Navigating the complexities of today’s digital landscape, it's clear that cyber security can no longer be the sole accountability and responsibility of one person -- the CISO. As cyber threats evolve, becoming more frequent and sophisticated, a single individual can't feasibly manage it all. As a result, and at some point in the future, we may dare to consider that the traditional CISO role might eventually become obsolete as business units become secure-by-design.

We need to pivot. Rather than placing the weight of managing an organization's entire security on the shoulders of one person, we need to integrate cyber security throughout every layer of our operations. This means moving towards a world where every business unit and every employee in an organization understands and owns their role in maintaining cyber security.

Researchers at British universities have demonstrated a technique that allows an AI model to work out what you’re typing simply by listening to the keystrokes.

Known as an acoustic side channel attack (ASCA) it involves recording the sound of a keyboard, either by using a nearby smartphone or via a remote conferencing session such as Zoom. Researchers used a standard iPhone 13 to record the sound of the Apple MacBook Pro 16-inch laptop keyboard at standard 44.1kHz quality.

Cybersecurity benefits from being able to share information about threats in order to speed detection. In pursuit of this the Open Cybersecurity Schema Framework (OCSF) was launched last year by Splunk, Amazon Web Services (AWS), IBM and 15 other cybersecurity firms.

Today OCSF becomes generally available, delivering an open and extensible framework that organizations can integrate into any environment, application or solution to complement existing security standards and processes.

Historically Windows has been the favorite target of cybercriminals, but new research from Accenture suggests macOS is becoming a lucrative priority on the dark web and information on exploits is being traded for millions of dollars.

The Accenture Cyber Threat Intelligence (ACTI) team has noted a significant upward trend in dark-web threat actors targeting macOS from 2019 to 2022 and the volume from 2023 has overtaken 2022 in just the first six months.

Back in May, when World Password Day was once again in the news, we asked whether the days of the password were numbered.

Rishi Bhargava, co-founder of Descope, agrees that passwords belong to the past. We spoke to him to discover more and find out how new technologies like passkeys are driving the change.

Investigation of information security incidents is the last stage of enterprise protection and one of its most important parts, helping to minimize the damage caused by hackers and build defenses to prevent future incidents. The investigation assists in evaluating the security of the company's IT infrastructure and in formulating recommendations for its enhancement.

Incident investigation is a crucial component of any enterprise's information security framework. Merely monitoring the work of the security tools is not enough, as security incidents are happening all the time. Without a proper response to these incidents, the enterprise, in effect, lacks adequate information security protection.

Smaller businesses are not immune from cyberattacks. In fact, because they lack the resources for the latest defenses and to train their staff to spot threats, they can be particularly vulnerable.

Education and training are key to protect any business and to help smaller companies stay up to date Avast -- now part of digital security and privacy brand Gen -- is launching a new Cybersecurity Training Quiz.

Cyberattacks and data breaches come it many forms, but often at the root of them is a phishing scam.

Exploiting the fact that humans are the weakest link in the security chain, cybercriminals use phishing to trick employees into giving up credentials or other sensitive information that can be used to gain a foothold to carry out a later attack.

Avril Lavigne didn't quite sing that line but she might well have done if she'd worked in IT. More than two-thirds of IT managers (68 percent) say their current privileged access management (PAM) product is too complex or has too many features they don't use.

A new report from Keeper Security also finds that 87 percent of respondents would prefer a pared down form of PAM that is easier to deploy and use.

New research from SynSaber, along with the ICS Advisory Project, into industrial control operational technology system vulnerabilities finds that 34 percent of the CVEs reported in the first half of 2023 currently have no patch or remediation available from the vendor.

This compares to the 35 percent that had no fixes in the second half of 2022 but is a significant increase from the 13 percent in the first half of last year.

The past few years have seen some major changes in the IT world. Accelerated by the pandemic we've seen a significant shift to the cloud and hybrid working models.

But this brings with it additional risks. We spoke to Matt Spitz, head of engineering at Vanta, to discuss the security challenges posed and how enterprises can adapt to cope with them.

A new cloud threat findings report from Cado Security looks at the evolving cloud threat landscape, shedding light on the heightened risk of cyberattacks due to the rapid adoption of cloud-focused services.

The report shows SSH is the most commonly targeted service accounting for 68.2 percent of the samples seen, followed by Redis at 27.6 percent, and Log4Shell traffic at a mere 4.3 percent, indicating a shift in threat actor strategy no longer prioritizing the vulnerability as a means of initial access.

On average, organizations' response time to cyber attacks improved by around a third -- from 29 to 19 days -- from 2021 to 2022.

The report from Immersive Labs suggests this improvement can be attributed to the urgency and need for fast response times amid the fallout of the Log4j crisis and other high-profile vulnerabilities over the past year.

Cloud misconfiguration is a critical issue as it amplifies the risk of data breaches and unauthorized access. But new research from Qualys shows that many cloud deployments on major platforms are failing Center for Internet Security (CIS) benchmarks.

The report finds that on average, 50 percent of CIS Benchmarks are failing across the major providers. The average fail rate for each provider is 34 percent for AWS, 57 percent for Azure, and 60 percent for Google Cloud Platform (GCP).

A new survey finds that nearly 80 percent of TLS certificates on the internet are vulnerable to man-in-the-middle (MiM) attacks, while as many as 25 percent of all certificates are expired at any given time.

The study, sponsored by automated machine identity management firm AppViewX and carried out by EEnterprise Management Associates (EMA), focuses on servers with SSL/TLS certificates on port 443.