Welcome to CISO Corner, Dark Reading's weekly digest of articles tailored specifically to security operations readers and security leaders.
Post-SolarWinds, it's no longer enough for chief information security officers to remain compliant and call it a day.
When CISOs are hired, they're often described as being responsible for implementing effective security, information security, and risk management frameworks at their organizations.
Even though SolarWinds is trying to get the SEC suit dismissed, there's a precedent around personal legal responsibility for breaches and attacks, and some say that's created a deterrent for the CISO role at public companies.
Get more insights on this: The CISO Role Undergoes a Major Evolution.
Security should not be treated as one-size-fits all, and that is doubly true when it comes to security awareness education.
According to a Yubico and OnePoll survey of 2,000 US and UK consumers released in October, about 20% of Baby Boomers reuse their passwords across online services - but surprisingly, nearly half of millennials do, making them more vulnerable to cyberattacks.
Here's how organizations can tailor their cybersecurity education programs to fit audiences across demographics, run training sessions more frequently, and promote awareness throughout the year to ensure security messages aren't being forgotten or ignored.
Cathay, a travel lifestyle brand that includes the Cathay Pacific airline, had a growing cybersecurity problem made worse by its aging technology infrastructure.
It solved part of the problem by replacing legacy technology with a modern one that has security built in.
Cathay Pacific, which has experienced a large data breach in recent years, has decided to replace its infrastructure with one that has cybersecurity built in: When fully operational, Cathay Pacific will be one of the first airlines to embrace secure access service edge.
In today's environments, security can be a revenue enabler, not just a cost center.
Many organizations still often view security as a necessary expense and a cost center, but in reality, security teams are a strategic component that can provide services that are truly enabling for the business.
A new security service that enables customer self-service, for example, doesn't directly generate revenue, because there's no charge to the customer.
Artificial intelligence-powered security stacks are helping security teams generate new revenue streams by bolstering customer trust, enhancing business continuity, and providing competitive differentiation.
There are other ways that IT and security can be more integral to operations, such as in crisis management.
Security may not own this area of focus, but it is a key stakeholder.
Discover more on security as a strategic asset: Recognizing Security as a Strategic Component of Business.
Ransomware claims severity also reached a record high, with an average loss of more than $365,000.
Claims frequency increased for all revenue bands, but businesses with more than $100 million in revenue saw the largest increase at 20%. Businesses with more than $100 million in revenue were also hit the hardest, experiencing a 72% increase in claims severity.
This Cyber News was published on www.darkreading.com. Publication date: Fri, 02 Feb 2024 22:30:27 +0000