMG Security Report discusses how investigators saw the collapse of cryptocurrency exchange FTX as "one of the biggest financial frauds in American history," how CISOs can guard against their own liability, and major security and privacy shifts and the outlook for 2023.