Videos
IDG convened 30 senior IT executives as part of our CIO Think Tank Program to explore key opportunities and challenges with multicloud – including security issues IT leaders face in building a true multicloud architecture. Join us as we shed light ...
Research on the most common techniques attackers used to breach systems provides insight on where to focus your defenses.
PwC Chief Information and Technology Officer James Shira is an expert on managing security's big picture. With the growing focus on risk management from boards and senior leadership, James shares advice on keeping security and risk management a top p...
Follow this advice to help prevent domain password compromise or lateral movement should your password be compromised.
Changing the Kerberos password will help prevent golden ticket attacks on Active Directory.
CSO’s Lucian Constantin joins Computerworld’s Matthew Finnegan and Executive Editor Ken Mingis to explain what companies should do to keep their remote employees — and valuable corporate data and info — safe. Secure remote access is key, and ...
M365 Defender has new protections against credential theft and a new threat analytics portal.
As Global CISO for GE, Justin Acquaro is an expert at providing access to critical applications for a large employee population – all with trust at scale. With an emphasis on strong user investment, a dedicated cross-function team, and strategic ex...
Advanced Auditing is a powerful new tool that will help track down attacker activities in Microsoft Windows environments—if you have the right license.
Check your OAuth third-party authentication privileges in Microsoft 365 and Azure to prevent unauthorized access.
The web browser is now the portal that most employees use to access data and apps. These tips will help prevent attackers from exploiting it.
Microsoft has updated its Common Vulnerability Scoring System. Here’s a walk-through the changes.
Liberty Mutual’s Cybersecurity and Cloud Specialist Don Richard, IDC’s Program VP for Cybersecurity Products Frank Dickson, and IDG’s Editor-in-Chief of Enterprise Eric Knorr are all experts on cloud security. They discuss the nexus of how clou...
The SolarWinds attackers used sophisticated techniques to steal admin credentials. Here’s what to look for in AD.
While the federal government and businesses continue to reel from the SolarWinds attack, members of Congress have begun proposing cybersecurity measures to better strengthen the United States against foreign cyber attacks. In this episode of Today in...
Poorly executed phishing simulations can send the wrong message to employees. Here’s how to do it right.
Jeff Thomas is CSO of Prudential Financial where his team created a CSO50 award-winning workplace threat management training course designed to capture employee attention and maintain interest. The solution combines a story with a graphic novel look-...
Vendors and government agencies are making information and tools available to detect and prevent attacks like SolarWinds.
Kevin Charest is CISO of Health Care Service Corporation where his team created a CSO50 award-winning Cyber Fusion Center for cyber defense representing collaboration across five Blue Cross and Blue Shield plans in Illinois, Montana, New Mexico, Okla...
The recent SolarWinds attack underscores the danger many companies face from nation-state actors. Here’s how to prepare your Windows networks from the threat.
Michael Kenney is Lead Information Security Engineer at Penn Medicine where they’ve created their CSO50 award-winning ‘Penn Test Security Challenge’ that leverages gamification penetration testing exercises to add value. By building skills in a...
Shawn Riley is CISO for the ND Information Technology Department serving the State of North Dakota’s government agencies. Its CSO50 award-winning K-20W initiative (kindergarten through PhD and workforce) called “Every Student, Every School, Cyber...
Attackers use malicious JavaScript files masquerading as legitimate updates to execute ransomware and other malware attacks. These simple steps will stop them.
Eric Simmons, Information Security Manager and Application Security Lead at Aaron’s, and Jeremy Brooks, Information Security Architect at Aaron's, led a CSO50 award-winning project to rethink application security for efficiency and speed. Partnerin...
CSO worldwide managing director Bob Bragdon discusses today’s issues with CSO editors from Australia, Germany, the United Kingdom and the United States. How is security evolving in various parts of the world with continued remote work? What’s the...
Tim Youngblood is Global CISO at McDonald's, one of the world's largest food service companies. Having worked at other large organizations, Tim's developed a unique understanding of the various stages in evolving your career to the CISO level. Join u...
Aravind Swaminathan is a former cybercrime prosecutor and is currently Global Co-Chair of Cyber, Privacy & Data Innovation at Orrick, Herrington & Sutcliffe LLP where he’s directed more than 200 cybersecurity and data breach investigations. He disc...
Greg Wood is SVP of Information Security & Risk Management at The Walt Disney Company, one of the world’s largest media and entertainment companies. With an early life passion for technology, Greg discovered the critical role of security in a chang...
Organizations commonly leave openings for attackers to take control of subdomains set up in Azure. These tips will block them from doing so.
BEC campaigns are finding clever ways to bypass some protections. Use this advice to tighten up controls to keep malicious emails from getting through in Microsoft 365.
Attackers covet credentials, and Windows admins sometimes make it too easy for them. Here’s how to harden Windows networks against credential theft.
Criminals will try to change Windows Active Directory Group Policy security settings to enable attacks. Here’s how to stop them.
These new rules, part of Windows Defender, can help prevent damage from phishing and other attacks.
Ransomware perpetrators count on Windows security admins to make these common mistakes. Here’s how to find and fix them.
Swatting is a form of harassment in which attackers try to trick police forces into sending a heavily armed strike force — often a SWAT team, which gives the technique its name — to a victim's home or business. Learn more about swatting and how t...
Artificial intelligence and machine learning projects require a lot of complex data, which presents a unique cybersecurity risk. Security experts are not always included in the algorithm development process, resulting in effective but potentially vul...
Windows 10 S Mode allows you to whitelist approved applications and block unauthorized applications from running on your network.
The risk from two newly discovered Windows vulnerabilities could be mitigated if you’ve properly segmented your network. Here’s what you need to know.
Doxing is the practice of posting someone's personal information online without their consent. Doxers aim to reveal information that can move their conflict with their targets from the internet to the real world, including home addresses, employers, ...
With some versions of Windows 10 off support or going off support soon, it’s time to review what security features you’re missing if you haven’t updated recently. Follow along here with the full Microsoft Ignite presentation, Windows 10 innovat...
Multi-factor authentication, strong patch management, device control, and adherence to security benchmarks go a long way to protecting your Windows network.
Microsoft has provided new guidance in the form of benchmarks to make sure your Azure environment is secure.
Microsoft will soon discontinue support for Adobe Flash. Here’s how to transition to secure alternatives while blocking unsafe use of Flash.
The Zerologon flaw could give attackers domain admin privileges. Here’s how the two-step patching process to fix it works.
If a security incident occurs on your Windows network, are you prepared to do a thorough investigation? These tips and tools will help.
Microsoft has rolled out new security settings for Office 365, but the default configuration for email might not be right for your organization.
COVID has changed tactics that attackers use to compromise Windows networks. These are the vulnerabilities they now favor.
Default Windows event log settings won’t give you all the information you need to investigate security incidents. Here’s how to get the info you need.
Attackers often gain access to networks through the printers connected to them. Here’s how to address printer vulnerabilities on your network.
Don't let the cute name fool you, smishing (a portmanteau of 'SMS' and 'phishing') is a cyberattack that uses misleading text messages to trick victims into sharing valuable information, installing malware, or giving away money.