Welcome to CISO Corner, Dark Reading's weekly digest of articles tailored specifically to security operations readers and security leaders.
Companies could face millions of dollars in fines if they fail to notify the SEC of a material breach.
Overall, 68% of cybersecurity teams do not believe that their company could comply with the four-day disclosure rule, according to a survey published on May 16 by cloud security firm VikingCloud.
While larger companies have focused on the issue for over a year - even before the rule was finalized - smaller companies have had a more difficult road, says Matt Gorham, leader of the Cyber and Privacy Innovation Institute at consultancy PricewaterhouseCoopers.
Companies need to focus on creating a documented process and saving contemporaneous evidence as they work through that process for each incident.
It's a brand new podcast from the editors of Dark Reading, where we are going to focus on bringing you real-world stories straight from the cyber trenches.
The first episode dives into the increasingly complicated relationship between the Securities and Exchange Commission and the role of the chief information security officer within publicly traded companies.
In the wake of Uber's Joe Sullivan and the SolarWinds executives being found liable for breaches, CISOs now face a dual challenge of properly interpreting what the SEC means by its new rules for cyber incidents, as well as their own personal liability.
SANS Institute experts weigh in on the top threat vectors faced by enterprises and the public at large.
Security Impact of Technical Debt: The security cracks left behind by technical debt may not sound like a pressing new threat, but according to Dr. Johannes Ullrich, dean of research for SANS Technology Institute, the enterprise software stack is at an inflection point for cascading problems.
Offensive AI as Threat Multiplier: According to Stephen Sims, a SANS fellow and longtime offensive security researcher, as GenAI grows more sophisticated, even the most nontechnical cyberattackers now have a more flexible arsenal of tools at their fingertips to quickly get malicious campaigns up and running.
CISOs are now considered part of the organizational executive leadership and have both the responsibility and the opportunity to drive not just security but business success.
Chief information security officers are the heart of this committee, and those ultimately responsible for implementing its recommendations.
Implement a phased adoption approach: Implementing a phased adoption approach allows for security to escort adoption and assess real-time security implications of adoption.
With gradual adoption, CISOs can embrace parallel security controls and measure their success.
New AI-focused security solutions may allow customers to also set up and define their own unique parameters of safe prompts.
The nation amends its Cybersecurity Act, giving its primary cybersecurity agency more power to regulate critical infrastructure and third parties, and requiring cyber incidents be reported.
Lawmakers in Singapore updated the nation's cybersecurity regulations on May 7, to take into account the impact of running critical infrastructure management systems on cloud infrastructure and the use of third-party providers by critical infrastructure operators, as well as a cyber threat landscape in Asia that is growing more dangerous.
At 2024's RSA Conference last week, brand names like Microsoft, Amazon Web Service, IBM, Fortinet, and more agreed to take steps toward meeting a set of seven objectives defined by the US's premier cyber authority.
CISA's Secure by Design pledge consists of areas of security improvement split into seven primary categories: multifactor authentication, default passwords, reducing entire classes of vulnerability, security patches, vulnerability disclosure policy, CVEs, and evidence of intrusions.
This Cyber News was published on www.darkreading.com. Publication date: Sat, 18 May 2024 08:05:25 +0000