How to choose secure, verifiable technologies?

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has published a guidance document titled Choosing Secure and Verifiable Technologies, compiled to assist organizations in making informed decisions when procuring softwa… Continue reading How to choose secure, verifiable technologies?

Treat AI like a human: Redefining cybersecurity

In this Help Net Security interview, Doug Kersten, CISO of Appfire, explains how treating AI like a human can change the way cybersecurity professionals use AI tools. He discusses how this shift encourages a more collaborative approach while acknowledg… Continue reading Treat AI like a human: Redefining cybersecurity

6 key elements for building a healthcare cybersecurity response plan

Medical practices remain vulnerable to cyberattacks, with over a third unable to cite a cybersecurity incident response plan, according to Software Advice. This gap exposes healthcare providers to risks of patient data breaches, HIPAA violations, finan… Continue reading 6 key elements for building a healthcare cybersecurity response plan

The future of cyber insurance: Meeting the demand for non-attack coverage

In this Help Net Security interview, Michael Daum, Head of Global Cyber Claims for Allianz Commercial, discusses the significant rise in cyber claims in 2024, driven by an increase in data breaches and ransomware attacks. Daum highlights the need for b… Continue reading The future of cyber insurance: Meeting the demand for non-attack coverage

Unclear pricing for GRC tools creates market confusion

Due to widely varying government, risk, and compliance (GRC) tool pricing, enterprise risk management (ERM) leaders must understand four different pricing-tier categories of GRC solutions and apply a scoping framework to further estimate likely costs a… Continue reading Unclear pricing for GRC tools creates market confusion

The CrowdStrike Outage and Market-Driven Brittleness

Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. Nearly 7,000 flights were canceled. It took down 911 systems and factories, courthouses, and television stations. Tallying the total cost will take time. The outage affected more than 8.5 million Windows computers, and the cost will surely be in the billions of dollars­—easily matching the most costly previous cyberattacks, such as NotPetya.

The catastrophe is yet another reminder of how brittle global internet infrastructure is. It’s complex, deeply interconnected, and filled with single points of failure. As we experienced last week, a single problem in a small piece of software can take large swaths of the internet and global economy offline…

Continue reading The CrowdStrike Outage and Market-Driven Brittleness

OWASP dep-scan: Open-source security and risk audit tool

OWASP dep-scan is an open-source security and risk assessment tool that leverages information on vulnerabilities, advisories, and licensing restrictions for project dependencies. It supports local repositories and container images as input sources, mak… Continue reading OWASP dep-scan: Open-source security and risk audit tool

Key questions to ask when tailoring defensive stacks

In this Help Net Security video, Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber, outlines the questions you need to ask your security team when tailoring a defense stack against your current threat landscape. Small talks about what w… Continue reading Key questions to ask when tailoring defensive stacks

How to optimize your bug bounty programs

In this Help Net Security interview, Roy Davis, Manager – Vulnerability Management & Bug Bounty at Zoom, discusses the role bug bounty programs play in identifying security vulnerabilities and facilitating collaboration with researchers. He … Continue reading How to optimize your bug bounty programs

How Google’s 90-day TLS certificate validity proposal will affect enterprises

Announced last year, Google’s proposal to reduce the lifespan of TLS (transport layer security) certificates from 13 months to 90 days could be implemented in the near future. It will certainly improve security and shrink the window of opportunity for … Continue reading How Google’s 90-day TLS certificate validity proposal will affect enterprises