Tackling cyber risks head-on using security questionnaires

In this Help Net Security interview, Gaspard de Lacroix-Vaubois, CEO at Skypher, talks about the implementation of security questionnaires and how they facilitate assessments and accountability across all participants in the technology supply chain, fostering trust and safeguarding sensitive data. Many organizations overlook the critical role of security questionnaires in risk assessment. Could you elaborate […]

Continue Reading

Evolving conversations: Cybersecurity as a business risk

Board members often lack technical expertise and may not fully grasp cyber risks. On the other hand, CISOs are more accustomed to interfacing with IT staff. This is understandable; the board is responsible for guiding high-level decision-making. They rarely become involved with the details, leaving implementation plans and technical audits for the CISO to handle. […]

Continue Reading

CISO’s compass: Mastering tech, inspiring teams, and confronting risk

In this Help Net Security interview, Okey Obudulu, CISO at Skillsoft, talks about the increasing complexity of the CISO role and challenges they face. He discusses the business environment, tech innovation, the evolving regulatory landscape, limited resources, and budgets. Obudulu also provides recommendations for CISOs, emphasizing the need to embrace continuous learning across multiple domains […]

Continue Reading

GenAI in software surges despite risks

In this Help Net Security video, Ilkka Turunen, Field CTO at Sonatype, discusses how generative AI influences and impacts software engineers’ work and the software development lifecycle. According to a recent Sonatype survey of 800 developers (DevOps) and application security (SecOps) leaders, 97% are using the technology today, with 74% reporting pressure to use it […]

Continue Reading

Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044)

Progress Software, the company behind the recently hacked MOVEit file-sharing tool, has recently fixed two critical vulnerabilities (CVE-2023-40044, CVE-2023-42657) in WS_FTP Server, another popular secure file transfer solution. Proof-of-concept code for CVE-2023-40044 has been available since Friday, and Rapid7 researchers have observed multiple instances of WS_FTP exploitation in the wild, with two different attack chains. […]

Continue Reading

Most dual ransomware attacks occur within 48 hours

Since July 2023, the Federal Bureau of Investigation (FBI) has noticed a new trend: dual ransomware attacks on the same victim, occurring in close proximity of one another. Dual ransomware attacks Dual ransomware attacks are when attacks against the same victim occurr within 10 days (or less) of each other. According to the FBI, most […]

Continue Reading