Welcome to CISO Corner, Dark Reading's weekly digest of articles tailored specifically to security operations readers and security leaders.
Boards of directors don't care about a security program's minute technical details.
With the US Securities and Exchange Commission's new rules around cybersecurity now in place, security teams need to bring more rigor to how they track key performance indicators and key risk indicators - and how they use those metrics to advise and report to the board.
Taking cues from the recommendations in the tome, Dark Reading breaks down the top security operational metrics that CISOs and cyber leaders need to be fluent with order to give the board a comprehensive report on risk levels and security performance and discusses how to create a data-backed model for determining the efficacy of an organization's program and identifying gaps in protection.
The CISO's stewardship of controlling digital risks is so essential to successful digital transformation that their roles increasingly are overlapping with CIO - highlighting cybersecurity's continuing trajectory from the server room to the boardroom.
Meanwhile the CISO is now a core operational stakeholder, facing compliance mandates, preventing operational disruption from data breaches, and assigning risk scores for emerging cybersecurity threats.
The Commission's definition of PII is broad and encompasses not only names, contact information, dates of birth, and Social Security numbers, but also biometrics and a slew of other data.
Previously, the FCC required customer notifications only when Customer Proprietary Network Information data was impacted, i.e. phone bill information like subscription plan data, usage charges, numbers called or messaged, and so on.
New data shows higher-than-expected cybersecurity growth in the Middle East, Turkey, and Africa region, thanks to AI and other factors.
Many departments and groups see the benefits of using generative AI tools, which will complicate the security teams' job of protecting the enterprise from data leaks and compliance and privacy violations.
Security teams are looking at how these activities can be incorporated into their day-to-day operations, especially for writing code, looking for reference information related to specific threat indicators and issues, and automating investigative tasks.
Cascading critical CVEs, cyberattacks, and delayed patching are plaguing Ivanti VPNs, forcing cybersecurity teams to scramble for solutions.
Ivanti has disclosed five VPN flaws so far in 2024, most exploited as zero-days - with two of them publicly announced weeks before patches became available.
Like cybersecurity researcher Jake Williams, see the glut of Ivanti vulnerabilities, and the company's slow incident response, as an existential threat to the business.
Williams blames Ivanti's current problems on years-long neglect of secure coding and security testing.
To recover, Ivanti would have to overcome that technical debt, according to Williams, while somehow building back trust with their customers.
It's a task Williams adds he's dubious Ivanti will be able to pull off.
Ultimately, Ivanti's woes fall on enterprise cyber teams, which will have to choose.
Cyber teams can follow CISA's advice and disconnect Ivanti VPN appliances and update before they are reconnected.
Or, while they're already offline for patching, they can replace Ivanti appliances altogether with fully updated gear.
This Cyber News was published on www.darkreading.com. Publication date: Sat, 17 Feb 2024 00:10:28 +0000