| As passwordless identity becomes mainstream, the term "passkey" quickly becomes a new cybersecurity buzzword. But what exactly is a passkey, and why do we need them? The financial constraints many smaller organizations face often cast shadows on their ability to fortify defenses. Phil Venables, CISO at Google Cloud, discusses the results of a recent Google report on board collaboration with the C-suite — particularly the CIO, CTO, and CISO to stay current with trends and prioritize security rather than treating it as an afterthought. The newly released SEC cyber incident disclosure rules have been met with mixed reviews. Of particular concern is whether public companies who own and operate industrial control systems and connected IoT infrastructure are prepared to define operational risk fully, and, therefore, are equipped to disclose material business risk from cyber incidents. This concern also provides a fresh opportunity for preparedness. Admiral James A. Winnefeld, USN (Ret.), is the former vice chairman of the Joint Chiefs of Staff. In this interview, he compares the strategies of traditional and cyber warfare, discusses the difficulty of determining the attack's nature, addresses ethical dilemmas, and promotes collaboration and cooperation with allies, partners, and, in some cases, even adversaries. Why not give Gen AI a shot at making predictions for the upcoming year? Let's see how it did. Organizations trying to cope with securing their expanding attack surfaces eventually find themselves at a crossroads: they need to move beyond finding risks to effectively mitigating risk. In this interview, James Murphy, the Director of the TechVets Programme at the Forces Employment Charity, discusses the challenges that military veterans face when transitioning from military to civilian life. One significant hurdle is the difficulty they often encounter in articulating their skills in a business-oriented language. With IoT taking over the home and office, device creators and users must take extra steps to stay cyber-safe. The solution is effectively integrating the CISO into the C-suite and forming a collaborative relationship with the board. The existing knowledge gap can be addressed using simple and concise language. Despite increased cybersecurity awareness, effort, and spending on the part of manufacturers and critical infrastructure organizations, one common misstep can help cybercriminals gain access: the insistence on visibility and detection without prevention. Humans are still better at crafting phishing emails than AI, but not by far, and likely not for long. Okey Obudulu, CISO at Skillsoft, talks about the increasing complexity of the CISO role and its challenges. He discusses the business environment, tech innovation, the evolving regulatory landscape, limited resources, and budgets. QR code phishing – aka "quishing" – is on the rise. A recent test of employee security awareness performed by Hoxhunt revealed that only 36% of almost 600,000 employees of varying levels of seniority successfully identified and reported the phishing email carrying a QR code. Enterprises will invest nearly $16 billion on GenAI solutions in 2023. This spending, which includes GenAI software and related infrastructure hardware and IT/business services, is expected to reach $143 billion in 2027. 90% of security leaders said that improving the accuracy of cybersecurity data is a priority. Additionally, when asked to consider the impact of AI, 76% are concerned about threat actors using AI to find gaps in their organization's security controls. Cheat sheets are concise, to-the-point references tailored for instant insights. This article provides a curated list of 10 essential cybersecurity cheat sheets, all free to download. | 
No comments:
Post a Comment