DIRS.INFO The most relevant business & tech news

☆ AI for Cybersecurity
▼ + stars: | 2024-10-30 | by ( ) www.cnbc.com time to read: 1 min

With the dawn of the AI Age comes a new era in cybersecurity. How is the new technology poised to revolutionize cybersecurity as we know it, and how are companies using AI in their cyber defense practices right now? Guests: Shailaja Shankar, Cisco SVP Engineering, Security Business Group & Sanjay Macwan, Vonage CIO & CISO

Persons: Shailaja Shankar, Sanjay Macwan Organizations: Cisco SVP Engineering, Security Business Group, Vonage Locations: cybersecurity

☆ Companies face risk of huge fines and suspensions under tough new cyber rules in the EU
▼ + stars: | 2024-09-20 | by ( Ryan Browne | ) www.cnbc.com time to read: +7 min

The rules impose tougher requirements on companies around their internal cyber resilience strategy and internal practices. CNBC runs through all you need to know about NIS 2 — from what the law requires to the potential penalties businesses could face for violations. Under NIS 2, firms will also have to vet their digital supply chains for cyber threats and vulnerabilities. Companies that fail to comply with the new law could face massive potential fines, along with other punitive actions. Still, even with cyber security a much more prominent focus in board rooms, this hasn't stopped cyberattacks from taking place.

Persons: Oscar Wong, Geert van der Linden, Van der Linden, It's, Chris Gow, Carl Leonard, Leonard, Cisco's Gow, CISO, cyberattacks, Gow Organizations: European Union, NIS, CNBC, Information, EU, Companies, noncompliance, Data, Union Locations: EU, Capgemini, Russian

☆ What business leaders should know about the SEC's cybersecurity disclosure rule
▼ + stars: | 2024-09-10 | by ( Erica Sweeney | ) www.businessinsider.com time to read: +7 min

Last year, the SEC mandated that public companies disclose material cybersecurity incidents. "These types of cybersecurity incidents have a real impact, potentially, on shareholder value," Kate Dedenbach, a privacy and cyber attorney at Fisher Phillips in Detroit, told Business Insider. "The SEC's goal is to provide investors with more robust and timely information about cybersecurity incidents so they can make more knowledgeable investment decisions." There's a timeframe for disclosuresThe SEC says that determining a cybersecurity incident's materiality should be done "without reasonable delay" but doesn't specify a timeframe. The SEC says companies can delay disclosure if a cybersecurity incident poses a substantial risk to national security or public safety.

Persons: —, Hugh Thompson, Kate Dedenbach, Fisher Phillips, Thompson, LoanDepot, Lei Zhou, Zhou, Dedenbach, Steve Winterfeld, it's, Winterfeld, cyberattacks, Winterfield Organizations: SEC, Service, RSA Conference, US Securities and Exchange Commission, Microsoft, Forbes, University of, Akamai Technologies Locations: Detroit

☆ This first-time mom landed her dream C-suite job while pregnant—and almost said no. What changed her mind
▼ + stars: | 2024-04-18 | by ( Morgan Smith | ) www.cnbc.com time to read: +5 min

Nada Noaman became a C-Suite leader at The Estée Lauder Companies just weeks after learning she was pregnant with her first child. When Nada Noaman landed her dream C-suite job at The Estée Lauder Cos. just hours after finding out she was pregnant, she felt unbridled joy — and panic. Nada Noaman at a baby shower her co-workers threw for her right before she went on maternity leave in December 2022. Estée Lauder offers full-time corporate employees in the U.S. up to 20 weeks of paid parental leave at their normal pay. "Having a solid support system at work and having a clear game plan months ahead of time made all the difference."

Persons: Nada Noaman, Lauder, Lauder Cos, …, Noaman, Estée, didn't, —, Michael Smith, Estèe, Estée Lauder, Smith, Noaman's, Estèe Lauder, Nada Organizations: Lauder Companies, U.S Locations: New York, Los Angeles, U.S

☆ 'Cyber-physical attacks' fueled by AI are a growing threat, experts say
▼ + stars: | 2024-03-03 | by ( Kevin Williams | ) www.cnbc.com time to read: +5 min

He said with the widespread arrival of generative AI, concerns about physical attacks being the next phase of cybercrime have grown. He added that the technology, now boosted by AI, exists to wreak havoc on physical systems. Attacks on physical infrastructure would be tantamount to war, and so far, that is something nation-states have avoided. Experts, though, vary on the threat level from cyber-physical attacks and how much AI is raising it. But while she views the threat of AI-assisted cyber-physical attacks as growing, she said AI also assists the good guys.

Persons: Stuart Madnick, Christopher Wray, —, Madnick, don't, Tim Chase, CISO, Chase, Sivan Tehila, Tehila, Michael Kenney, Matthew B Organizations: Cybersecurity, MIT Sloan, FBI, Congress, Katz School of Science and Health, Yeshiva University, Israel Defense Forces, . University of Pittsburgh, Ridgway Center for International Security Locations: United States

☆ Shadow AI in the 'dark corners' of work is becoming a big problem for companies
▼ + stars: | 2024-02-07 | by ( Rachel Curry | ) www.cnbc.com time to read: +5 min

Known as shadow AI, this is the AI usage within a company that occurs "in dark corners," said Jay Upchurch, CIO of data analytics platform SAS. Shadow IT is nothing new, and shadow AI is the latest iteration of the phenomenon. The problem is that shadow AI is more complex, and more dangerous, than shadow IT was in the past. Remote users and cloud-based concernsEducation on the risks of shadow AI and the best ways to procure approval help, but they only go so far. Ultimately, Upchurch emphasizes that while shadow AI is very real, so is AI itself.

Persons: Jay Upchurch, Tim Morris, Tanium, Ameer Karim, Morris, Mike Scott, CISO, Scott, Karim, Upchurch, it's Organizations: SAS, Companies, Samsung, Microsoft

☆ Internal Microsoft email shows a shakeup in Charlie Bell's security organization
▼ + stars: | 2023-12-05 | by ( Ashley Stewart | ) www.businessinsider.com time to read: +1 min

Microsoft named a new chief information security officer, according to an internal email. Igor Tsyganskiy, Bridgewater's former chief technology officer, will take on the role Jan. 1. The move suggests Microsoft and Bell want to shake up the CISO role and strategy, one insider said. Microsoft's security boss Charlie Bell, in an internal email to employees Tuesday, named a new chief information security officer and announced new roles for the current CISO and deputy CISO, the latter of which will be leaving the organization. Igor Tsyganskiy, the former Bridgewater chief technology officer who recently joined Microsoft, will become the company's new CISO on January 1.

Persons: Igor Tsyganskiy, Bell, Charlie Bell, CISO Organizations: Microsoft, Bridgewater, Security, Business

☆ The Cybersecurity Lawsuit That Boards Are Talking About
▼ + stars: | 2023-11-18 | by ( Sarah Kessler | More About Sarah Kessler | ) www.nytimes.com time to read: +2 min

Most experts agree that, regardless of the lawsuit’s outcome, it could affect how companies handle cybersecurity risks. In July, the agency adopted new cybersecurity disclosure requirements set to take effect in December. They require companies to report material attacks within four days and to make yearly disclosures about their cybersecurity risk management, strategy and governance. In a June speech, the S.E.C.’s enforcement director, Gurbir Grewal, said it had “zero tolerance for gamesmanship” around cybersecurity disclosures. No CISO can now risk basically painting an unrealistically positive picture of cybersecurity.”

Persons: Gurbir Grewal, ” Wolff, ‘, Ramakrishna, it’ll, ”, Jake Williams, CISOs Organizations: cybersecurity

☆ SEC alleges SolarWinds and key executive misled investors about cybersecurity prior to 'massive' cyberattack
▼ + stars: | 2023-10-31 | by ( Rohan Goswami | In Rohangoswamicnbc | ) www.cnbc.com time to read: +6 min

"We allege that, for years, SolarWinds and Brown ignored repeated red flags about SolarWinds' cyber risks, which were well known throughout the company," SEC enforcement director Gurbir Grewal said in a press release. SolarWinds went public in 2018, and made only "generic" disclosures about cybersecurity risk in both its prospectus and in continued filings, the complaint said. However, the SEC alleged that SolarWinds and Brown knew that the company's cybersecurity practices were weak, pointing to an internal presentation from Brown that was made the same month SolarWinds went public. It appears to be one of the first times the SEC has alleged a company misled and defrauded investors over cybersecurity risks. In reality, Brown knew that the company was not following those best practices, the SEC alleged.

Persons: SolarWinds, Tim Brown, Brown, Gurbir Grewal, weren't, Solarwinds, Kevin Thompson, Sudhakar Ramakrishna, Mr, Alec Koch Organizations: SolarWinds Corp, New York Stock Exchange, Securities and Exchange Commission, SEC, software, Orion, unf, Regulators, MGM Resorts, CNBC Locations: New York, U.S, Russian, Clorox, SolarWinds

☆ Companies want to spend more on AI to defeat hackers, but there's a catch
▼ + stars: | 2023-10-03 | by ( Rachel Curry | ) www.cnbc.com time to read: +4 min

And there is risk that as AI speeds the development of software, new iterations will roll out so quickly that flaws may be missed. Less panic, more preparednessExperts view cloud migrations and AI as the two biggest threats to an organization's cybersecurity right now. "Every company is going to have to be concerned about how well they're protecting their assets and information as they move to the cloud," Casey said. Casey also recognizes that developers are creating software faster with AI. "If we're developing software faster, we're introducing vulnerabilities faster.

Persons: Mike Scott, CISO, Scott, Andrew Casey, Casey, I've, that's, CISOs, they've Organizations: IBM, Benz, ADP

☆ How AI and better pay can address the ongoing cyber talent shortage
▼ + stars: | 2023-09-27 | by ( Bob Violino | ) www.cnbc.com time to read: +5 min

Nearly all of them said the cybersecurity skills shortage and its associated impacts have not improved over the past few years and 54% said it has gotten worse. The cybersecurity skills shortage has been going on for years, and it's getting worse, with a rising number of firms citing the issue. Artificial intelligence, particularly generative AI, might play a growing role in easing the skills shortage. Let's say an organization has an inexperienced member of its cyber team, which is a common scenario, Shockey said. In other words, you can treat generative AI as a virtual member of the cyber team."

Persons: Jon Oltsik, ESG, Oltsik, Candy Alexander, ISSA, Alexander, Jason Shockey, Shockey, there's Organizations: IT, Enterprise Strategy, Information Systems Security Association, ISSA International, NeuEon LLC, West

But the amount of cybersecurity expertise on boards remains relatively low, at a time when boards are under increased scrutiny for security failings. In responses to that survey from 472 corporate board directors, 76% said their board had at least one cybersecurity expert, including 19% who said their board had at least three directors with cybersecurity expertise. The other 25 directors’ experience comes from either having held a senior government role in cybersecurity or from having led and/or founded a cybersecurity company. Whatever a board’s composition, most directors aren’t very confident in their board’s ability to handle a cybersecurity incident. Cybersecurity company leader: Nineteen directors have founded and / or led cybersecurity or data security companies.

Persons: Jamil Farshchi, don’t, ”, ’, Shamla Naidoo, Netskope, Naidoo, ” Naidoo, aren’t, Shankar Arumugavelu, Nir Zuk, Zuk Organizations: WSJ Pro Research, Securities and Exchange, Pro Research, National Association of Corporate, Business Machines, WSJ, Seagate Technology Holdings, Verizon, Palo Alto Networks, Juniper Networks Locations: cybersecurity, FactSet

☆ Boards Still Lack Cybersecurity Expertise
▼ + stars: | 2023-09-25 | by ( James Rundle | ) www.wsj.com time to read: +4 min

Newsletter Sign-up WSJ Pro Cybersecurity Cybersecurity news, analysis and insights from WSJ's global team of reporters and editors. This includes people who sit on the boards of cyber companies or have an affiliation with a cybersecurity-related professional organization. Heath, a former security chief at United Airlines and tech provider DocuSign, sits on the boards of cyber companies Wiz and Gen Digital. Board work demands wide business experience that many security chiefs lack, said Myrna Soto, founder and chief executive of consulting firm Apogee Executive Advisors. Solving this problem will take effort from boards and cybersecurity professionals, said NightDragon’s DeWalt.

Persons: ”, Dave DeWalt, Emily Heath, Heath, “, Myrna Soto, Patrick T, Soto, NightDragon’s DeWalt, James Rundle Organizations: Delta Air Lines, United Airlines, Gen Digital, Wall Street, U.S . Securities, Exchange, Apogee, Fallon, Bloomberg, Directors, Spirit Airlines, Popular, TriNet Locations: U.S, NightDragon, cybersecurity, Heath

☆ Leaked document reveals 'Maverick,' a new Amazon AI security initiative led by Uber's former CISO
▼ + stars: | 2023-08-15 | by ( Eugene Kim | ) www.businessinsider.com time to read: +4 min

The goal is to build automation tools for AI security and foster partnerships across the company. "In Q2 2023, Amazon Security created the Maverick program to ensure LLM based experiences uphold our high security standards to protect customer data and trust. The Amazon Web Services cloud unit also created an independent team focused on helping customers use generative AI, Insider previously reported . The new Maverick initiative wants to "understand GenAI risks" to Amazon and create "centralized GenAI security testing tools," according to the internal document. The second involves partnering with security teams to "create GenAI security guidance and add specific tasks to existing security mechanisms," the document added.

Persons: John, Flynn, Uber's CISO, Adam Montgomery, Maverick, Andy Jassy, LLMs, Jassy Organizations: Amazon, Amazon Security, Excellence, Amazon's, Microsoft, Google, Services, AWS

☆ The generative A.I. battle between companies and hackers is starting
▼ + stars: | 2023-08-02 | by ( Susan Caminiti | ) www.cnbc.com time to read: +4 min

More and more individuals have the capabilities of hackers, using things like ransomware-as-a-service and AI, and for CISOs and other cyber leaders, the rapid adoption of generative AI "changes the threat landscape tremendously," he said. For example, the use of generative AI has made phishing attacks easier and more authentic looking. With generative AI, a non-English-speaking bad actor can instantly and nearly flawlessly translate an email into any language, making it harder for employees to spot the fakes. In fact, using AI to amplify speed and scale in cybersecurity is among the biggest benefits experts see coming in the near term. I think over the next year, cyber leaders are going to figure out where AI is really useful and where it's not."

Persons: Joe Biden, Collin R, Walke, Hall Estill's, Stephen Boyer, " Boyer, Michael McNerney, OpenAI, McNerney, it's Organizations: Amazon, Google, Microsoft, Resilience, Valley's Locations: cybersecurity

☆ A critical cybersecurity backup plan that too many companies are ignoring
▼ + stars: | 2023-07-24 | by ( Bob Violino | ) www.cnbc.com time to read: +6 min

Approximately 41% of companies do not have a succession plan for their CISO, according to a report from executive recruiting firm Heidrick & Struggles. "We consider not having a CISO succession plan to be a serious material risk that companies can easily mitigate," said Matt Aiello, partner and global cybersecurity practice leader at Heidrick & Struggles. "The lack of a successor could disrupt business-as-usual cybersecurity operations, resulting in delays, gaps in critical cyber risk management activities, and hindered cyber incident response and decision-making," Soo said. "Lack of proper succession planning could result in disruption throughout an organization," he said. CISO succession planning should also involve anticipating future security requirements by considering the evolving nature of the business and technology landscape.

Persons: CISOs, Matt Aiello, Aiello, " Aiello, Daniel Soo, Soo Organizations: Istock, Getty, Companies, Deloitte

☆ A short seller with an over 90% win ratio shares the 9 indicators that make for a 'beautiful stock to short'
▼ + stars: | 2023-07-08 | by ( Laila Maidan | ) www.businessinsider.com time to read: +12 min

But as he continued researching online, he came across the idea of stock trading. He noted that when you sell a stock short, your gain is limited to the value of the stock. However, your loss is unlimited, depending on how high a stock's price could rally. Since the stock's price was below $2, he waited for a reversal for confirmation. The short interest rate could indicate how many traders are trying to short a stock.

Persons: David Capablanca, didn't, it's, Capablanca, Timothy Sykes, Sykes, he'd, TraderSync, David Olivares, Olivares, isn't, Norman Zadeh, Jim Chanos, John Paulson, Zadeh, CISO Organizations: University of Florida, University of California, Millionaire, Capablanca's, Interactive, United States, Capablanca, Super League, Gamestop, Twitter Locations: Los Angeles

☆ Cybersecurity experts have become targets for board seats
▼ + stars: | 2023-07-03 | by ( Bob Violino | ) www.cnbc.com time to read: +6 min

The research also showed that 90% of public companies lack even one qualified cyber expert, showing a significant cyber board supply-demand gap. A recently released report on CISO board readiness conducted by IANS Research in collaboration with Artico Search and The CAP Group, found that less than half of the CISOs stand out as board candidates. So, what skills do CISOs need — aside from cybersecurity expertise — to be considered credible board members? CISOs also need to understand risk to speak to a board. In addition, CISOs must understand business risk.

Persons: Kakolowski, Nick Kakolowski, Steffen, Chris Steffen, Larry Whiteside, CISO, Ember, Whiteside, CISOs Organizations: IANS Research, CAP Group, Enterprise Management Associates, Cloud Security Alliance, University of South Locations: RegScale, University of South Florida

☆ Young Cyber Companies Face Uncertain Economy
▼ + stars: | 2023-05-10 | by ( James Rundle | ) www.wsj.com time to read: +4 min

Newer cybersecurity companies are grappling with uncertain economic conditions as they find it harder to raise capital, continue to trim their workforces and refocus on profits after long periods of chasing growth. Fed by a glut of venture-capital investment, many private cybersecurity providers hired widely and expanded their operations significantly in recent years. Newsletter Sign-up WSJ Pro Cybersecurity Cybersecurity news, analysis and insights from WSJ's global team of reporters and editors. Cybereason, a Boston-based security company, raised $100 million in Series G financing in early April, led by SoftBank. The company’s chief executive, Lior Div, was replaced by SoftBank executive Eric Gan, with Mr. Div taking on an advisory role.

☆ Bank of America's top information-security exec is taking on a brand-new role at the bank focused on the developer experience
▼ + stars: | 2023-05-03 | by ( Bianca Chan | Carter Johnson | ) www.businessinsider.com time to read: +3 min

Kristopher Fador is Bank of America's new chief information security officer, succeeding Froelich. Craig Froelich is taking the helm as the chief information officer of architecture, developer experience, and policy, a newly created role at Bank of America. Froelich previously served as chief information security officer for the nation's second-largest bank, a role he held for more than eight years. He also spent time in Hong Kong for BofA, leading regional information security teams, according to his LinkedIn. At Goldman Sachs, for example, CIO Marco Argenti has made developer experience a key focus of his strategy.

☆ Cybersecurity Workers Demand Higher Salaries
▼ + stars: | 2023-03-28 | by ( Catherine Stupp | ) www.wsj.com time to read: +6 min

Cybersecurity chiefs are struggling to find employees they can afford, as sought-after job seekers ask for higher salaries. Challenging economic conditions have added a new layer of difficulty for companies around the world that have grappled with a growing shortage of cybersecurity workers. Multinationals including McDonald’s Corp. are seeking more cybersecurity job applicants, including people from nontraditional backgrounds, by removing cyber certifications and degree requirements from many job listings. Newsletter Sign-up WSJ Pro Cybersecurity Cybersecurity news, analysis and insights from WSJ's global team of reporters and editors. In Europe, with companies competing for a small pool of cybersecurity workers, job seekers are looking for flexible work conditions in addition to higher salaries.

☆ More automation, not just additional tech talent, is what is needed to stay ahead of cybersecurity risks
▼ + stars: | 2023-03-02 | by ( Susan Caminiti | ) www.cnbc.com time to read: +4 min

Further, 93% of the CISOs surveyed believe they are spending too much time on tactical tasks instead of performing strategic, high-value work and management responsibilities. Among the CISOs surveyed, 100% said they needed additional resources to adequately cope with current IT security challenges. But there are solutions — and it's not just finding more talent, says George Tubin, director of product marketing at Cynet. All these people are my partners and working with them enables us to stay ahead of risks." "It's not that CISOs don't realize the job comes with a certain amount of stress," Tubin says.

☆ Medical-Device Makers Face Push to Protect Their Wares From Hacks
▼ + stars: | 2023-02-13 | by ( James Rundle | ) www.wsj.com time to read: +5 min

Mounting cyberattacks against hospitals and clinics and a regulatory push are increasing the pressure on medical-device manufacturers to improve the security of their products. Cyber protections have often been an afterthought for medical devices, which can be in operation for decades. Newsletter Sign-up WSJ Pro Cybersecurity Cybersecurity news, analysis and insights from WSJ's global team of reporters and editors. While Mr. Suarez acknowledged that greater transparency about vulnerabilities is needed from makers of medical devices, he also wants to see customers stop using old, unsupported equipment. “It’s a complex challenge,” Mr. Suarez said.

☆ Cloudflare Takes Aim at a Top Security Threat: Your Inbox
▼ + stars: | 2023-01-12 | by ( Belle Lin | ) www.wsj.com time to read: +5 min

Cloud-infrastructure company Cloudflare Inc. announced Wednesday new email security capabilities aimed at helping businesses defend against phishing, malware and other cyberattacks commonly targeting corporate email accounts. It provides web performance, cybersecurity and other services to millions of customers, of which more than 156,000 pay for its services. Matthew Prince, co-founder and CEO of Cloudflare Photo: Cloudflare Inc.Chief Executive Matthew Prince said the new security functions are also in response to an increase in ransomware and other sophisticated cyberattacks, some of which are perpetrated by relatively unsophisticated hackers. Prince said, referring to the growth of so-called “ransomware-as-a-service,” where ransomware operators provide malware programs to affiliates to launch attacks. Prince said Cloudflare, which was itself a customer of Area 1 before pursuing an acquisition, has more closely integrated its existing cybersecurity services with Area 1’s email security platform.

☆ Cyber Chiefs Face Scrutiny and Challenges in 2023’s Uncertain Economy
▼ + stars: | 2023-01-04 | by ( James Rundle | Catherine Stupp | ) www.wsj.com time to read: +5 min

That leaves security teams, in real terms, working with fewer resources, Ms. Huth said. Inflation is pushing wage demands higher and the scarcity of cyber professionals—particularly within highly technical industries such as power—means security staff are in demand, Mr. Bojar said. Newsletter Sign-up WSJ Pro Cybersecurity Cybersecurity news, analysis and insights from WSJ's global team of reporters and editors. Cyber staffs will need to vet third-party services while installing safeguards against new avenues hackers could exploit, Kohler’s Ms. Huth said. Retail giant Amazon.com Inc. hopes to grow its security team, said Chief Security Officer Stephen Schmidt, despite a company-wide hiring freeze and layoffs for up to 10,000 workers elsewhere in the company.

Search resuls for: "CISO"

25 mentions found