What does it take to be a highly effective CISO? Over the past 25 years, I’ve consulted for hundreds of executives on cybersecurity issues including direct support to dozens of CISOs working to effectively manage cyber risk in a wide variety of organizations.  With this post, I’ve attempted to capture some of the best practices from the most effective CISOs I know. In future articles, we’ll look at each of the 10 habits in greater detail, including direct input from the CISO community. 

Earlier this week, separate data exposure incidents left a total of 2.7 billion email addresses, 1 billion passwords, and nearly 800,000 applications for copies of birth certificates were found on unsecured cloud buckets by security researcher Bob Diachenko. Organizations continue to fail to lock down their cloud servers, and researchers

After January 14, Windows 7 users will get no more security updates to the operating system for free, warns Microsoft. Even though users will be able to continue to run Windows 7 after January, they could potentially face more security problems. Microsoft plans to deliver a new pop up notification

The Microsoft threat team recently analyzed a database that contained leaked login credentials of over 44 million users, exposed from multiple security breaches. Microsoft disclosed that the information came from multiple sources, including law enforcement agencies and open source resources. In the first three months of 2019, Microsoft uncovered that

IBM found that state-sponsored hacking group APT34 has deployed a new strain of malicious malware aimed at the industrial and energy sectors in the Middle East. APT34 was responsible for a phishing attack using LinkedIn earlier this year, but IBM claims that they are working with another group whose identity

Experian, an American credit reporting company, published a 2020 data breach industry forecast that stated “smishing” or text-based phishing, would be the next danger to consumers and agencies. Following smishing is drones that steal customer data, disruptive deepfakes, hacktivism, and identity theft through mobile payment systems. The report claims that

European security agency Enisa has identified the groups it believes are the biggest threat to 5G networks. Enisa warns that threats to telecoms infrastructure will increase with the arrival of 5G and next-generation mobile connectivity. 5G will present a wide array of risks, from automated factories to connected cars, attracting

The Homeland Security Systems Engineering and Development Institute (HSSEDI), under the Department of Homeland Security, updated the top 25 Common Weakness Enumeration (CWE) list for the first time in eight years. The CWE list compiles the most critical errors that lead to flaws in software. The CWE list is vital

98% of Alexa 1000 websites have not adopted sufficient client-side cybersecurity measures to prevent threat actors from attacking the websites to carry out personal, financial and credential theft, a recent study by Tala Security found. This risk is elevated during the holiday season when ecommerce sales and cybercriminial activity related

A new survey by WhiteHat sheds light on the state of security in the context of software development. Three in four (75%) developers express concerns about application security and 85% say that security is of high importance in the  software development lifecycle (SDLC). However, close to half of software development