{"id":4047,"date":"2024-06-14T10:29:38","date_gmt":"2024-06-14T15:29:38","guid":{"rendered":"https:\/\/www.darkreading.com\/cloud-security\/ciso-apple-ai-privacy-promises-ceos-hot-seat"},"modified":"2024-06-14T10:29:38","modified_gmt":"2024-06-14T15:29:38","slug":"ciso-corner-apples-ai-privacy-promises-ceos-in-the-hot-seat","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/06\/14\/ciso-corner-apples-ai-privacy-promises-ceos-in-the-hot-seat\/","title":{"rendered":"CISO Corner: Apple&#8217;s AI Privacy Promises; CEOs in the Hot Seat"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/blt2754855fe2e86d4e\/666c40e259d342ee3089f42e\/keyboard-Stephen_Frost-Alamy.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/ciso-corner-apples-ai-privacy-promises-ceos-in-the-hot-seat.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/ciso-corner-apples-ai-privacy-promises-ceos-in-the-hot-seat.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Welcome to CISO Corner, Dark Reading&#8217;s weekly digest of articles tailored specifically to security operations readers and security leaders. Every week, we&#8217;ll offer articles gleaned from across our news operation, The Edge, DR Technology, DR Global, and our Commentary section. We&#8217;re committed to bringing you a diverse set of perspectives to support the job of operationalizing cybersecurity strategies, for leaders at organizations of all shapes and sizes.<\/span><\/p>\n<h3 class=\"ContentText ContentText_variant_h3 ContentText_align_left\" data-testid=\"content-text\" id=\"In this issue of CISO Corner:\">In this issue of CISO Corner:<\/h3>\n<div data-component=\"basic-list\" class=\"BasicList BasicList_nestedLevel_0 BasicList_variant_unordered BasicList_limited\">\n<ul data-testid=\"basic-list-unordered\" class=\"BasicList-UnorderedList\">\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Apple&#8217;s AI Offering Makes Big Privacy Promises<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6.5\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"8\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Scores of Biometrics Bugs Emerge, Highlighting Authentication Risks<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6.5\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"8\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">DR Global: Governments, Businesses Tighten Cybersecurity Around Hajj Season<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The CEO Is Next<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Why CIO &amp; CISO Collaboration Is Key to Organizational Resilience<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Rockwell&#8217;s ICS Directive Comes as Critical Infrastructure Risk Peaks<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">4 Ways to Help a Security Culture Thrive<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<\/ul>\n<\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\">Don&#8217;t miss &#8220;<\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\" target=\"_blank\" href=\"https:\/\/ve.informaengage.com\/virtual-events\/anatomy-of-a-data-breach\/\" rel=\"noopener\">Anatomy of a Data Breach: What to Do if It Happens to You<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\">,&#8221; a free Dark Reading virtual event scheduled for June 20!&nbsp;<\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">Speakers include Verizon&#8217;s Alex Pinto, plus execs from Snowflake, pharma giant GSK, Salesforce, and more \u2014 register today!<\/span><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"Apple's AI Offering Makes Big Privacy Promises\">Apple&#8217;s AI Offering Makes Big Privacy Promises<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">By Agam Shah, Contributing Writer, Dark Reading<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">Apple&#8217;s guarantee of privacy on every AI transaction \u2014 whether on-device or cloud \u2014 is ambitious and could influence trustworthy AI deployments on device and in the cloud, analysts say.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Apple&#8217;s announcement of Apple Intelligence and plans to integrate AI across its devices and applications comes with a commitment to guarantee privacy on every AI transaction. This sets a high bar on <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/6-ciso-takeaways-nsa-zero-trust-guidance\" rel=\"noopener\">zero-trust infrastructure<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> that competitors may try to match.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Because of Apple&#8217;s walled garden model, rival providers don\u2019t have nearly the same level of control over their AI infrastructure. Unlike Apple, they can\u2019t lock down security as queries pass through various hardware and software layers. For example, OpenAI and Microsoft process queries through GPUs from Nvidia, which handles vulnerability discovery and patching.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">\u201cIf Apple sets the standard, the effect will be &#8216;why I should buy Android if I don\u2019t care about the privacy,'&#8221; says Alex Matrosov, CEO of security company Binarly.io. &#8220;The next step will be Google following up and trying to maybe implement or do the similar thing.&#8221;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Read more: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/endpoint-security\/apple-ai-offering-makes-big-privacy-promises\" rel=\"noopener\">Apple&#8217;s AI Offering Makes Big Privacy Promises<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Related:<\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/openai-forms-another-safety-committee-after-dismantling-prior-team\" rel=\"noopener\">OpenAI Forms Another Safety Committee After Dismantling Prior Team<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"Scores of Biometrics Bugs Emerge, Highlighting Authentication Risks\">Scores of Biometrics Bugs Emerge, Highlighting Authentication Risks<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">By Nate Nelson, Contributing Writer, Dark Reading<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">Face scans stored like passwords inevitably will be compromised, like passwords are. But there&#8217;s a crucial difference between the two that organizations can rely on when their manufacturers fail.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Biometric security is more popular today than ever, with widespread adoption in the public sector \u2014 <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cyber-risk\/interpol-arrests-smuggler-biometric-screening-database\" rel=\"noopener\">law enforcement<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">, national ID systems, etc. \u2014 as well as for commercial industries like travel and personal computing. In Japan, subway riders can &#8220;pay by face,&#8221; and Singapore&#8217;s immigration system relies on face scans and thumbprints to allow travelers into the country. The fact that even burger places are experimenting with face scans suggests something&#8217;s brewing here.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">But researchers have found two dozen vulnerabilities in a biometric terminal used in critical facilities worldwide could allow hackers to gain unauthorized access, manipulate the device, deploy malware, and steal biometric data, which highlights the risks that come with implementing these systems.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The critical nature of the environments in which these systems are so often deployed necessitates that organizations go above and beyond to ensure their integrity. And that job takes much more than just patching newly discovered vulnerabilities.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Read more: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/scores-of-biometrics-bugs-emerge-highlighting-authentication-risks\" rel=\"noopener\">Scores of Biometrics Bugs Emerge, Highlighting Authentication Risks<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/endpoint-security\/bruteprint-short-work-fingerprint-security\" rel=\"noopener\">Biometric Bypass: BrutePrint Makes Short Work of Fingerprint Security<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"Global: Governments, Businesses Tighten Cybersecurity Around Hajj Season\">Global: Governments, Businesses Tighten Cybersecurity Around Hajj Season<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">By Robert Lemos, Contributing Writer, Dark Reading<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">While cyberattacks drop slightly during the week of the Islamic pilgrimage, organizations in Saudi Arabia and other countries with large Muslim populations see attacks on the rise.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The final month of the Islamic calendar, Dhu al-Hijjah, began on June 7, marking the countdown for millions of Muslims to the Hajj pilgrimage, and also a time when cybercriminals and cyber-espionage actors see increased opportunity amid reduced vigilance and slimmed staffing.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">While many of the <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/application-security\/the-rise-of-fileless-malware\" rel=\"noopener\">cyberattacks<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> are focused on pilgrims as consumers of travel services, a variety of businesses \u2014 from banks to e-commerce sites \u2014 are at greater risk of data theft and denial-of-service attacks, according to experts. On June 3, for example, cyber-threat actors announced a data leak on an underground forum that allegedly contained the personal information of 168 million users from &#8220;The Hajj and Pilgrimage Organization in Iran,&#8221; according to cybersecurity firm Kaspersky.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The attacks highlight the two aspects of how cyberattackers see the Hajj season: as an opportunity to take advantage of pilgrims, but also as a time of reduced resources for security teams, making business and government agencies vulnerable.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Read more: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/governments-businesses-tighten-cybersecurity-around-hajj-season\" rel=\"noopener\">Governments, Businesses Tighten Cybersecurity Around Hajj Season<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/threat-intelligence\/dunequixote-shows-stealth-cyberattack-methods-are-evolving\" rel=\"noopener\">&#8216;DuneQuixote&#8217; Shows Stealth Cyberattack Methods Are Evolving. Can Defenders Keep Up?<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"The CEO Is Next\">The CEO Is Next<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Commentary by Joe Sullivan, CEO, Ukraine Friends, &amp; CEO, Joe Sullivan Security LLC<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">If CEOs want to avoid being the target of government enforcement actions, they need to take a personal interest in ensuring that their corporation invests in cybersecurity.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">One day soon, a government agency will very publicly seek to hold a corporate CEO personally liable for a failure to ensure their organization invested sufficiently in cybersecurity. The surprising thing won&#8217;t be that it happens, but rather how many people who work for and look up to the CEO will be happy when it does.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">We&#8217;re experiencing a movement toward regulation by enforcement. Look no further than the National Cybersecurity Strategy, which, at its core, demands that corporate America do more to protect citizens from cyberattacks. There&#8217;s also the Securities and Exchange Commission&#8217;s (SEC) action against the software company SolarWinds and its head of security. The case has raised eyebrows, specifically because the <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/sec-charges-against-solarwinds-ciso-send-shockwaves-through-security-ranks\" rel=\"noopener\">security leader was held personally responsible<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">But with very few exceptions, the CISO or senior-most security leader is simply not the &#8220;responsible corporate officer.\u201d It&#8217;s the CEO. Security leaders rarely, if ever, get the budget needed to do their job well. CEOs and boards that do control the corporate budget rarely invest the time to understand their cyber-risks, and instead allocate resources in other directions.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Read more: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/the-ceo-is-next\" rel=\"noopener\">The CEO Is Next<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/white-house-releases-implementation-plan-for-cybersecurity-strategy\" rel=\"noopener\">White House Fills in Details of National Cybersecurity Strategy<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"Why CIO &amp; CISO Collaboration Is Key to Organizational Resilience\">Why CIO &amp; CISO Collaboration Is Key to Organizational Resilience<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Commentary by Robert Grazioli, Chief Information Officer, Ivanti<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">Alignment between these domains is quickly becoming a strategic imperative.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Gartner forecasts that the world will spend $215 billion on risk management and cybersecurity in 2024. That&#8217;s a 14% increase over 2023. But <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cyber-risk\/hands-off-the-security-budget-find-efficiencies-to-reduce-risk\" rel=\"noopener\">many workers are feeling spread thin<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">, with more data and endpoints than ever and not enough qualified talent to be found. It&#8217;s time to finally break down the silos between IT and security.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">That starts by fostering alignment between the CIO and chief information security officer (CISO).<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Individually, CISOs and CIOs are powerful forces with a lot on their plates \u2014 and a lot on the line. Together, they could be unstoppable. However, historically, organizational structures have relegated CISOs and CIOs to separate domains with distinct \u2014 and occasionally contradictory \u2014 objectives.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Here&#8217;s how to foster alignment: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/cio-ciso-collaboration-is-key-to-organizational-resilience\" rel=\"noopener\">Why CIO &amp; CISO Collaboration Is Key to Organizational Resilience<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/ciso-cio-convergence-ready-or-not-here-it-comes\" rel=\"noopener\">CISO &amp; CIO Convergence: Ready or Not, Here It Comes<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"Rockwell's ICS Directive Comes as Critical Infrastructure Risk Peaks\">Rockwell&#8217;s ICS Directive Comes as Critical Infrastructure Risk Peaks<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">By Tara Seals, Managing Editor, News, Dark Reading<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">Critical infrastructure is facing increasingly disruptive threats to physical processes, while thousands of devices are online with weak authentication and riddled with exploitable bugs.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Industrial control systems (ICS) giant Rockwell Automation&#8217;s recent directive to customers to disconnect their gear from the Internet showcases not just growing cyber risk to critical infrastructure, but the unique challenges that security teams face in the sector, experts say.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">CISA is warning that increased threats to could lead to various catastrophic attacks, including denial-of-service (DoS) efforts that take down electrical grids; privilege escalation and lateral movement to burrow deeper into the operational technology (OT) environment in order to control it; modifying settings to, say, change safety thresholds for power generators; remotely compromising programmable logic controllers (PLCs) to halt water sector operations; or even conducting <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/ics-ot-security\/improved-stuxnet-like-plc-malware-disrupt-critical-infrastructure\" rel=\"noopener\">destructive Stuxnet-style attacks<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> that can obliterate a site&#8217;s ability to function permanently.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Yet thousands of devices are exposed online with weak authentication and riddled with exploitable bugs; and there&#8217;s an endemic lack of security team participation in site design and asset\/infrastructure management. All in all, it&#8217;s not an ideal situation.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Read more: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/ics-ot-security\/rockwell-ics-directive-critical-infrastructure-risk-peaks\" rel=\"noopener\">Rockwell&#8217;s ICS Directive Comes as Critical Infrastructure Risk Peaks<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/volt-typhoon-hits-multiple-electric-cos-expands-cyber-activity\" rel=\"noopener\">Volt Typhoon Hits Multiple Electric Utilities, Expands Cyber Activity<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"4 Ways to Help a Security Culture Thrive\">4 Ways to Help a Security Culture Thrive<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">DR Technology commentary by Ken Deitz, CSO\/CISO, Secureworks<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">Creating and nurturing a corporate environment of proactive cybersecurity means putting people first \u2014 their needs, weaknesses, and skills.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">A good cybersecurity culture trusts and empowers teammates to make good decisions. In turn, that trust fuels a more productive relationship between cybersecurity and the business. Culture is a living entity that needs to be continuously nurtured. Give it the dedication it needs, and your businesses will be safer as a result.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Here are some core pillars for establishing an effective security culture:<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">1. <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Establish the Right Mindset:<\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> Focus on the positive actions that people can and should take.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">2. <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Engage with Empathy: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">A productive and inclusive security culture is one that shuns blame. Instead, focus on what you can collectively learn from the incident to enrich your cyber strategy for the future.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">3. <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Communicate, Communicate, Communicate: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">When it comes to cybersecurity, there&#8217;s no such thing as too much communication. People have a lot going on in their jobs and lives. Meet people where they are, and you&#8217;ll have much better results.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">4. Stay on Your Toes: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">New and emerging technologies bring opportunities and challenges. <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/application-security\/the-need-to-secure-ai-use-is-real-are-organizations-prepared-\" rel=\"noopener\">Generative artificial intelligence (AI)<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">, for example, can offer teammates productivity gains, but they also need to know the risks.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Read more: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/4-ways-to-help-a-security-culture-thrive\" rel=\"noopener\">4 Ways to Help a Security Culture Thrive<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/how-to-transform-security-awareness-into-security-culture\" rel=\"noopener\">How to Transform Security Awareness Into Security Culture<\/a><\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/cloud-security\/ciso-apple-ai-privacy-promises-ceos-hot-seat\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to CISO Corner, Dark Reading&#8217;s weekly digest of articles<\/p>\n","protected":false},"author":12,"featured_media":4048,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-4047","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/ciso-corner-apples-ai-privacy-promises-ceos-in-the-hot-seat-scaled.jpg?fit=2560%2C1178&ssl=1",2560,1178,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/ciso-corner-apples-ai-privacy-promises-ceos-in-the-hot-seat-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/ciso-corner-apples-ai-privacy-promises-ceos-in-the-hot-seat-scaled.jpg?fit=300%2C138&ssl=1",300,138,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/ciso-corner-apples-ai-privacy-promises-ceos-in-the-hot-seat-scaled.jpg?fit=640%2C294&ssl=1",640,294,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/ciso-corner-apples-ai-privacy-promises-ceos-in-the-hot-seat-scaled.jpg?fit=640%2C294&ssl=1",640,294,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/ciso-corner-apples-ai-privacy-promises-ceos-in-the-hot-seat-scaled.jpg?fit=1536%2C707&ssl=1",1536,707,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/ciso-corner-apples-ai-privacy-promises-ceos-in-the-hot-seat-scaled.jpg?fit=2048%2C942&ssl=1",2048,942,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/ciso-corner-apples-ai-privacy-promises-ceos-in-the-hot-seat-scaled.jpg?fit=1024%2C471&ssl=1",1024,471,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/ciso-corner-apples-ai-privacy-promises-ceos-in-the-hot-seat-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/ciso-corner-apples-ai-privacy-promises-ceos-in-the-hot-seat-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/ciso-corner-apples-ai-privacy-promises-ceos-in-the-hot-seat-scaled.jpg?fit=2560%2C1178&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4047","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=4047"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4047\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/4048"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=4047"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=4047"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=4047"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}