The Information Security Forum (ISF) is releasing Becoming a Next Generation CISO, a digest which sets out the range of disciplines a next-generation Chief Information Security Officer can be expected to master.

CISOs are coming under pressure to secure organizations as they embark on ambitious digital transformation programs in an increasingly hostile and turbulent world. CISOs need to adapt to this evolving environment, master new skills and advance the discipline of information security.

Surveyed during the lockdown period, 67 percent of security professionals report that they have caught employees engaging in unsafe or unproductive activity on the web.

The study of 300 cyber security professionals from cloud security company Censornet finds the most common bad behaviour is employees using streaming services at work such as Netflix or Amazon Prime (35 percent).

Attempted account takeovers grew by 282 percent over the last year, while ATO rates for physical eCommerce businesses -- those that sell physical goods online -- have jumped 378 percent since the start of the COVID-19 pandemic.

The Q3 2020 Digital Trust and Safety Index released today by Sift finds that between Q2 2019 and Q2 2020, ATO attacks happened in discrete waves about a week apart, indicating that fraudsters are turning to bots and automation in order to overwhelm security.

In order to meet short deployment cycles, 73 percent of security professionals and developers feel forced to compromise on security according to a new report.

The study into DevSecOps from open source security and license management specialist WhiteSource, based on responses from over 560 developers in the US and Europe, finds that 20 percent of respondents describe their organizations' DevSecOps practices as 'mature', while 62 percent say they are improving, with only 18 percent being classed as 'immature'.

Cybercriminals have launched a record number attacks on online platforms and services this year, with more than 929,000 DDoS attacks occurring in May, the single largest number of attacks ever seen in a month.

The latest threat intelligence report from NETSCOUT also reveals that 4.83 million DDoS attacks occurred in the first half of 2020, a 15 percent increase, and attack frequency jumped 25 percent during the peak pandemic lockdown months of March through June.

Between March and July 2020, almost half of companies experienced a data breach or security incident according to a new report, and half of these were caused by phishing attacks.

The study from Tessian also reveals that 82 percent of IT leaders think their company is at greater risk of phishing attacks when employees are working away from the office.

It is just days since the CISA (Cybersecurity and Infrastructure Security Agency) issued an emergency warning about a critical Windows vulnerability. Now Microsoft has issued a warning that the vulnerability is being actively exploited and the company is "actively tracking threat actor activity".

The Netlogon EoP vulnerability (CVE-2020-1472) is concerning not just because of its severity, but because of the fact that it can be exploited in a matter of seconds. The security issue affects Windows Server 2008 and above, and enables an attacker to gain admin control of a domain.

A large majority of enterprises are now using the cloud, but moving to cloud-based solutions inevitably presents challenges, not least in security.

We spoke to Sam Humphries, Security Strategist at SIEM (Security Information and Event Management) specialist Exabeam to get her views.

A new survey of 1,000 US employees has found that boring security awareness training doesn't make them want to be secure.

The study conducted by Osterman Research for MediaPRO shows that employees get far more benefit out of interesting and engaging training, which shouldn't really surprise anybody.

Today's 5G networks mostly rely on the infrastructure of previous-generation 4G LTE networks. The non-standalone architecture has proved a quick way to provide subscribers with 5G access, however, this also exposes both the next-generation network and 5G subscribers to the same threats as older networks.

A new white paper from Positive Technologies details how mobile network operators (MNOs) who have already begun upgrading to 5G networks can migrate from previous generation networks without exposing themselves and their subscribers to existing and new risks.

Business Email Compromise (BEC) attacks are increasingly used by attackers as a way of targeting organizations. New research from Abnormal Security  indicates that these attacks have adapted to the pandemic, with Zoom becoming the most impersonated brand and COVID-themed attacks surging.

We spoke to Evan Reiser, CEO of Abnormal Security to find out more about what’s been happening and what trends we can expect to see as the year progresses.

Organizations are suffering from a lack of visibility into their supply chain and 8 percent experienced a breach that originated from vulnerabilities in their vendor ecosystem in the past year.

A new report from cybersecurity services company BlueVoyant, based on research carried out by Opinion Matters, shows that only 22.5 percent of organizations monitor their entire supply chain and just 32 percent re-assess and report their vendor’s cyber risk position either six-monthly or annually.

With cyberattacks increasing in volume and new types of incidents occurring, businesses need protection for everything from network intrusion to ransomware and all the things in between.

Many organizations are turning to cyber insurance to provide cover for dealing with incidents and their aftermath, but a recent report shows that many are put off by not understanding levels of exposure, amount of cover, and by cost.

High volumes of attacks have targeted video game companies and players between 2018 and 2020, with an inevitable uptick in attack traffic that correlates with COVID-19-related lockdowns.

A new report from Akamai shows that game players themselves are subjected to a steady barrage of criminal activity, largely through credential stuffing and phishing attacks.

Moving systems to the cloud offers many benefits for organizations, but it also opens up a new range of threats.

The Cloud Security Alliance has released a new report looking at case study analyses of recent attacks and data breaches to promote understanding of how attacks work and how they can be successfully mitigated.