As I travel the U.S. and the world, I am frequently asked what the proper reporting structure is for the Chief Information Security Officer (CISO). While it sounds cliché, the real answer is “it depends.”
Last month’s ASUS APT attack doesn’t come as a surprise to any security-conscious industry watcher – this highlights a long-standing flaw in many software supply chains today. Attackers have been engaged in spoofing websites, stealing credentials and gaining unauthorized access for years. Injecting malicious code into legitimate tools that are designed to protect represents the next evolution in putting companies and their customers at risk.
Both the government and the private sector are scrambling for talent. Thousands of information-security jobs are going unfilled as the industry in the U.S. struggles with a shortage of properly trained professionals. By one estimate, there will be 3.5 million unfilled cybersecurity jobs by 2021.
A recent study found that healthcare organizations are most susceptible to phishing attempts, with employees clicking one in seven simulated emails sent.
The Asia-Pacific region led in the number of data compromises investigated in 2017, accounting for 35% of instances and overtaking North America at 30%, down from 43%.
An online audit of websites has found that consumer-facing U.S. government websites rank highest in security and privacy while healthcare comes in last.
The pace of change within communications networks is happening at speeds not seen since the shift from circuit-switched networks to IP began a couple of decades ago.
RSS
