Welcome to CISO Corner, Dark Reading's weekly digest of articles tailored specifically to security operations readers and security leaders.
We're committed to bringing you a diverse set of perspectives to support the job of operationalizing cybersecurity strategies, for leaders at organizations of all shapes and sizes.
An IANS survey shows that CISOs shoulder more and more legal and regulatory liability for data breaches, but few are getting the recognition or support they need.
CISOs are increasingly being asked to assume the responsibilities of what would normally be considered a C-suite role, but without being regarded or treated as such at many organizations.
An IANS survey found that a full 75% of CISOs are looking for a job change, as expectations for the CISO role have changed dramatically at public and private sector organizations because of new regulations and growing demands for accountability for security breaches.
In the case of organizations with revenues of more than $1 billion, that number is even smaller, at 15%. Why most CISOs lack job satisfaction: CISOs Struggle for C-Suite Status Even as Expectations Skyrocket.
With attacks rising again, organizations can anticipate a new round of increases.
Specifically, it's missing four key cloud-centric security directives: configuration management, identity security, third-party app integration management, and resource control.
It's time to revisit your budget with revolutionary future needs front of mind.
Inevitably a current security budget is based on the previous year's budget, which is based on the prior budget, which is based on the prior budget, and so on.
The current budget may therefore be fundamentally based on a budget from more than a decade ago - in the same way that modern passenger trains might owe a debt to the size of the horse drawing a Roman chariot.
Here's how to break out of that limiting cycle: Your Cybersecurity Budget Is a Horse's Rear End.
Security teams need to start factoring for these tools when thinking about the software supply chain.
The growing number of applications incorporating artificial intelligence capabilities and tools that make it easier to work with machine learning models have created new software supply chain headaches for organizations, whose security teams now have to assess and manage the risks posed by these AI components.
Plus, security teams are often not informed when these tools are brought into the organization by employees, and the lack of visibility means they aren't able to manage them or protect the data being used.
A changing regulatory and enforcement environment means the smart CISO might need to shift how they work this year.
As CISOs gather with their security teams and corporate management to scope out top priorities for 2024, the personal and legal responsibility for data breaches the SEC has placed on CISOs could be the most challenging in the new year.
When it comes to privacy breaches in 2024, cyber insurance underwriters are expected to harden regulations on how organizations implement security on private data and privileged accounts, including service accounts, which tend to be overprivileged and often have not had their passwords changed in years.
Find out how forward-thinking visionaries are approaching breach risk: Top 3 Priorities for CISOs in 2024.
Water and wastewater utilities last week received new guidance for improving their response to cyberattacks from the US Cybersecurity and Infrastructure Security Agency, following a greater number of attacks by nation-state groups and cybercriminals targeting the underserved critical infrastructure.
This Cyber News was published on www.darkreading.com. Publication date: Fri, 26 Jan 2024 14:06:06 +0000