Welcome to CISO Corner, Dark Reading's weekly digest of articles tailored specifically to security operations readers and security leaders.
The Securities and Exchange Commission recently adopted new rules that require publicly traded companies to report cyberattacks with a material impact.
While that's a boon for company stakeholders in theory, threat actors are seeing an extortion opportunity.
It's a glimpse of how things could go moving forward in the fast-evolving world of extortion tactics, particularly given the sheer volume of opportunity for compromising companies these days.
Thankfully, there are some steps companies can take to thwart this kind of pressure.
More companies are opting for managing complex security capabilities, such as data detection and response.
Threat management firm Rapid7 and data security firm Varonis announced new managed services this week, becoming the latest security companies to bundle complex security capabilities together in managed offerings.
Offering a managed version of an emerging security service will be an increasingly common approach, as the creation of an in-house cybersecurity capability is expensive, according to analyst firm Frost & Sullivan.
How a light railway in Israel is fortifying its cybersecurity architecture amid an increase in OT network threats.
Looking to avoid the same fate, Tel Aviv's Purple Line light rail transport, a line currently under construction and due to be open and running by the end of this decade, is baking cybersecurity directly into its build.
Dark Reading spoke with Eran Ner Gaon, CISO of Tel Aviv Purple Line LRT, and Shaked Kafzan, co-founder and CTO of rail cybersecurity provider Cervello, about the railway's comprehensive OT security strategy, which includes measures such as threat intelligence, technological measures, incident response plans, and training of employees related to the regulation of the Israel National Cyber Directorate.
The DoD's CMMC Is the Starting Line, Not the Finish Commentary by Chris Petersen, Co-Founder & CEO, RADICL. Cybersecurity Maturity Model Certification and a harden, detect, and respond mindset are key to protecting defense and critical infrastructure companies.
As threat actors like Volt Typhoon continue to target critical infrastructure, the US Department of Defense's Cybersecurity Maturity Model Certification may soon will become a strictly enforced mandate.
A company's rigor and depth in realizing them can make the difference between remaining vulnerable to the advances of a nation-state cyber threat or remaining protected.
How Neurodiversity Can Help Fill the Cybersecurity Workforce Shortage Commentary by Dr. Jodi Asbell-Clarke, Senior Research Leader, TERC. Many people with ADHD, autism, dyslexia, and other neurodiverse conditions bring new perspectives that can help organizations solve cybersecurity challenges.
The ISC2, which says the global workforce gap is 3.4 million, advocates for companies to recruit a more diverse population, which many interpret as meaning inclusion efforts around race and gender.
Many top STEM companies, including Microsoft, SAP, and EY, have neurodiversity workforce initiatives.
Neurodiversity is a competitive advantage: Some people with autism for instance excel in detailed pattern recognition and systematic thinking - perfect for jobs involving monitoring and detecting security breaches.
One problem these companies face is not finding enough neurodivergent talent.
Because attackers hide their phishing link in an image, QR code phishing bypasses user suspicions and some email security products.
This Cyber News was published on www.darkreading.com. Publication date: Fri, 09 Feb 2024 22:56:16 +0000