{"id":2820,"date":"2024-03-29T15:51:51","date_gmt":"2024-03-29T20:51:51","guid":{"rendered":"https:\/\/www.darkreading.com\/cloud-security\/ciso-corner-cyber-pro-swindle-risk-valuation"},"modified":"2024-03-29T15:51:51","modified_gmt":"2024-03-29T20:51:51","slug":"ciso-corner-cyber-pro-swindle-new-faces-of-risk-cyber-boosts-valuation","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/03\/29\/ciso-corner-cyber-pro-swindle-new-faces-of-risk-cyber-boosts-valuation\/","title":{"rendered":"CISO Corner: Cyber-Pro Swindle; New Faces of Risk; Cyber Boosts Valuation"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/blt70c1eb947a53945a\/660726710a59123429152997\/risk_game-Universal_Images_Group_North_America_LLC-Alamy.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-cyber-pro-swindle-new-faces-of-risk-cyber-boosts-valuation.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-cyber-pro-swindle-new-faces-of-risk-cyber-boosts-valuation.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Welcome to CISO Corner, Dark Reading&#8217;s weekly digest of articles tailored specifically to security operations readers and security leaders. Every week, we offer articles gleaned from across our news operation, The Edge, DR Technology, DR Global, and our Commentary section. We&#8217;re committed to bringing you a diverse set of perspectives to support the job of operationalizing cybersecurity strategies, for leaders at organizations of all shapes and sizes.<\/span><\/p>\n<h3 class=\"ContentText ContentText_variant_h3 ContentText_align_left\" data-testid=\"content-text\" id=\"In this issue of CISO Corner:\">In this issue of CISO Corner:<\/h3>\n<div data-component=\"basic-list\" class=\"BasicList BasicList_nestedLevel_0 BasicList_variant_unordered BasicList_limited\">\n<ul data-testid=\"basic-list-unordered\" class=\"BasicList-UnorderedList\">\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Corporations With Cyber Governance Create Almost 4X More Value<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Even Cyber Pros Get Swindled: Inside a Real-Life Vishing Attack<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6.5\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"8\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Global: Australian Government Doubles Down on Cybersecurity in Wake of Major Attacks<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">A CISO&#8217;s Guide to Materiality &amp; Risk Determination<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Zero-Day Bonanza Drives More Exploits Against Enterprises<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Getting Security Remediation on the Boardroom Agenda<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"Corporations With Cyber Governance Create Almost 4X More Value\">Corporations With Cyber Governance Create Almost 4X More Value<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">By David Strom, Contributing Writer, Dark Reading<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">Those with special committees that include a cyber expert rather than relying on the full board are more likely to improve security and financial performance.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Companies that have made the effort to follow guidelines for better cybersecurity governance created nearly four times their shareholder value compared to those that haven&#8217;t.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">That&#8217;s the conclusion of a new survey jointly conducted by Bitsight and the Diligent Institute, which measured cybersecurity expertise across 23 different risk factors, such as the <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/endpoint-security\/themoon-malware-rises-malicious-botnet-for-hire\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">presence of botnet infections<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">, servers hosting malware, outdated encryption certificates for Web and email communications, and open network ports on public-facing servers.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The report also found that having separate board committees focused on specialized risk and audit compliance produces the best outcomes. &#8220;Boards that exercise cyber oversight through specialized committees with a cyber expert member as opposed to relying on the full board are more likely to improve their overall security postures and financial performance,&#8221; agrees Ladi Adefala, a cybersecurity consultant and CEO of Omega315.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Read more: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyber-risk\/study-corporations-with-cyber-governance-create-almost-4x-more-value\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">Corporations With Cyber Governance Create Almost 4X More Value<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/with-tiktok-bans-the-time-for-operational-governance-is-now\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">With TikTok Bans, the Time for Operational Governance Is Now<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"Even Cyber Pros Get Swindled: Inside a Real-Life Vishing Attack\">Even Cyber Pros Get Swindled: Inside a Real-Life Vishing Attack<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">By Elizabeth Montalbano, Contributing Writer, Dark Reading<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">Successful attackers focus on the psychological manipulation of human emotions, which is why anyone, even a cyber-pro or tech-savvy person, can become a victim.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">It started with a phone call around 10:30 a.m. on a Tuesday from an unknown mobile number. I was working on my computer at home and usually don&#8217;t answer phone calls from people I don&#8217;t know. For some reason, I decided to stop what I was doing and take that call.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">That was my first mistake in a series of several I would make over the next four hours, during which I was the <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/endpoint-security\/sophisticated-vishing-campaigns-take-world-by-storm\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">victim of a vishing, or voice-phishing campaign<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">. By the end of the ordeal, I had transferred nearly \u20ac5,000 in funds from my bank account and in Bitcoin to the scammers. My bank was able to cancel most of the transfers; however, I lost \u20ac1,000 that I had sent to the attackers&#8217; Bitcoin wallet.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Experts say it doesn&#8217;t matter how much expertise you have in knowing the tactics attackers use or experience in spotting scams. The key to the attackers&#8217; success is something older than technology, as it lies in manipulating the very thing that makes us human: our emotions.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Read more: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/dont-answer-phone-inside-real-life-vishing-attack\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">Don&#8217;t Answer the Phone: Inside a Real-Life Vishing Attack<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/north-korean-hackers-target-security-researchers-again\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">North Korean Hackers Target Security Researchers \u2014 Again<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach\">Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Commentary by Matt Mettenheimer, Associate Director of Cyber Advisory, Cybersecurity Practice, S-RM<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">The issue can seem daunting, but most organizations have more agency and flexibility to deal with third-party risk than they think.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Third-party risk presents a unique challenge to organizations. On the surface, a third party can appear trustworthy. But without complete transparency into the inner workings of that third-party vendor, how can an organization ensure that data entrusted to them is secure?<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Often, organizations downplay this pressing question, due to the longstanding relationships they have with their third-party vendors. But the emergence of fourth- and even fifth-party vendors should incentivize organizations to secure their external data. Doing <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyber-risk\/it-s-time-to-rethink-third-party-risk-assessment-\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">proper due security diligence on a third-party vendor<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> must now include finding out if the third party outsources private client data to more downstream parties, which they likely do, thanks to the pervasiveness of SaaS services.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Fortunately, there are five simple out-of-the-box steps that provide a starting roadmap for organizations to successfully mitigate third-party risk.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Read more: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyber-risk\/mitigating-third-party-risk-requires-collaborative-approach\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/cl0p-claims-moveit-attack-how-gang-did-it\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">Cl0p Claims the MOVEit Attack; Here&#8217;s How the Gang Did It<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"Australian Government Doubles Down on Cybersecurity in Wake of Major Attacks\">Australian Government Doubles Down on Cybersecurity in Wake of Major Attacks<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">By John Leyden, Contributing Writer, Dark Reading Global<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">Government proposes more modern and comprehensive cybersecurity regulations for businesses, government, and critical infrastructures providers Down Under.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Weaknesses in Australia&#8217;s cyber incident response capabilities were laid bare in the September 2022 <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/fbi-helping-australian-authorities-investigate-massive-optus-data-breach-reports\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">cyber assault on telecommunications provider Optus<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">, followed in October by a ransomware-based attack on health insurance provider Medibank.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">As a result, the Australian government is carving out plans to revamp cybersecurity laws and regulations, with a proclaimed strategy to position the nation as a world leader in cybersecurity by 2030.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">As well as addressing gaps in existing cybercrime laws, Australian legislators hope to amend the country&#8217;s Security of Critical Infrastructure (SOCI) Act 2018 to place a greater emphasis on threat prevention, information sharing, and cyber incident response.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Read more: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyber-risk\/australian-government-doubles-down-on-cybersecurity-in-wake-of-major-attacks\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">Australian Government Doubles Down On Cybersecurity in Wake of Major Attacks<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/ics-ot-security\/australian-ports-resume-operation-after-crippling-cyber-disruption\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">Australian Ports Resume Operation After Crippling Cyber Disruption<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"A CISO's Guide to Materiality &amp; Risk Determination\">A CISO&#8217;s Guide to Materiality &amp; Risk Determination<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Commentary by Peter Dyson, Head of Data Analytics, Kovrr<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">For many CISOs, &#8220;materiality&#8221; remains an ambiguous term. Even so, they need to be able to discuss materiality and risk with their boards.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The SEC now requires public companies to <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyber-risk\/steps-to-follow-to-comply-with-the-sec-cybersecurity-disclosure-rule\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">assess whether cyber incidents are &#8220;material,&#8221;<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> as the threshold for reporting them. But for many CISOs, materiality remains an ambiguous term, open for interpretation based on an organization&#8217;s unique cybersecurity environment.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The core of the confusion around materiality is determining what constitutes a &#8220;material loss.&#8221; Some consider materiality as impacting 0.01% of the prior year&#8217;s revenue, equating to approximately one basis point of revenue (which equates to one hour of revenue for Fortune 1000 corporations).<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">By testing different thresholds against industry benchmarks, organizations can gain a clearer understanding of their vulnerability to material cyberattacks.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Read more: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyber-risk\/a-ciso-s-guide-to-materiality-and-risk-determination\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">A CISO&#8217;s Guide to Materiality &amp; Risk Determination<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/prudential-files-voluntary-breach-notice-sec\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">Prudential Files Voluntary Breach Notice with the SEC<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"Zero-Day Bonanza Drives More Exploits Against Enterprises\">Zero-Day Bonanza Drives More Exploits Against Enterprises<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">By Becky Bracken, Senior Editor, Dark Reading<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">Advanced adversaries are increasingly focused on enterprise technologies and their vendors, while end-user platforms are having success stifling zero-day exploits with cybersecurity investments, according to Google.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">There were 50% more zero-day vulnerabilities exploited in the wild in 2023 than in 2022. Enterprises are being hit especially hard.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">According to Mandiant and Google Threat Analysis Group (TAG) research, sophisticated nation-state backed adversaries are taking advantage of a sprawling enterprise attack surface. Footprints that consist of software from multiple vendors, third-party components, and sprawling libraries provide a rich hunting ground for those with the ability to develop zero-day exploits.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Cybercrime groups have been particularly focused on security software, including <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/endpoint-security\/threat-actors-compromise-barracuda-email-security-appliances\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">Barracuda Email Security Gateway<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">; Cisco Adaptive Security Appliance; Ivanti Endpoint Manager, Mobile, and Sentry; and Trend Micro Apex One, the research added.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Read more: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/zero-day-bonanza-exploits-enterprises\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">Zero-Day Bonanza Drives More Exploits Against Enterprises<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/attackers-exploit-microsoft-security-bypass-zero-day-bugs\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"Getting Security Remediation on the Boardroom Agenda\">Getting Security Remediation on the Boardroom Agenda<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Commentary by Matt Middleton-Leal, Managing Director for EMEA North, Qualys<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">IT teams can better withstand scrutiny by helping their board understand risks and how they are fixed, as well as explaining their long-term vision for risk management.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">CEOs of the past might not have lost sleep about how their security team is approaching specific CVEs, but with <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/log4j-vulnerabilities-are-here-to-stay-are-you-prepared-\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">CVEs for dangerous bugs like Apache Log4j<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> remaining unpatched at many organizations, security remediation is now on the agenda more broadly. That means that more security leaders are getting asked to provide insight into how well they are managing risk from a business perspective.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">This leads to tough questions, particularly around budgets and how they are being used.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Most CISOs are tempted to use information around IT security core principles \u2014 the number of issues stopped, updates deployed, critical issues fixed \u2014 but without comparison to other business risks and issues, it can be tough to keep attention and demonstrate that a CISO is delivering.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">To overcome these issues, we have to use comparisons and context data to tell a story around risk. Providing base figures on the number of patches deployed does not describe the huge amounts of effort that went into fixing a critical issue that jeopardized a revenue-generating application. It also does not show how your team performs against others. Essentially, you want to demonstrate what good looks like to the board, and how you continue to deliver over time.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Read more: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/getting-security-remediation-on-boardroom-agenda\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">Getting Security Remediation on the Boardroom Agenda<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/what-the-boardroom-is-missing-cisos\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" rel=\"noopener\">What the Boardroom Is Missing: CISOs<\/a><\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/cloud-security\/ciso-corner-cyber-pro-swindle-risk-valuation\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to CISO Corner, Dark Reading&#8217;s weekly digest of articles<\/p>\n","protected":false},"author":12,"featured_media":2821,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-2820","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-cyber-pro-swindle-new-faces-of-risk-cyber-boosts-valuation-scaled.jpg?fit=2560%2C1707&ssl=1",2560,1707,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-cyber-pro-swindle-new-faces-of-risk-cyber-boosts-valuation-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-cyber-pro-swindle-new-faces-of-risk-cyber-boosts-valuation-scaled.jpg?fit=300%2C200&ssl=1",300,200,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-cyber-pro-swindle-new-faces-of-risk-cyber-boosts-valuation-scaled.jpg?fit=640%2C427&ssl=1",640,427,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-cyber-pro-swindle-new-faces-of-risk-cyber-boosts-valuation-scaled.jpg?fit=640%2C427&ssl=1",640,427,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-cyber-pro-swindle-new-faces-of-risk-cyber-boosts-valuation-scaled.jpg?fit=1536%2C1024&ssl=1",1536,1024,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-cyber-pro-swindle-new-faces-of-risk-cyber-boosts-valuation-scaled.jpg?fit=2048%2C1365&ssl=1",2048,1365,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-cyber-pro-swindle-new-faces-of-risk-cyber-boosts-valuation-scaled.jpg?fit=1024%2C683&ssl=1",1024,683,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-cyber-pro-swindle-new-faces-of-risk-cyber-boosts-valuation-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-cyber-pro-swindle-new-faces-of-risk-cyber-boosts-valuation-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-cyber-pro-swindle-new-faces-of-risk-cyber-boosts-valuation-scaled.jpg?fit=2560%2C1707&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2820","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2820"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2820\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/2821"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2820"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2820"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2820"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}