CISOs are under the microscope to prove they can reduce vulnerabilities in the software development life cycle -- particularly, that they can do so from the start of code creation. As such, CISOs are searching for the most effective way to ensure the security awareness of their developers before they take on the responsibility of writing and introducing code.

Secure Code Warrior's co-founder and CTO, Matias Madou, believes that a 'gatekeeping' standard -- where developers are incrementally given access to more sensitive projects -- is the key to building a strong foundation for secure coding processes.

A new study reveals that 93 percent of enterprise platform teams face persistent challenges with cloud costs, Kubernetes complexity and developer productivity.

The research from Rafay Systems shows that despite the widespread adoption of platform teams within IT organizations, survey respondents across the board confirm that these teams often are stretched to their limits managing complex multi-cluster Kubernetes and cloud environments.

Governments, particularly those with a more authoritarian bent, really aren't keen on social media as it threatens their ability to control the narrative.

They especially don't like X since Elon Musk's takeover and stated commitment to free speech. In Venezuela the government recently banned the platform for 10 days. Even in the UK fingers have been pointed at the influence of social media following recent riots.

Deepfakes are becoming more and more sophisticated, earlier this year a finance worker in Hong Kong was tricked out of millions following a deepfake call.

With the deepfake fast becoming a weapon of choice for cybercriminals, we spoke to Bridget Pruzin, senior manager -- compliance and risk investigations and analysis at Convera, to learn why she believes a 'Swiss cheese' approach, layering controls like unique on-call verification steps and involving in-person verification, is crucial to effectively defend against these scams.

The world's critical national infrastructure remains on high alert. The National Cyber Security Centre in the UK and agencies in the US, Australia, Canada and New Zealand have all detailed how threat actors have been exploiting native tools and processes built into computer systems to gain persistent access and avoid detection.

We spoke to Chase Richardson, lead principal for cybersecurity and data privacy at Bridewell to discuss the critical trends and emerging dangers that cyber teams need to continue to watch out for?

New research suggests that managed service providers (MSPs), which have historically expected to manage IT infrastructure for their customers, are increasingly expected to protect this infrastructure too.

The study from CyberSmart of 250 senior leaders at UK-based MSPs, finds that 65 percent of MSP customers now expect their provider to manage either their cybersecurity infrastructure or both their cybersecurity and IT infrastructure.

Recent attacks have highlighted the vulnerability of industrial control systems to attack and a new report has found 18,000 exposed devices that are likely used to control industrial systems.

The report, from internet intelligence platform Censys, focuses on ICS devices in the US and UK and also finds that almost 50 percent of the human-machine interfaces associated with water and wastewater systems (WWS) identified could be manipulated without any authentication required.

While CISOs are often responsible for technology implementation, they are not getting the support they need at a strategic level according to a new report.

The study from LevelBlue looks at the dynamics among enterprise C-suite executives to better understand issues that prevent risk reduction, stall or complicate compliance, and create barriers to cyber resilience.

A new report from Pure Storage finds that the emergence of AI is a key avenue for innovation, but infrastructure issues, talent shortages and energy costs are holding back progress.

Based on a survey of 1,500 global respondents carried out by Vanson Bourne the report finds that although CIOs and other senior IT leaders face significant economic pressures, driving innovation remains imperative for enterprises.

While digital certificates are an essential part of day-to-day security they also present challenges. They can expire or be revoked, or even forged.

We spoke to Bert Kashyap, CEO of passwordless security platform SecureW2, to learn more about certificate-related vulnerabilities and what IT and security teams can do to deal with them effectively.

Ransomware groups continue to refine their craft, building and scaling business models that resemble legitimate corporate enterprises according to a new report.

The latest Ransomware Radar Report from Rapid7 finds smaller organizations are becoming a more frequent target too. Companies with annual revenues around $5 million are falling victim to ransomware twice as often as those in the $30-50 million range and five times more frequently than those with a $100 million revenue.

Phishing remains a significant threat to organizations. A new report from Darktrace shows 17.8 million phishing emails detected across its customer fleet between December 21, 2023, and July 5, 2024. Alarmingly, 62 percent of these emails successfully bypassed DMARC checks.

Cybercriminals are embracing more sophisticated tactics, techniques and procedures designed to evade traditional security parameters.

A new study finds that 70 percent of enterprises are still experimenting with AI and preparing for it is a top priority.

However, the report from Komprise finds that budgets are an even higher priority with only 30 percent saying they will increase their IT budgets to support AI projects.

Governments in many countries are imposing internet shutdowns at alarming rates, reaching new milestones each year with 283 shutdowns documented in 39 countries in 2023. Often these are triggered by public protests, active conflict, elections or political instability in order to keep people in the dark.

Proton VPN is announcing three major updates designed to fight censorship and protect free speech around the world.

The interconnected nature of modern business means that a vulnerability in one part of the supply chain can have far-reaching consequences. New research from SecurityScorecard and The Cyentia Institute identified 99 percent of Global 2000 companies are directly connected to vendors that have had recent breaches.

The study shows that 20 percent of these large enterprises use a thousand or more products. Supply chain incidents cost 17 times more to remediate and manage than first-party breaches.