Videos
Most businesses will have some PCs that they can’t update to Windows 11. Here’s how to keep those PCs from being a security weak link.
With more than 70,000 employees, BD is one of the largest global medical technology companies in the world and is advancing the world of health by improving medical discovery, diagnostics and the delivery of care. At BD, security spans a spectrum fro...
Understand these basic elements of computer forensics before you have to review log data for suspicious activity.
The new MITRE D3FEND knowledge graph of cybersecurity countermeasures offers solid guidance for Windows admins.
Here’s what your systems need before you can take advantage of Windows 11’s security features, and how to upgrade where possible.
As AI deployments proliferate for better decision making, they also present risks across a large spectrum – from job displacement and socioeconomic inequality, to automated bias, to data poisoning, privacy violations, and AI threats used by bad act...
With more than a half-million employees around the world, Accenture has a long history of supporting employees with technology as they visit clients. Those roots are what informed the organization’s traditional focus on the workstation, endpoint an...
Join IDC analysts Brandon Butler and Christopher Rodriguez as they talk with Network World’s Ann Bednarz about the SASE model for streamlining network access and improving security. Deployed as a cloud service, it blends SD-WAN’s network optimiza...
A single compromised password allowed attackers access to Colonial Pipeline’s network. Chaos ensued. This advice will help you avoid that fate.
Managing risk across an extended supply chain is extremely challenging for organizations of all sizes. The sheer volume of connected components that communicate, store, and process data will continue to expand the attack surface, and increase organiz...
Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers do this by either getting the victim to click on a malicious link in an email that loads cryptomining code on the computer or by infecting a website or...
ADP’s Senior Director, ESI Business Security Office and Global Programs Omar Prunera leads the development of ADP’s Security Ambassadors for Excellence (S.A.F.E.) program to inform and train employees about security, improve their knowledge and b...
Before you worry about implementing the “best” security practices, make sure you’re doing these minimum practices.
Coast Capital Savings Director of Information Security Stephen Pedersen leads a team that focuses on cybersecurity along with fraud prevention and detection as it expands its business nationally through a digital banking platform. Join us to learn ho...
Brad Wells, Executive Director, Information Security, and Kandice Samuelson, Senior Director, IT Governance at PPD lead a team enhancing PPD's inventory tracking system that identifies PPD’s most valuable assets. Join us to learn how they distribut...
NTLM is a less secure protocol for authenticating network access. Follow these steps to begin migration off it.
CSO senior writer Lucian Constantin knows that paying ransomware demands should be avoided -- unless lives are on the line or the survival of a business is at stake. Join us as Lucian talks about the role of the ransomware negotiator, the person call...
Keep these key points regarding cloud vs. on-premises security as you move to the cloud.
The SolarWinds breach represents a tectonic shift in threat actor tactics, suggesting this kind of attack vector will be replicated. Not only were the attacker’s sophistication and technical proficiency high -- allowing them to stay in stealth mode...
Every CISO understands how passwords across the workforce are difficult to remember, drive up help desk costs, and impede workforce productivity with ongoing password change requirements. And while single sign-on environments reduce some inefficienci...
Richard Harknett, PhD., Co-Director of the Ohio Cyber Range Institute, has examined the SolarWinds hack that’s not only dominated the news for months, but is defined by the level of sophistication, persistence, and patience exhibited by the attacke...
The largest fuel pipeline in the United States, Colonial Pipeline, halted operations because of a ransomware attack. The attack was carried out by the cybercriminal group DarkSide. Much of the pipeline remains offline, although the pipeline operator ...
These are the most important actions to take once your Windows network is breached.
Today’s security challenges – from Solarwinds to ransomware, regulation, hybrid workforces, data privacy, critical infrastructure and more -- pose unique risks to various global regions. Join us as CSO’s editors around the world discuss the top...
Ransomware and other attackers will often try to escalate privileges once inside Windows systems. These tips can make that harder to do.
Security solutions from startup companies can be unique opportunities for an organization to fill critical gaps for a specific security need. That said, the way to consider a startup’s solution -- along with the relationship your organization has w...
IDG convened 30 senior IT executives as part of our CIO Think Tank Program to explore key opportunities and challenges with multicloud – including security issues IT leaders face in building a true multicloud architecture. Join us as we shed light ...
Research on the most common techniques attackers used to breach systems provides insight on where to focus your defenses.
PwC Chief Information and Technology Officer James Shira is an expert on managing security's big picture. With the growing focus on risk management from boards and senior leadership, James shares advice on keeping security and risk management a top p...
Follow this advice to help prevent domain password compromise or lateral movement should your password be compromised.
Changing the Kerberos password will help prevent golden ticket attacks on Active Directory.
CSO’s Lucian Constantin joins Computerworld’s Matthew Finnegan and Executive Editor Ken Mingis to explain what companies should do to keep their remote employees — and valuable corporate data and info — safe. Secure remote access is key, and ...
M365 Defender has new protections against credential theft and a new threat analytics portal.
As Global CISO for GE, Justin Acquaro is an expert at providing access to critical applications for a large employee population – all with trust at scale. With an emphasis on strong user investment, a dedicated cross-function team, and strategic ex...
Advanced Auditing is a powerful new tool that will help track down attacker activities in Microsoft Windows environments—if you have the right license.
Check your OAuth third-party authentication privileges in Microsoft 365 and Azure to prevent unauthorized access.
The web browser is now the portal that most employees use to access data and apps. These tips will help prevent attackers from exploiting it.
Microsoft has updated its Common Vulnerability Scoring System. Here’s a walk-through the changes.
Liberty Mutual’s Cybersecurity and Cloud Specialist Don Richard, IDC’s Program VP for Cybersecurity Products Frank Dickson, and IDG’s Editor-in-Chief of Enterprise Eric Knorr are all experts on cloud security. They discuss the nexus of how clou...
The SolarWinds attackers used sophisticated techniques to steal admin credentials. Here’s what to look for in AD.
While the federal government and businesses continue to reel from the SolarWinds attack, members of Congress have begun proposing cybersecurity measures to better strengthen the United States against foreign cyber attacks. In this episode of Today in...
Poorly executed phishing simulations can send the wrong message to employees. Here’s how to do it right.
Jeff Thomas is CSO of Prudential Financial where his team created a CSO50 award-winning workplace threat management training course designed to capture employee attention and maintain interest. The solution combines a story with a graphic novel look-...
Vendors and government agencies are making information and tools available to detect and prevent attacks like SolarWinds.
Kevin Charest is CISO of Health Care Service Corporation where his team created a CSO50 award-winning Cyber Fusion Center for cyber defense representing collaboration across five Blue Cross and Blue Shield plans in Illinois, Montana, New Mexico, Okla...
The recent SolarWinds attack underscores the danger many companies face from nation-state actors. Here’s how to prepare your Windows networks from the threat.
Michael Kenney is Lead Information Security Engineer at Penn Medicine where they’ve created their CSO50 award-winning ‘Penn Test Security Challenge’ that leverages gamification penetration testing exercises to add value. By building skills in a...
Shawn Riley is CISO for the ND Information Technology Department serving the State of North Dakota’s government agencies. Its CSO50 award-winning K-20W initiative (kindergarten through PhD and workforce) called “Every Student, Every School, Cyber...
Attackers use malicious JavaScript files masquerading as legitimate updates to execute ransomware and other malware attacks. These simple steps will stop them.
Eric Simmons, Information Security Manager and Application Security Lead at Aaron’s, and Jeremy Brooks, Information Security Architect at Aaron's, led a CSO50 award-winning project to rethink application security for efficiency and speed. Partnerin...