Israel is known for its cyber resilience, but small and medium businesses in the country need to reduce external communication during wartime to reduce their attack surface, said May Brooks-Kempler, director of Cyber Range Solutions and founder and former president of ISC2 Israel Chapter.
Tech firms are making huge investments in generative AI tools, but nearly half of cybersecurity professionals say they have little or no or knowledge of AI, according to ISC2's Cyber Workforce Study 2023, which surveyed 14,865 international security practitioners and decision-makers.
A scientist claims to have developed an inexpensive system for using quantum computing to crack RSA, which is the world's most commonly used public key algorithm. If true, this would be a breakthrough that comes years before experts predicted. Now, they're asking for proof.
The Clop ransomware operation's recent mass zero-day exploit of Progress Software's MOVEit secure managed file transfer software followed the criminals launching similar attacks against users of Accellion FTA, SolarWinds Serv-U and Fortra GoAnywhere.
What kinds of training do security professionals need? The biggest skills gaps are soft skills - 55%, cloud computing - 47%, security controls - 35%, coding skills and software development - both at 30%, says ISACA's State of Cybersecurity 2023 survey of more than 2,000 security leaders globally.
In Part 2 of this three-part blog post, Nikko Asset Management's Marcus Rameke discusses why he prefers HCI over traditional three-tier architecture data centers and IaaS and why the vision to move the workload to SaaS or PaaS is preferable. Part 3 will continue this discussion.
Venture-backed cloud security firm Wiz swallowing up publicly traded endpoint security firm SentinelOne would be one of the most unorthodox and surprising acquisitions the cybersecurity industry has ever seen. But despite the major financial hurdles, the potential technology synergies are obvious.
Will AI take my job? Maybe or maybe not. But it can certainly help ease the shortage of skilled workers by automating routine tasks and supplementing human skills. Jon France, CISO at ISC2, sheds light on how generative artificial intelligence is addressing this critical challenge.
As the digital landscape evolves, security teams need skills and training platforms that can provide the right resources for an organization "by showing what someone has got in terms of skills, without necessarily fully relying on their CVs," said Jess Burn, senior analyst at Forrester.
Various "dark" generative artificial intelligence tools purportedly help criminals more quickly amass victims. Guess what? They've all gone bust, if they weren't simply outright scams - in part because legitimate tools can be "jailbroken" to achieve similar results. What are they really achieving?
Real-time protection against API attacks is nonnegotiable for the protection of any web application or digital service that relies on application programming interfaces. Here are some of the most common types of API attacks and strategies for protecting against them in real time.
Is the Akira ransomware story coming to an end? Security researchers say the group was competing in a competition designed by Royal to give it a new cryptolocker - but lost. Even with a free decryptor now available for Akira victims, however, it's too soon to say if the group might be doomed.
The first step in managing risk is recognizing it as a boardroom matter, and it demands that directors be prepared to understand and discuss the cyber issue and strategically guide C-level executives on this complex topic. It requires cyber competence in the boardroom, said CISO Marco Túlio Moraes.
Ransomware hackers are stretching the concept of code reuse to the limit as they confront the specter of diminishing returns for extortionate malware. In their haste to make money, some new players are picking over the discarded remnants of previous ransomware groups.
In this episode of "Cybersecurity Insights," Antoinette Hodes of Check Point Research discusses the need to consolidate an organization's cybersecurity posture, gain visibility into OT and IT assets, and use cybersecurity education to increase worker safety.