News

Cybercriminals are stealing data and running full-scale businesses around it. Europol’s latest Internet Organised Crime Threat Assessment (IOCTA) report reveals how personal data is now a core currency in the underground economy. Data is the product Cybercriminals go after everything from login credentials to credit card numbers, medical records, and social media accounts. The data criminals collect helps them access accounts, impersonate users, or sell that access to others. Europol stresses that access to an … More →

The post Cybercriminals are turning stolen data into a thriving black market appeared first on Help Net Security.

In cybersecurity, there’s an urge to collect as much data as possible. Logs, alerts, metrics, everything. But more data doesn’t necessarily translate to better security. SOCs deal with tens of thousands of alerts every day. It’s more than any person can realistically keep up with. When too much data comes in at once, things get missed. Responses slow down and, over time, the constant pressure can lead to burnout. According to a Vectra AI survey, … More →

The post The path to better cybersecurity isn’t more data, it’s less noise appeared first on Help Net Security.

The post Cybersecurity jobs available right now: June 10, 2025 appeared first on Help Net Security.

In this Help Net Security interview, Renana Friedlich-Barsky, EVP and CISO at LPL Financial, discusses how threat actors are targeting high-net-worth clients and exploiting digital touchpoints in wealth management. She explains why firms must embed security from the start to protect sensitive assets and ensure seamless, secure client experiences. How are threat actors evolving their tactics to target high-net-worth clients or exploit digital touchpoints in wealth management platforms? Threat actors are becoming more targeted and … More →

The post Balancing cybersecurity and client experience for high-net-worth clients appeared first on Help Net Security.

In this Help Net Security interview, Benny Porat, CEO at Twine Security, discusses applying AI agents to security decisions. He explains why identity and access management (IAM) is the ideal starting point for both augmentation and automation, and shares advice on building trust in AI agents and integrating them into existing workflows.

The post Why IAM should be the starting point for AI-driven cybersecurity appeared first on Help Net Security.

The post Cybersecurity jobs available right now: June 3, 2025 appeared first on Help Net Security.

In this Help Net Security interview, William Lyne, Deputy Director of UK’s National Crime Agency, discusses the cybercrime ecosystem and the threats it enables. He explains how cybercrime is becoming more accessible and fragmented. Lyne also talks about key trends, recent disruptions, and collaboration between law enforcement and the private sector. What are the most concerning trends you’re seeing in cybercriminal behaviour today? Cybercrime is a constantly evolving threat, which is supported and enabled by … More →

The post How global collaboration is hitting cybercriminals where it hurts appeared first on Help Net Security.

A coalition of banking industry associations, including SIFA, the American Bankers Association (ABA), Bank Policy Institute (BPI), and several other lobbying groups have made a disgraceful appeal to the SEC to eliminate the rule requiring public disclosure of material cybersecurity incidents within four days of detection. This rule was established to ensure shareholders are properly informed and potential victims receive timely notice so they can take protective action, which wasn’t happening consistently before the rule … More →

The post Bankers Association’s attack on cybersecurity transparency appeared first on Help Net Security.

Resecurity has officially launched its AI-driven Compliance Manager. The solution is engineered to help CISOs and compliance teams manage complex regulatory demands, reduce risk, and maintain alignment with global cybersecurity standards. The Compliance Manager delivers centralized visibility, automation, and expert-level guidance to ensure organizations stay audit-ready and resilient in the face of expanding data protection and information security regulations. The platform currently supports over 20 international and regional compliance frameworks, including: GDPR (General Data Protection … More →

The post Resecurity Compliance Manage empowers cybersecurity leaders with AI-driven insights appeared first on Help Net Security.

At Span Cyber Security Arena, I sat down with Ria Shetty, Director, Cyber Security & Resilience for Europe at Mastercard. Our conversation cut through the hype and focused on what CISOs deal with every day: how to embed security into innovation, manage supply chain risk, and prepare both systems and people for the threats ahead. For Shetty, the idea that innovation competes with security is a false choice. “They go hand in hand,” she says. … More →

The post What CISOs can learn from the frontlines of fintech cybersecurity appeared first on Help Net Security.

Cybersecurity leaders and consultants identified AI-driven automation and cost optimization as top organizational priorities, according to Wipro. 30% of respondents are investing in AI automation to enhance their cybersecurity operations. AI-driven automation can help in detecting and responding to threats more quickly and accurately, thereby reducing the need for extensive manual intervention. 26% of respondents are focusing on tools rationalization. This approach involves evaluating and consolidating duplicate security tools across platforms to eliminate redundancies and … More →

The post CISOs prioritize AI-driven automation to optimize cybersecurity spending appeared first on Help Net Security.

If you’re new to cybersecurity and looking for a book that doesn’t overwhelm you with jargon or dive too deep into technical territory, Cybersecurity For Dummies might be a solid starting point. It’s written with beginners in mind and assumes you know how to use a smartphone and computer but not much more. This latest edition, published in 2025, adds newer topics like AI threats, which help keep the material relevant. About the author Joseph … More →

The post Review: Cybersecurity For Dummies, 3rd Edition appeared first on Help Net Security.

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Vuls: Open-source agentless vulnerability scanner Vuls is an open-source tool that helps users find and manage security vulnerabilities. It was created to solve the daily problems admins face when trying to keep servers secure. LlamaFirewall: Open-source framework to detect and mitigate AI centric security risks LlamaFirewall is a system-level security framework for LLM-powered applications, built with a … More →

The post Hottest cybersecurity open-source tools of the month: May 2025 appeared first on Help Net Security.

Application Security Engineer, SDO AppSec Amazon | EMEA | Hybrid – View job details As an Application Security Engineer, SDO AppSec, you will be responsible for creating, updating, and maintaining threat models across a diverse range of software projects. Part of your role will involve developing security automation tools to enhance efficiency and consistency. You will perform adversarial security analysis, leveraging tools to complement manual testing efforts. CISO AudioCodes | Israel | Hybrid – View … More →

The post Cybersecurity jobs available right now: May 27, 2025 appeared first on Help Net Security.

DefectDojo announced next-gen Security Operations Center (SOC) capabilities for DefectDojo Pro, which provides both SOC and AppSec professionals a unified platform for noise reduction and prioritization of SOC alerts and AppSec findings. As both SOC and AppSec teams attempt to cut through noisy data from a sprawling set of tools and sources, Dojo Pro now allows two security teams to work from the same platform. SOC teams, like their counterparts in AppSec, are facing a … More →

The post DefectDojo’s SOC capabilities simplify cybersecurity operations appeared first on Help Net Security.

A wave of layoffs has swept through the tech industry, leaving IT teams in a rush to revoke all access those employees may have had. Additionally, 54% of tech hiring managers say their companies are likely to conduct layoffs within the next year, and 45% say employees whose roles can be replaced by AI are most likely to be let go, according to General Assembly. Taking away access to company data the moment someone leaves … More →

The post Why layoffs increase cybersecurity risks appeared first on Help Net Security.

Outsourcing cybersecurity can be a practical and affordable option. It allows small businesses to get the protection they need without straining their budgets, freeing up time and resources to focus on core operations. 76% of SMBs lack the in-house skills to properly address security issues, increasing demand for the expertise and services of MSPs, and 78% are concerned that a severe cyberattack could drive them out of operation, according to ConnectWise. What you can outsource … More →

The post Outsourcing cybersecurity: How SMBs can make smart moves appeared first on Help Net Security.

CISO Vault Cloud | Australia | Hybrid – View job details As a CISO, you will lead company’s cloud security strategy, scale the SOC team, and manage cyber threats to protect national data. You’ll work with stakeholders to enhance security, develop advanced tools, maintain up-to-date policies, and align company’s direction with government and industry partners. Chief Information Officer Aspira | USA | On-site – View job details As a Chief Information Officer, you will create, … More →

The post Cybersecurity jobs available right now: May 20, 2025 appeared first on Help Net Security.

Absolute Security announced new Extreme Resilience capabilities available in Rehydrate, an Absolute Resilience Platform module. Rehydrate enables remote restoration of Windows endpoints at enterprise scale with a single click. It delivers full recovery even when the device OS and other security or management tools have crashed, been compromised, or become corrupted. With these new Extreme Resilience capabilities, Rehydrate is now the only business continuity restoration solution that offers playbook-driven response capabilities that empower Security and … More →

The post Absolute Extreme Resilience accelerates recovery following cyberattacks and IT incidents appeared first on Help Net Security.

AI systems can sometimes produce outputs that are incorrect or misleading, a phenomenon known as hallucinations. These errors can range from minor inaccuracies to misrepresentations that can misguide decision-making processes. Real world implications “If a company’s AI agent leverages outdated or inaccurate data, AI hallucinations might fabricate non-existent vulnerabilities or misinterpret threat intelligence, leading to unnecessary alerts or overlooked risks. Such errors can divert resources from genuine threats, creating new vulnerabilities and wasting already-constrained SecOps … More →

The post AI hallucinations and their risk to cybersecurity operations appeared first on Help Net Security.

The Linux Foundation, in collaboration with OpenSSF and Linux Foundation Education, has released the Cybersecurity Skills Framework, a global reference guide that helps organizations identify and address critical cybersecurity competencies across a broad range of IT job families. “Cybersecurity is now a leadership issue, not just a technical one,” said Steve Fernandez, General Manager at OpenSSF. “Our framework gives organizations a straightforward way to identify gaps and prioritize the security skills that matter most, based … More →

The post Cybersecurity Skills Framework connects the dots between IT job roles and the practical skills needed appeared first on Help Net Security.

Stressful work environments don’t just erode morale, they can quietly undermine cybersecurity. When employees feel overworked, unsupported, or mistreated, their judgment and decision-making suffer. “From an organizational perspective, a toxic culture often leads to increased errors, missed threats, decreased productivity, and higher turnover rates,” said Rob Lee, Chief of Research and Head of Faculty at SANS Institute. According to CyberArk, 65% of office workers admit they’ve bypassed cybersecurity policies to stay productive. Frustration and anger … More →

The post How working in a stressful environment affects cybersecurity appeared first on Help Net Security.

In this Help Net Security interview, Anne Sofie Roed Rasmussen, CISO at Novonesis, discusses how a science-driven organization approaches cybersecurity, aligning innovation with protection, measuring cultural progress, managing shadow IT, and earning trust from scientific leaders. How do you measure progress when it comes to building a cybersecurity culture in a science-driven organization? Science, exploration, and innovation are at the heart of our organizational DNA. However, no one is immune to making mistakes—anyone, regardless of … More →

The post Building cybersecurity culture in science-driven organizations appeared first on Help Net Security.

All organizations erect silos – silos between groups and departments, across functions and among technologies. Silos represent differences in practices, culture and operations. Their presence inhibits communication and collaboration. As companies scale from startup to mid-sized and beyond, silos multiply and ossify. As operations expand from one site to many, from on-premises to cloud, from legacy to emerging tech (e.g., cloud and AI), silos don’t topple; they persist and proliferate. Nowhere are silos more evident … More →

The post Breaking down silos in cybersecurity appeared first on Help Net Security.

Resilient Cybersecurity touches on nearly every major function of enterprise cybersecurity, from threat detection and identity management to vendor risk and regulatory compliance. About the author Mark Dunkerley is a cybersecurity and technology leader with over 20 years of experience working in higher education, healthcare and Fortune 100 companies. Inside the book The structure of the book mirrors the process of building a cybersecurity program from the ground up. Early chapters focus on understanding the … More →

The post Review: Resilient Cybersecurity appeared first on Help Net Security.

The post Cybersecurity jobs available right now: May 13, 2025 appeared first on Help Net Security.

For a while now, AI has played a part in cybersecurity. Now, agentic AI is taking center stage. Based on pre-programmed plans and objectives, agentic AI can make choices which optimize results without a need for developer intervention. As agentic AI can be programmed for various tasks, AI agents are set to create a labor revolution, from manufacturing to customer service. However, this comes at a cost, as they can also be programmed to conduct … More →

The post AI vs AI: How cybersecurity pros can use criminals’ tools against them appeared first on Help Net Security.

In this Help Net Security video, Chase Doelling, Principal Strategist at JumpCloud, discusses the overlooked security risks associated with improper offboarding. Though many organizations focus on securely onboarding new employees, they often overlook the security risks associated with properly offboarding workers, especially when offboarding happens in mass and unexpectedly. The process of offboarding can be complex and urgent, often requiring IT teams to act quickly to deactivate access. However, many security teams are already stretched … More →

The post Layoffs pose a cybersecurity risk: Here’s why offboarding matters appeared first on Help Net Security.

Most people think great presenters are born with natural talent. Luka Krejci, a presentation expert, disagrees. “They are called presentation skills. Skills, not talent,” he says. “Any skill, be it dancing, football, or presenting, can be developed only if you commit and practice.” So, the first step is obvious: Quit avoiding presentations. The more you do them, the better you’ll get. Content first, delivery second We tend to focus on the performance side of presenting: … More →

The post How to give better cybersecurity presentations (without sounding like a robot) appeared first on Help Net Security.

Resecurity launched Resecurity One, the next-generation cybersecurity platform designed to improve how organizations approach cybersecurity. Resecurity One combines Digital Risk Management, Cyber Threat Intelligence, Endpoint Protection, Identity Protection, Supply Chain Risk Monitoring, and xDR capabilities into a unified solution, providing comprehensive protection against evolving cyber threats. Resecurity One is a breakthrough in cybersecurity technology that addresses the challenges faced by organizations of all sizes in managing multiple cybersecurity products. By integrating various cybersecurity functionalities into … More →

The post Resecurity One simplifies cybersecurity operations appeared first on Help Net Security.

Only 4% of organizations worldwide have achieved the ‘mature’ level of readiness required to withstand cybersecurity threats, according to Cisco’s 2025 Cybersecurity Readiness Index. This is a slight increase from last year’s index, in which 3% of organizations worldwide were designated as mature. This demonstrates that despite a slight improvement from last year, global cybersecurity preparedness remains low as hyperconnectivity and AI introduce new complexities for security practitioners. AI is changing the threat landscape AI … More →

The post Global cybersecurity readiness remains critically low appeared first on Help Net Security.

Within the average enterprise, non-human identities (NHIs) now outnumber employees, contractors, and customers by anything between 10-to-1 and 92-to-1. Add to this the fragmentation of human identity management resulting from authorizing a single person’s access to multiple on-premises, cloud computing and hybrid environments, and enterprise identity and access management (IAM) becomes extremely challenging. Trust no-one The concept of applying zero-trust policies to reduce the risk of unauthorized access to corporate IT environments has been promoted … More →

The post How agentic AI and non-human identities are transforming cybersecurity appeared first on Help Net Security.

Application Security Specialist Signify | Netherlands | On-site – View job details As an Application Security Specialist, you will define and deploy the application security strategy for security improvements to be in pair with the industry and its benchmarks. Coordinate and perform security and vulnerability assessments, code reviews, pen tests and verifications, and drives remediation. Identify, assess, and manage risks to meet the security needs of the organization. CloudOps – Security TeKnowledge | UAE | … More →

The post Cybersecurity jobs available right now: May 6, 2025 appeared first on Help Net Security.

Most attacks don’t start with malware; they begin with a message that seems completely normal, whether it comes through email, a phone call, or a chat, and that is exactly what makes them so effective. These threats rely on psychological manipulation to bypass people, not firewalls. Pressure is applied, authority is faked, and communication is mimicked. Social engineering threats account for most cyberthreats faced by individuals in 2024, according to Avast. Some people are easier … More →

The post How cybercriminals exploit psychological triggers in social engineering attacks appeared first on Help Net Security.

CISOs know cyber risk is business risk. Boards don’t always see it that way.​ For years, CISOs have struggled to get boards to understand security beyond buzzwords. Many feel they’re either ignored or misunderstood. But with threats growing and regulations tightening, that’s changing. Boards now expect CISOs to speak their language: risk, dollars, impact.​ Here’s how security leaders can get through, with real-world tips on making cybersecurity resonate in the boardroom. Translate risk into dollars … More →

The post How CISOs can talk cybersecurity so it makes sense to executives appeared first on Help Net Security.

Threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders, according to Fortinet.

The post AI and automation shift the cybersecurity balance toward attackers appeared first on Help Net Security.

Phone theft is a rising issue worldwide, and it’s more than just a property crime. It’s a serious cybersecurity threat. In the UK alone, the Metropolitan Police seizes 1,000 phones each week. Stolen phones don’t just go to local black markets. They often get funneled into larger criminal operations. For example, stolen phones can be used to bypass security features or be reprogrammed and resold. In 2024, Europol uncovered a massive phishing network that affected … More →

The post Phone theft is turning into a serious cybersecurity risk appeared first on Help Net Security.

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. GoSearch: Open-source OSINT tool for uncovering digital footprints GoSearch is an open-source OSINT tool built to uncover digital footprints linked to specific usernames. Designed for speed and accuracy, it lets users quickly track someone’s online presence across multiple platforms. Hawk Eye: Open-source scanner uncovers secrets and PII across platforms Hawk Eye is an open-source tool that helps … More →

The post Hottest cybersecurity open-source tools of the month: April 2025 appeared first on Help Net Security.

The new ETSI TS 104 223 specification for securing AI provides reliable and actionable cybersecurity guidance aimed at protecting end users. Adopting a whole-lifecycle approach, the framework outlines 13 core principles that expand into 72 detailed, trackable principles across five key phases of the AI lifecycle, all designed to enhance the overall security of AI systems. The specification details transparent, high-level principles and provisions for securing AI. It provides stakeholders in the AI supply chain—from … More →

The post 13 core principles to strengthen AI cybersecurity appeared first on Help Net Security.

Artificial Intelligence for Cybersecurity is a practical guide to how AI and machine learning are changing the way we defend digital systems. The book aims to explain how AI can help solve real cybersecurity problems. It does that well, but it’s not for everyone. About the authors Bojan Kolosnjaji is a principal engineer and researcher specializing in AI-driven anomaly detection and large-scale cybersecurity analytics, with a PhD from TUM. Xiao Huang is a Stanford visiting … More →

The post Review: Artificial Intelligence for Cybersecurity appeared first on Help Net Security.

It begins with a simple notification: “Markets in Free Fall.” Within moments, the headlines multiply: new tariffs, emergency actions, plummeting consumer confidence. Across boardrooms and break rooms, anxiety ripples at every level. People begin refreshing inboxes and apps for guidance from leadership teams, advisors, and experts. Right there, buried among legitimate memos and updates, the attacker slips in. A fake social media message. A bogus government alert. An urgent vendor notification that looks just convincing … More →

The post When confusion becomes a weapon: How cybercriminals exploit economic turmoil appeared first on Help Net Security.

Application Security Analyst Greenway Health | India | Remote – View job details As an Application Security Analyst, you will conduct regular security assessments of applications, including static and dynamic analysis, to identify vulnerabilities in code, configurations, and third-party dependencies. Ensure application security practices comply with healthcare regulations and industry standards. Manage and configure vulnerability scanning and security testing tools to maximize coverage and efficiency. Application Security Engineer ControlUp | Israel | Hybrid – View … More →

The post Cybersecurity jobs available right now: April 23, 2025 appeared first on Help Net Security.

Attackers are focusing more on stealing identities. Because of this, companies need to use zero trust principles. They should also verify user identities more carefully, says DirectDefense. Researchers analyzed thousands of alerts, mapping them to the MITRE ATT&CK framework, a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. Top five attack tactics Initial access: Initial access remains the most frequently-observed adversarial tactic, representing more than 27% of escalated alerts. In 2024, … More →

The post Cybercriminals blend AI and social engineering to bypass detection appeared first on Help Net Security.

AI readiness in cybersecurity involves more than just possessing the latest tools and technologies; it is a strategic necessity. Many companies could encounter serious repercussions, such as increased volumes of advanced cyber threats, if they fail to exploit AI due to a lack of clear objectives, inadequate data readiness or misalignment with business priorities. Foundational concepts are vital for constructing a robust AI-readiness framework for cybersecurity. These concepts encompass the organization’s technology, data, security, governance … More →

The post Strategic AI readiness for cybersecurity: From hype to reality appeared first on Help Net Security.

In this Help Net Security interview, Sandy Kronenberg, CEO of Netarx, discusses how cybercriminal groups are adopting corporate structures and employee incentives to scale operations, retain talent, and evade detection. He covers the strategic collaborations behind major attacks, business-like parallels, and the implications of these shifts as these groups grow more sophisticated. What motivates cybercriminal groups to adopt mainstream corporate structures and employee incentives, and what impact does this have on recruitment and retention? Loose, … More →

The post Cybercriminal groups embrace corporate structures to scale, sustain operations appeared first on Help Net Security.

In this Help Net Security video, Jennifer Chen, Executive Director of the Association of Corporate Counsel (ACC) Foundation, discusses how globally, Chief Legal Officers (CLOs) are becoming integral leaders in cybersecurity strategy, holding leadership positions, and frequently reporting cybersecurity strategies to the company board. According to the ACC Foundation, the findings highlight a significant shift in how cybersecurity is viewed through a legal and governance lens. Key findings include: Half of CLOs (50%) are part … More →

The post Chief Legal Officers step up in cybersecurity oversight appeared first on Help Net Security.

CISO Department of Justice | Australia | On-site – View job details As a CISO, you will be responsible for developing and implementing a cyber security strategy as well as establishing and maintaining the organisation’s strategic enterprise-wide information and cyber security management program. Cloud Security Architect Kinaxis | Canada | Remote – View job details As a Cloud Security Architect, you will design secure patterns for workloads deployed on Infrastructure-as-a-Service, Platform-as- a-Service and Software-as-a-Service environments, … More →

The post Cybersecurity jobs available right now: April 15, 2025 appeared first on Help Net Security.

In this Help Net Security interview, Kevin Serafin, CISO at Ecolab, discusses aligning security strategy with long-term business goals, building strong partnerships across the organization, and approaching third-party risk with agility. How do you define cyber risk within your organization’s overall enterprise risk framework? At Ecolab, we don’t approach cyber risk in isolation. Instead, it’s positioned as an integral component of our overall enterprise risk management framework. We define cyber risk as the potential for … More →

The post Transforming cybersecurity into a strategic business enabler appeared first on Help Net Security.

62% of utility operators were targeted by cyberattacks in the past year, and of those, 80% were attacked multiple times, according to Semperis. 54% suffered permanent corruption or destruction of data and systems. (Source: Semperis) Utilities face rising cyber threats Recent high-profile cyberattacks by nation-state groups on water and electricity utilities underscore the vulnerability of critical infrastructure. A public utility in Littleton, MA, was recently compromised by a group linked to Volt Typhoon, the Chinese … More →

The post Cyberattacks on water and power utilities threaten public safety appeared first on Help Net Security.

Application Security Engineer (DevSecOps & VAPT) Derisk360 | India | On-site – View job details As an Application Security Engineer (DevSecOps & VAPT), you will integrate security into CI/CD pipelines, conduct vulnerability assessments and penetration testing, and use tools like SonarCloud and Checkmarx for secure code analysis. You will also guide developers on secure coding practices, perform code reviews, and conduct regular application security audits. Cyber and Information Security Architect Prospera Credit Union | Canada | … More →

The post Cybersecurity jobs available right now: April 8, 2025 appeared first on Help Net Security.

Technology has entered all areas of life, and our cars are no exception. They have become computers on wheels, equipped with sensors, software, and connectivity that provide safety and comfort. However, like all technological innovations, this one also brings risks, making cars vulnerable to cyberattacks. The very fact that someone can hack a vehicle and take control of it is terrifying, turning scenarios from movies into reality. Add to this the fact that software in … More →

The post Connected cars drive into a cybersecurity crisis appeared first on Help Net Security.

In 56% of Sophos managed detection and response (MDR) and incident response (IR) cases, attackers gained initial access to networks by exploiting external remote services, including edge devices such as firewalls and VPNs, and by leveraging valid accounts. Compromised credentials remain the top cause of attacks The combination of external remote services and valid accounts aligns with the top root causes of attacks. For the second year in row, compromised credentials were the number one … More →

The post Cybercriminals exfiltrate data in just three days appeared first on Help Net Security.

You’re in the middle of a sprint, juggling deadlines, debugging code, fine-tuning pipelines, and then it happens—you stumble across the perfect cybersecurity tool. It promises to eliminate secrets in logs, reduce risks in CI/CD pipelines, and save countless hours chasing security anomalies. But there’s one final boss to clear: the C-suite. Convincing leadership, especially those more attuned to balance sheets than breach reports, can feel like selling a Wi-Fi router to someone without any internet … More →

The post 7 ways to get C-suite buy-in on that new cybersecurity tool appeared first on Help Net Security.

Cybersecurity isn’t what it used to be. Attackers are moving quicker, disruptions happen all the time, and many security plans built for more predictable times just can’t keep up. With everything from ransomware to geopolitical threats to cloud slip-ups hitting companies, there’s a shift happening: security needs to be ready for chaos, not just focused on keeping things safe. That shift changes everything: how companies plan, how they invest, and how they recover. From protection … More →

The post Building a cybersecurity strategy that survives disruption appeared first on Help Net Security.

The Travelers Companies announced Travelers Cyber Risk Services, a suite of capabilities added to all cyber liability policies designed to help lower both the risk of a cyberattack and the cost to recover from one. In addition to always-on threat monitoring and tailored alerts, key benefits of Travelers Cyber Risk Services include: Cyber Risk Dashboard: This 24/7 tool gives consumers the ability to monitor risks and track progress over time, view customized recommendations ranked by … More →

The post Travelers Cyber Risk Services reduces the risk of a cyberattack appeared first on Help Net Security.

Cloud Security Engineer Fexco | Ireland | Hybrid – View job details As a Cloud Security Engineer, you will design and implement security frameworks for cloud environments. Enforce secure access policies, MFA, and least privilege principles. Develop automated security solutions using IaC and scripting. Perform security assessments and recommend improvements. Cyber Security Analyst Shannex | Canada | On-site – View job details As a Cyber Security Analyst, you will develop and maintain security architecture principles, … More →

The post Cybersecurity jobs available right now: April 1, 2025 appeared first on Help Net Security.

With global tensions climbing, cyber attacks linked to nation-states and their allies are becoming more common, sophisticated, and destructive. For organizations, cybersecurity can’t be treated as separate from world events anymore, they’re closely connected. Conflict between countries is spilling into cyberspace. Whether it’s during military escalations, trade disputes, or diplomatic standoffs, governments are using cyber operations to exert pressure, gather intelligence, or disrupt systems. These attacks often hit private businesses, not just governments or critical … More →

The post Why global tensions are a cybersecurity problem for every business appeared first on Help Net Security.

Most people groan at the prospect of security training. It’s typically delivered through dull online videos or uninspiring exercises that fail to capture real-world urgency. To make a real difference in cyber crisis readiness, personnel need the opportunity to test their mettle in a crisis, to build the muscle memory and decision-making skills that will make a difference when a real attack occurs. This is where cyber simulations come in, by providing the opportunity to … More →

The post How to build an effective cybersecurity simulation appeared first on Help Net Security.

Stellar Cyber launched its Open Cybersecurity Alliance based on its award-winning Open XDR platform. This initiative streamlines security operations, improves interoperability, and enhances threat detection and response for enterprises and MSSPs. The new alliance challenges the idea that in order to be effective, ecosystems must be built on proprietary data or a closed model, with a “members-only” approach advocating for a specific data format. The Open Cybersecurity Alliance takes a completely different approach by enabling … More →

The post Stellar Cyber Open Cybersecurity Alliance enhances threat detection and response appeared first on Help Net Security.

The European Commission has approved the 2025-2027 Digital Europe Programme (DIGITAL) work program, allocating €1.3 billion to advance key technologies essential for the EU’s future and technological sovereignty. DIGITAL is an EU funding initiative designed to bring digital technology closer to businesses, citizens, and public administrations. Digital technology is essential for communication, work, science, and tackling environmental challenges. The COVID-19 pandemic highlighted Europe’s reliance on external systems, while Russia’s war against Ukraine exposed vulnerabilities in … More →

The post EU invests €1.3 billion in AI and cybersecurity appeared first on Help Net Security.

Global cybersecurity spending is expected to grow by 12.2% in 2025, according to the latest forecast from the IDC Worldwide Security Spending Guide. The rise in cyber threats is pushing organizations to invest more in their defenses. AI tools are making these threats more sophisticated, which is adding to the urgency. IDC says this steady climb in spending will continue through 2028, hitting $377 billion by then. The U.S. and Western Europe will still make … More →

The post Cybersecurity spending set to jump 12.2% in 2025 appeared first on Help Net Security.

89% of healthcare organizations have the top 1% of riskiest Internet of Medical Things (IoMT) devices – which contain known exploitable vulnerabilities (KEVs) linked to active ransomware campaigns as well as an insecure connection to the internet – on their networks, according to Claroty. These figures represent a highly targeted, critical area where most security teams should prioritize their remediation efforts. The report is based on an analysis of over 2.25 million IoMT and 647,000 … More →

The post Healthcare’s alarming cybersecurity reality appeared first on Help Net Security.

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Hetty: Open-source HTTP toolkit for security research Hetty is an open-source HTTP toolkit designed for security research, offering a free alternative to commercial tools like Burp Suite Pro. Fix Inventory: Open-source cloud asset inventory tool Fix Inventory is an open-source tool for detecting compliance and security risks in cloud infrastructure accounts. Commix: Open-source OS command injection exploitation … More →

The post Hottest cybersecurity open-source tools of the month: March 2025 appeared first on Help Net Security.

In this Help Net Security interview, Kim Crawley, cybersecurity expert and Professor at the Open Institute of Technology, discusses her latest book, The Ultimate Cybersecurity Careers Guide. She shares insights on how aspiring professionals can break into the field and explores the importance of continuous learning. What makes this guide different from other available cybersecurity career resources? That’s an excellent question. The vast majority of books on cybersecurity certifications are guides to one particular certification … More →

The post A closer look at The Ultimate Cybersecurity Careers Guide appeared first on Help Net Security.

Spring cleaning isn’t just for your closets; security teams should take the same approach to their security operations data, where years of unchecked log growth have created a bloated, inefficient and costly mess. The modern Security Operations Center (SOC) is drowning in security telemetry from endpoints, cloud, SaaS applications, identity platforms and a growing list of other sources. In practice, most of these are redundant, irrelevant, or just outright noise, and are affecting detection effectiveness, … More →

The post Spring clean your security data: The case for cybersecurity data hygiene appeared first on Help Net Security.

Analyst – Cyber Threat Intelligence Adecco | UAE | On-site – View job details As an Analyst – Cyber Threat Intelligence, you will conduct threat hunting missions across multi-cloud environments and perform cyber forensics to analyze security incidents. You will also engage in offensive security assessments, participate in red teaming, and support incident response efforts to mitigate breaches. Application and Product Security Senior Analyst (Penetration Testing) Vertiv | USA | On-site – View job details … More →

The post Cybersecurity jobs available right now: March 25, 2025 appeared first on Help Net Security.

By now, it’s no secret—cyber threats are on the rise, and the need for strong cybersecurity is greater than ever. Globally small and medium-sized businesses (SMBs) are prime targets for cyberattacks, yet many can’t afford a full-time Chief Information Security Officer (CISO). That’s where the virtual CISO (vCISO) model comes in, offering a cost-effective way for SMBs to get expert security leadership in using a flexible model and without the big price tag. For MSPs … More →

The post The vCISO Academy: Transforming MSPs and MSSPs into cybersecurity powerhouses appeared first on Help Net Security.

AI Security Architect Verizon | USA | Hybrid – View job details As an AI Security Architect, you will ensure security architecture reviews are integrated into Verizon’s AI development lifecycle. This includes embedding robust security measures from design to deployment, conducting risk assessments on AI models, and implementing security tools and protocols in AI/ML operations. Application Penetration Tester – Cyber Security Supervisor RSM US LLP | USA | Hybrid – View job details As an … More →

The post Cybersecurity jobs available right now in the USA: March 20, 2025 appeared first on Help Net Security.

Application Security Expert monday.com | United Kingdom | Hybrid – View job details As an Application Security Expert, you will provide guidance on security best practices and compliance, and undertake security testing. Develop security testing plans and integrate them into the software development lifecycle. Perform and oversee security testing and manage remediation of identified vulnerabilities. Application Security Analyst II, Information Security First National Financial | Canada | On-site – View job details As an Application … More →

The post Cybersecurity jobs available right now: March 18, 2025 appeared first on Help Net Security.

Packed with real-world case studies and practical examples, Cybersecurity Tabletop Exercises offers insights into how organizations have successfully leveraged tabletop exercises to identify security gaps and enhance their incident response strategies. The authors explore a range of realistic scenarios, including phishing campaigns, ransomware attacks, and insider threats, demonstrating how these exercises can uncover vulnerabilities before an actual crisis occurs. It also highlights key lessons learned from exercises that didn’t go as planned, providing a well-rounded … More →

The post Review: Cybersecurity Tabletop Exercises appeared first on Help Net Security.

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: NIST selects HQC as backup algorithm for post-quantum encryption Last year, NIST standardized a set of encryption algorithms that can keep data secure from a cyberattack by a future quantum computer. Now, NIST has selected a backup algorithm that can provide a second line of defense for the task of general encryption, which safeguards internet traffic and stored data alike. … More →

The post Week in review: NIST selects HQC for post-quantum encryption, 10 classic cybersecurity books appeared first on Help Net Security.

Cybersecurity constantly evolves, but some books have stood the test of time, shaping how professionals think about security, risk, and digital threats. Whether you’re a CISO, a seasoned expert, or cybersecurity enthusiast, these must-reads belong on your shelf. Masters of Deception: The Gang That Ruled Cyberspace Author: Michele Slatalla Set against the backdrop of the 1990 AT&T phone network crash, Masters of Deception chronicles an important moment in hacker history: law enforcement cracked down on … More →

The post Cybersecurity classics: 10 books that shaped the industry appeared first on Help Net Security.

Cloud Security Engineer TUI Group | Portugal | Hybrid – View job details As a Cloud Security Engineer, you will contribute to the implementation of security solutions and will work alongside our Security Operations team to ensure appropriate controls are engineered, addressing the technical requirements of our global business. You will support the implementation and maintenance of identity protection, threat detection, and email security solutions across Microsoft 365 environment. Cybersecurity Architect ExpressVPN | Poland | … More →

The post Cybersecurity jobs available right now in Europe: March 13, 2025 appeared first on Help Net Security.

Cybersecurity is a high-stakes, high-pressure field in which CISOs and their teams constantly battle threats, compliance requirements, and business expectations. The demand for 24/7 vigilance, sophisticated attacks, and a shortage of skilled professionals have led to a burnout epidemic in the industry. For CISOs, this isn’t just a personal issue, it’s a business risk. A burned-out team is less effective, more prone to errors, and more likely to leave, creating knowledge gaps that further strain … More →

The post Burnout in cybersecurity: How CISOs can protect their teams (and themselves) appeared first on Help Net Security.

The post Cybersecurity jobs available right now: March 11,2025 appeared first on Help Net Security.

CISOs face mounting pressure to spend wisely on security. Yet, many organizations remain vulnerable due to misplaced priorities and inefficient budgeting. This article explores common pitfalls and offers strategies to strengthen cybersecurity. Recent data highlights a paradox: while cybersecurity budgets rise, security incidents continue unabated. A survey by the Ponemon Institute revealed a 59% increase in cyber budgets year-over-year, yet 61% of organizations experienced a data breach or cybersecurity incident in the past two years. … More →

The post Smart cybersecurity spending and how CISOs can invest where it matters appeared first on Help Net Security.

The global transition to remote work has reshaped traditional workplace dynamics, introducing challenges and opportunities for cybersecurity teams. For CISOs and security professionals, embracing a remote workforce can be a strategic advantage, enhancing team capabilities and driving the modernization of security practices. Specialized security positions For CISOs struggling to fill highly specialized cybersecurity roles, remote work provides a critical advantage: access to a global talent marketplace where niche expertise is more readily available. Instead of … More →

The post How remote work strengthens cybersecurity teams appeared first on Help Net Security.

The Cybersecurity Trinity provides a comprehensive approach to modern cybersecurity by integrating AI, automation, and active cyber defense (ACD) into a unified strategy. Instead of addressing these elements in isolation, the author demonstrates how they work together to enhance security effectiveness, offering a practical and actionable framework grounded in the NIST Cybersecurity Framework. About the author Donnie Wendt, an adjunct professor of cybersecurity at Utica University, brings over 30 years of hands-on experience in cybersecurity, … More →

The post Review: The Cybersecurity Trinity appeared first on Help Net Security.

Traditional training often lacks the hands-on experience cybersecurity teams need to counter advanced threats. AI-powered gamified simulations combine artificial intelligence with interactive learning to enhance their skills. Conventional cybersecurity training programs frequently rely on static content, which can become outdated. These programs may also lack the engagement necessary to maintain participant interest, leading to suboptimal retention of critical skills. In contrast, gamified simulations introduce dynamic, scenario-based learning environments that mirror real-world cyber threats, fostering more … More →

The post Can AI-powered gamified simulations help cybersecurity teams keep up? appeared first on Help Net Security.

CISO Amplitude | USA | Hybrid – View job details As a CISO, you will develop, implement, and maintain a comprehensive security strategy aligned with Amplitude’s business goals and risk tolerance. Oversee the identification, assessment, and mitigation of security risks across the organization and its product lines. Lead and coordinate investigations into security incidents, ensuring timely resolution and thorough post-incident reviews. Cloud Cyber Security Technical Advisor (GRC) – VP MUFG | USA | On-site – … More →

The post Cybersecurity jobs available right now in the USA: March 6, 2025 appeared first on Help Net Security.

Omega Systems has expanded its cybersecurity offerings with the addition of a new Enterprise Password Management solution to help companies minimize the risk of password-related cyberattacks. Omega’s fully managed password solution is the latest addition to the company’s managed security service portfolio, which is designed to help businesses counter dangerous threat landscape. “Businesses are facing security threats at every turn, but credential theft remains one of the most dangerous and prolific attack vectors for hackers … More →

The post Omega Systems’ Enterprise Password Management solution reduces the risk of cyberattacks appeared first on Help Net Security.

Application Security Engineer Via | Israel | Hybrid – View job details As a Application Security Engineer, you will perform security assessments, including penetration testing, vulnerability scanning, and code reviews, to identify security weaknesses in applications. Define and implement application security testing strategies, including static analysis, dynamic analysis, and software composition analysis. Cloud Security Architect Kinaxis | Canada | Hybrid – View job details As a Cloud Security Architect, you will lead and participate in … More →

The post Cybersecurity jobs available right now: March 4, 2025 appeared first on Help Net Security.

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Kunai: Open-source threat hunting tool for Linux Kunai is an open-source tool that provides deep and precise event monitoring for Linux environments. BadDNS: Open-source tool checks for subdomain takeovers BadDNS is an open-source Python DNS auditing tool designed to detect domain and subdomain takeovers of all types. Misconfig Mapper: Open-source tool to uncover security misconfigurations Misconfig Mapper … More →

The post Hottest cybersecurity open-source tools of the month: February 2025 appeared first on Help Net Security.

The post Cybersecurity jobs available right now in Europe: February 27, 2025 appeared first on Help Net Security.

While cybersecurity pros spend much of their time immersed in technical reports, risk assessments, and policy documents, fiction offers a refreshing perspective on security and hacking. Great cyber-themed novels can teach lessons on human psychology, cyber warfare, and the ethics of technology while also entertaining and thought-provoking. Here are eight fiction books that every cybersecurity leader should consider adding to their reading list. Daemon – Daniel Suarez Why read it? → Explores the potential dangers … More →

The post What cybersecurity pros read for fun appeared first on Help Net Security.

Application Security Engineer Binance | UAE | Remote – View job details As a Application Security Engineer, you will enhance and maintain the security postures of Binance’s affiliates specializing in DeFi and Web3. Serve as the first responder for security issues identified through penetration tests, bug bounty programs, and assessments. Analyze penetration test findings and implement code-level solutions to resolve vulnerabilities. Application Security Engineer TheFork | France | On-site – View job details As an … More →

The post Cybersecurity jobs available right now: February 25, 2025 appeared first on Help Net Security.

Have you ever heard anyone earnestly ask in a business, “Who owns legal?” or “Who sets the financial strategy?” Probably not – it should be obvious, right? Yet, when it comes to cybersecurity, the question of ownership still seems to spark endless debates. That might have been understandable back in the 1990s when key security roles like the CISO were still being ironed out. But these days, it should be a serious red flag. Security … More →

The post Cybersecurity needs a leader, so let’s stop debating and start deciding appeared first on Help Net Security.

In this Help Net Security interview, Chester Wisniewski, Director and Global Field CISO at Sophos, discusses the shifting ransomware landscape, the risks posed by quantum decryption threats, and the role of vendor security validation. Wisniewski notes that cyber resilience is more crucial than mere defense, with AI playing a key role in managing threats, and calls for ongoing improvements, transparency, and proactive measures. With ransomware payments decreasing, some cybercriminals are shifting toward data-centric extortion rather … More →

The post Mastering the cybersecurity tightrope of protection, detection, and response appeared first on Help Net Security.

Compliance & Privacy Specialist McKesson | Remote – View job details As a Compliance & Privacy Specialist, you will identify potential gaps, establish and maintain policies and procedures to guide the business in complying with regulatory requirements, create and deliver workforce education on privacy and data protection standards, establish and enhance auditing and monitoring activities along with corresponding metrics, and investigate potential policy and regulatory infractions within the business. Cybersecurity Analyst Messer | On-site – … More →

The post Cybersecurity jobs available right now in the USA: February 20, 2025 appeared first on Help Net Security.

The cybersecurity startup landscape is at a crossroads. As venture-backed companies strive for successful exits, the bar has risen dramatically, requiring more funding, higher revenue, and faster growth than ever before. In this Help Net Security video, Mark Kraynak, Founding Partner at Acrew Capital, breaks down the Exit Escape Velocity for Cybersecurity Startups report to explore the challenges of IPOs and M&A deals in the post-COVID era.

The post VC-backed cybersecurity startups and the exit crunch appeared first on Help Net Security.

Airport Cybersecurity Engineer II Salt Lake City Corporation | USA | On-site – View job details As an Airport Cybersecurity Engineer II, you will develop and implement policies, procedures, and training plans for security and network administration. Assess and mitigate cybersecurity threats. Manage incident response and recovery plans. Application Security Architect WalkMe | Israel | Hybrid – View job details As an Application Security Architect, you will conduct design and code reviews to ensure secure … More →

The post Cybersecurity jobs available right now: February 18, 2025 appeared first on Help Net Security.

Cybersecurity professionals may be concerned about the constantly shifting threat landscape. From the increased use of artificial intelligence (AI) by malicious actors to the expanding attack surface, cybersecurity risks evolve, and defenders need to mitigate them. Despite a period of cybersecurity budget growth between 2021 and 2022, this growth has slowed in the last few years, meaning that cybersecurity leaders need to carefully consider how their purchases improve their current security and compliance posture. To … More →

The post 6 considerations for 2025 cybersecurity investment decisions appeared first on Help Net Security.

A new report from Gen highlights a sharp rise in online threats, capping off a record-breaking 2024. Between October and December alone, 2.55 billion cyber threats were blocked – an astonishing rate of 321 per second. The risk of encountering a threat climbed to 27.7% in Q4, with social engineering attacks accounting for 86% of all blocked threats. This underscores the increasingly sophisticated psychological tactics cybercriminals are using to deceive victims. “We’re continuing to see … More →

The post Cybercriminals shift focus to social media as attacks reach historic highs appeared first on Help Net Security.

In this Help Net Security interview, Mike Calvi, CISO at Arvest Bank, discusses building a strong cybersecurity culture within the banking sector. He explains how leadership, effective reporting, and proactive engagement with associates are key in strengthening security. Calvi also touches on how banks can measure success and balance accountability while fostering a collaborative environment.

The post Arvest Bank CISO on building a strong cybersecurity culture in banking appeared first on Help Net Security.

Application Offensive Security Consultant Sharp Decisions | USA | On-site – View job details As an Application Offensive Security Consultant, you will perform Offensive Security Testing against applications and APIs. Perform application threat hunting to evaluate risk to applications. Perform manual security testing of applications. Provide the vulnerability information in the predefined report format after performing the testing using manual methodology and tools Automotive Cybersecurity Assessor / Engineer UL Solutions | South Korea | On-site … More →

The post Cybersecurity jobs available right now: February 11, 2025 appeared first on Help Net Security.

Financial institutions will continue to be the ultimate targets for criminals and threat actors, as a successful attack offers a significant payoff, according to Contrast Security. Contrast Security has surveyed 35 of the world’s leading financial institutions to better understand their cyber threat landscape and the extent to which they are — or are not — addressing key threats. 64% of financial institutions said their organization had experienced cybersecurity incidents in the past 12 months. … More →

The post More destructive cyberattacks target financial institutions appeared first on Help Net Security.

Application Security Architect ReversingLabs | Ireland | Remote – View job details As an Application Security Architect, you will conduct security assessments and vulnerability scans of applications, APIs, and other software components. Identify, analyze, and report security vulnerabilities and risks. Develop and implement security controls and countermeasures to mitigate identified risks. Associate, Information Security Santander | USA | On-site – View job details As an Associate, Information Security, you will conduct regular security assessments and … More →

The post Cybersecurity jobs available right now: February 4, 2025 appeared first on Help Net Security.

In this Help Net Security interview, Rob Lee, Chief of Research and Head of Faculty at SANS Institute, discusses what a toxic environment looks like and how professionals can recognize red flags such as high turnover, burnout, and a pervasive fear of mistakes. Addressing these issues early is key to maintaining a healthy and effective team. Can you describe what a “toxic cybersecurity environment” looks like? What are some of the red flags professionals should … More →

The post The hidden dangers of a toxic cybersecurity workplace appeared first on Help Net Security.

Organizations are facing security complexity challenges as they juggle an average of 83 different security solutions from 29 vendors, according to a report by IBM and Palo Alto Networks. It also shows 7 out of 10 surveyed companies with a high degree of security platformization report their cybersecurity investments have helped business outcomes such as operational efficiencies and revenue generation. The rising threat of sophisticated cyberattacks In the study, 52% of surveyed executives note fragmentation … More →

The post Platformization is key to reduce cybersecurity complexity appeared first on Help Net Security.

The number of US data compromises in 2024 (3,158) decreased 1% compared to 2023 (3,202), 44 events away from tying a record for the number of compromises tracked in a year, according to the Identity Theft Resource Center. Data breach notices surge The number of data breach notices issued in the past year (1,728,519,397) increased 312% from 2023 (419,337,446). The increase was primarily due to six “mega-breaches” that resulted in at least 100 million breach … More →

The post Cybersecurity crisis in numbers appeared first on Help Net Security.

Application Security Engineer Bumble | United Kingdom | Hybrid – View job details As an Application Security Engineer, you will design and implement security testing tools within CI/CD pipelines to detect vulnerabilities early without impacting development speed. Conduct risk assessments and threat modelling exercises to identify potential vulnerabilities and prioritise security measures based on impact. Identify and prioritise vulnerabilities, driving remediation efforts and offering mitigation strategies to engineering teams. CISO Global-e | Israel | On-site … More →

The post Cybersecurity jobs available right now: January 28, 2025 appeared first on Help Net Security.

This article showcases free, open-source cybersecurity tools that help you identify and address vulnerabilities, detect intrusion, protect websites from cyber attacks, monitor and detect suspicious activities across your network. Am I Isolated: Open-source container security benchmark Am I Isolated is an open-source container security benchmark that probes users’ runtime environments and tests for container isolation. Argus: Open-source information gathering toolkit Argus is an open-source toolkit that simplifies information gathering and reconnaissance. It features a user-friendly … More →

The post Don’t let these open-source cybersecurity tools slip under your radar appeared first on Help Net Security.

Aviat Networks announced that it has enhanced its Secure Software Development Lifecycle (SSDLC) process and Software Vulnerability Alert (SVA) service designed to strengthen Aviat’s software and firmware development process to comply with latest cybersecurity requirements. With the increasing number of vulnerabilities, threats and attacks, SSDLC and SVA are now seen as essential countermeasures to protect against software security threats for critical communications networks. Aviat’s SSDLC is a structured process to improve cybersecurity for all Aviat … More →

The post Aviat Networks enhances software cybersecurity offering appeared first on Help Net Security.

In this Help Net Security video, Or Salom, Analyst at YL Ventures, discusses the State of the Cyber Nation Report 2024. The report reveals resilience and growth in the Israeli cybersecurity industry, with total investments reaching $4 billion across 89 funding rounds—more than double the $1.89 billion raised in 2023. Key highlights: Record-breaking seed activity: 50 seed rounds in 2024 with total seed funding reaching $400M, demonstrating sustained confidence in early-stage Israeli cybersecurity innovation. Explosive … More →

The post Funding soars in a milestone year for Israeli cybersecurity appeared first on Help Net Security.

This list of ransomware-focused cybersecurity books is tailored for professionals seeking practical insights and deeper knowledge. Covering technical strategies, real-world cases, and the evolving tactics of attackers, these books offer valuable perspectives to help strengthen defenses and refine incident response plans. Ransomware and Cyber Extortion: Response and Prevention Authors: Karen Sprenger, Sherri Davidoff, and Matt Durrin This guide offers value to everyone involved in prevention, response, planning, or policy: CIOs, CISOs, incident responders, investigators, negotiators, … More →

The post Cybersecurity books on ransomware you shouldn’t miss appeared first on Help Net Security.

CISO Sempra Infrastructure | USA | Hybrid – View job details As a CISO, you will develop and implement a robust information security strategy and program that aligns with the organization’s objectives and regulatory requirements. Assess and manage cybersecurity risks across the organization’s digital infrastructure, networks, and sensitive data. Implement risk mitigation strategies and ensure regular risk assessments and audits. Cloud Security Engineer UBX | Philippines | On-site – View job details As a Cloud … More →

The post Cybersecurity jobs available right now: January 21, 2025 appeared first on Help Net Security.

Attacks happen frequently on the security stack or within an enterprise. Often, they’re carried out by some unknown entity on the other side of the globe. You don’t know who you’re dealing with. You don’t know who they are. In this Help Net Security video, Jerry Mancini, NETSCOUT’s Senior Director, Office of the Enterprise CTO, discusses NDR’s role in a modern cybersecurity stack.

The post NDR’s role in a modern cybersecurity stack appeared first on Help Net Security.

The Commission has presented an EU action plan aimed at strengthening the cybersecurity of hospitals and healthcare providers. The initiative is an essential step in shielding the healthcare sector from cyber threats. Digitalization is revolutionizing healthcare, enabling better patient services through innovations such as electronic health records, telemedicine, and AI-driven diagnostics. However, cyberattacks can delay medical procedures, create gridlock in emergency rooms, and disrupt vital services, which, in severe cases, could directly impact the lives … More →

The post EU takes decisive action on healthcare cybersecurity appeared first on Help Net Security.

Ross Young is the CISO in residence at Team8 and the creator of the OWASP Threat and Safeguard Matrix (TaSM). In this interview, he shares his perspective on how cybersecurity professionals can tailor their presentations to the board, aligning security strategies with business priorities. He also discusses common misconceptions that boards have about cybersecurity and offers practical advice on building lasting relationships with executives to ensure cybersecurity stays front and center in ongoing business discussions. … More →

The post How CISOs can elevate cybersecurity in boardroom discussions appeared first on Help Net Security.

IT-Harvest launched HarvestIQ.ai, a platform featuring two AI assistants designed to redefine how professionals navigate the cybersecurity landscape. The Analyst AI provides access to IT-Harvest’s comprehensive database of 4,070 cybersecurity vendors, offering users instant insights into market players, trends, and innovations. Meanwhile, the Architect AI empowers users with tailored guidance on cybersecurity products, leveraging IT-Harvest’s in-depth analysis of over 11,300 products to help organizations make informed decisions about their cybersecurity strategies. “HarvestIQ.ai is a game-changer … More →

The post HarvestIQ.ai provides actionable insights for cybersecurity professionals appeared first on Help Net Security.

Cybersecurity is entering a new era of complexity, according to the World Economic Forum’s Global Cybersecurity Outlook 2025 report. Growing complexity intensifies cyber inequity This complexity arises from the rapid growth of emerging technologies, prevailing geopolitical uncertainty, the evolution of threats, regulatory challenges, vulnerabilities in supply chain interdependencies and the growing cyber skills gap. Growing complexity further intensifies cyber inequity, deepening the divide between developed and emerging economies, expanding sectoral disparities, and widening the gap … More →

The post Cybersecurity is stepping into a new era of complexity appeared first on Help Net Security.

Application Security DevOps engineer Twixor | India | On-site – View job details As an Application Security DevOps engineer, you will implement and oversee application security measures to protect company’s software and infrastructure. Conduct regular security assessments and vulnerability testing. Develop and maintain secure coding practices and standards. Design, implement, and maintain secure CI/CD pipelines. Perform threat modeling and risk assessments. CISO Degroof Petercam | Belgium | Hybrid – View job details As a CISO, … More →

The post Cybersecurity jobs available right now: January 14, 2025 appeared first on Help Net Security.

Welcome to 2025 and a new year of patch excitement! In my December article, I talked about Microsoft’s Secure Future Initiative (SFI) and how it manifested in many of the Microsoft products released in 2024. While this security technology trend will continue in 2025, I believe we will also see some major changes to guidance regarding the security requirements, operations, and other aspects associated with our industry. Before we get into some of those details, … More →

The post January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance appeared first on Help Net Security.

As we look ahead to cybersecurity developments in 2025, there’s bad news and good—expect to see new challenging attacks and the cybersecurity community increasingly working together to counter threats that are beyond the scope of individual organizations.

The post Cybersecurity in 2025: Global conflict, grown-up AI, and the wisdom of the crowd appeared first on Help Net Security.

AI Penetration Tester Microsoft | Canada | Remote – View job details As an AI Penetration Tester, you will discover and exploit vulnerabilities end-to-end in order to assess the security of AI systems. Execute offensive operations on production AI systems using real world adversarial tactics and techniques to identify failures. Develop tools and techniques to scale and accelerate offensive emulation and vulnerability discovery specific for AI systems. Application Security Engineer Emerson | India | Hybrid … More →

The post Cybersecurity jobs available right now: January 8, 2025 appeared first on Help Net Security.

In this Help Net Security interview, Sean Embry, CISO at eBay, discusses key aspects of cybersecurity leadership. He shares insights on balancing long-term strategic planning with immediate threat response, evaluating the ROI of new technologies, and addressing employee cybersecurity fatigue. As a CISO, how do you balance long-term strategic cybersecurity investments with immediate tactical threat response? The most important word here is “balance”, and effective cybersecurity programs need to have a longer-term strategy but be … More →

The post eBay CISO on managing long-term cybersecurity planning and ROI appeared first on Help Net Security.

With the EU’s Digital Operational Resilience Act (DORA) deadline approaching on 17th January, 2025, Europe’s top 100 companies face an urgent cybersecurity challenge, according to SecurityScorecard. A-rated companies safer from breaches The report highlights the role of SecurityScorecard’s A-to-F rating system in delivering actionable insights into cyber resilience. Companies with an A rating were found to be 13.8 times less likely to experience a breach than those with an F rating. Europe’s largest organizations are … More →

The post Only 26% of Europe’s top companies earn a high rating for cybersecurity appeared first on Help Net Security.

This article highlights key findings and trends in healthcare cybersecurity for 2024. From the rising impact of cyberattacks on patient care to the vulnerabilities posed by medical devices and supply chains, these insights provide an overview of the current state of cybersecurity in the healthcare sector. 6 key elements for building a healthcare cybersecurity response plan With 89% of practices already using tools like two-factor authentication (2FA), the importance of integrating robust cybersecurity software cannot … More →

The post Is healthcare cybersecurity in critical condition? appeared first on Help Net Security.

While the majority of employees avoid risky behaviors, a small subset makes them a habit, posing a significant cybersecurity challenge, according to Mimecast. 48% of employees engaged in behaviors that exposed their organizations to cyber risk, with browsing violations being the most common (36% of users). Browsing violations, unlike phishing and malware events, do not directly impact security. However, they can increase the likelihood of encountering malware or online scams. Impersonation phishing widespread across sectors … More →

The post When risky cybersecurity behavior becomes a habit among employees appeared first on Help Net Security.

This article highlights key findings and trends in the 2024 IT and cybersecurity skills gap, from the shortage of cybersecurity talent to the rising demand for certifications and upskilling programs, offering insights into the current state of skills development in the tech industry. Most women in IT work overtime to advance in their careers While 32% of respondents already think that men and women are treated equally in the workplace, 31% of women strongly believe … More →

The post The state of cybersecurity and IT talent shortages appeared first on Help Net Security.

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. SafeLine: Open-source web application firewall (WAF) SafeLine is an open-source and self-hosted Web Application Firewall (WAF) that protects websites from cyber attacks. Trapster Community: Open-source, low-interaction honeypot Trapster Community is an open-source, lightweight, low-interaction honeypot designed for deployment within internal networks. It enhances network security by creating a deceptive layer that monitors and detects suspicious activities. FuzzyAI: … More →

The post Hottest cybersecurity open-source tools of the month: December 2024 appeared first on Help Net Security.

In this Help Net Security interview, Vineet Chaku, President of Reaktr.ai, discusses how AI is transforming cybersecurity, particularly in anomaly detection and threat identification. Chaku talks about the skills cybersecurity professionals need to collaborate with AI systems and address the ethical concerns surrounding deployment.

The post The sixth sense of cybersecurity: How AI spots threats before they strike appeared first on Help Net Security.

Cybercriminals are using a variety of new methods to target organizations across industries. In this article, we examine the most pressing trends and findings from the 2024 surveys on the growing threat of cybercrime. Social engineering scams sweep through financial institutions North American financial institutions fielded 10 times more reports of social engineering scams in 2024 than they did a year ago. Account-opening fraud declined by nearly 60% in the last year, as banks implemented additional controls, … More →

The post Cybercriminals tighten their grip on organizations appeared first on Help Net Security.

Managing cybersecurity and IT budgets is a critical element of organizational strategy. With increasing threats to data security, the rise of ransomware, and the need to protect IT infrastructure, organizations must invest wisely in cybersecurity to stay secure. This article shares key insights from cybersecurity budget surveys conducted in 2024. Despite massive security spending, 44% of CISOs fail to detect breaches Despite global information security spending projected to reach $215 billion in 2024, 44% of … More →

The post Cybersecurity spending trends and their impact on businesses appeared first on Help Net Security.

Application Security DevOps engineer Twixor | India | On-site – View job details As an Application Security DevOps engineer, you will Implement and oversee application security measures to protect company’s software and infrastructure. Conduct regular security assessments and vulnerability testing. Develop and maintain secure coding practices and standards. Design, implement, and maintain secure CI/CD pipelines. Perform threat modeling and risk assessments. Application Security Engineer Webster Bank | USA | On-site – View job details As … More →

The post Cybersecurity jobs available right now: December 24, 2024 appeared first on Help Net Security.

With outdated and inadequately maintained components, along with insecure dependencies, the open-source ecosystem presents numerous risks that could expose organizations to threats. In this article, you will find excerpts from 2024 open-source security reports that can help your organization strengthen its software security practices. 70% of open-source components are poorly or no longer maintained Regardless of geographic origin, the average mid-size application has several disturbing trends leading to critical vulnerabilities. Open-source contributes 2 to 9 times … More →

The post What open source means for cybersecurity appeared first on Help Net Security.

AI changes how organizations look at cybersecurity GenAI is compromising security while promising efficiency This article highlights key findings from 2024 reports on AI and GenAI technologies, focusing on their potential and major challenges. Overreliance on GenAI to develop software compromises security 96% of security and software development professionals report that their companies use GenAI-based solutions for building or delivering applications. Among these respondents, 79% report that all or most of their development teams regularly … More →

The post AI is becoming the weapon of choice for cybercriminals appeared first on Help Net Security.

In this Help Net Security interview, Anjos Nijk, Managing Director of the European Network for Cyber security (ENCS), discusses cybersecurity in the energy sector as it modernizes with renewable sources and smart grid technologies. Nijk also addresses the need for international collaboration, the impact of IoT on security, and the emerging technologies that can enhance the resilience and reliability of critical energy infrastructure. As the energy sector undergoes significant modernization, particularly with the integration of … More →

The post Why cybersecurity is critical to energy modernization appeared first on Help Net Security.

In this Help Net Security interview, Dan Lohrmann, CISO at Presidio, discusses the need for organizations to rethink their leadership and operational strategies and the cybersecurity risks they have to deal with during digital transformation.

The post Leadership skills for managing cybersecurity during digital transformation appeared first on Help Net Security.

Breaches in 2024 had less impact on consumers’ trust in brands compared to the previous year (a 6.5% decrease from 62% in 2023 to 58% in 2024), according to a recent Vercara report. Most consumers also remain unaware of the role they may play in cyber incidents. Consumers don’t trust companies hit by data breaches The research reveals that consumers are unaware of the impact of insider threats, and instead assume bad actors are to … More →

The post Consumers wrongly attribute all data breaches to cybercriminals appeared first on Help Net Security.

CISO ONE Security | Israel | Hybrid – View job details As a CISO, you will be responsible for overseeing information security, cybersecurity, application security, and business continuity strategies. The role involves implementing and managing security measures and collaborating with internal teams to ensure data protection and compliance. Cloud Security Engineer KUBRA | Canada | Hybrid – View job details As a Cloud Security Engineer, you will perform security assessments of KUBRA systems, applications, and … More →

The post Cybersecurity jobs available right now: December 17, 2024 appeared first on Help Net Security.

Platform security – securing the hardware and firmware of PCs, laptops and printers – is often overlooked, weakening cybersecurity posture for years to come, according to HP. The report, based on a global study of 800+ IT and security decision-makers (ITSDMs) and 6000+ work-from-anywhere (WFA) employees, shows that platform security is a growing concern with 81% of ITSDMs agreeing that hardware and firmware security must become a priority to ensure attackers cannot exploit vulnerable devices. … More →

The post Overlooking platform security weakens long-term cybersecurity posture appeared first on Help Net Security.

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes exploited zero-day (CVE-2024-49138) On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s been exploited by attackers in the wild to execute code with higher privileges. Top cybersecurity books for your holiday gift list The holiday season is approaching, and with it, the tradition of gift-giving. For professionals … More →

The post Week in review: Microsoft fixes exploited 0-day, top cybersecurity books for your holiday gift list appeared first on Help Net Security.

Popular US doughnut chain Krispy Kreme has been having trouble with its online ordering system as well as digital payments at their brick-and-mortar shops since late November, and now we finally know why: an 8-K report filed with the US Securities and Exchange Commission (SEC) has revealed that the company has suffered a “cybersecurity incident”. The company was notified about unauthorized activity on a portion of its information technology systems on November 29, 2024, and … More →

The post Krispy Kreme cybersecurity incident disrupts online ordering appeared first on Help Net Security.

In this Help Net Security interview, Phani Dasari, CISO at HGS, discusses key aspects of cybersecurity assessments, including effective tools and methodologies, the role of AI and automation, and strategies for aligning assessments with organizational needs.

The post Strengthening security posture with comprehensive cybersecurity assessments appeared first on Help Net Security.

Cloud Security Engineer Sendbird | USA | Hybrid – View job details As a Cloud Security Engineer, you will work with engineering teams to build secure infrastructure at scale, secure multi-account and multi-cloud infrastructure for Sendbird, own CSPM and cloud security tooling while building automations, embed security tools into the CI/CD system for IaC scanning, identify security gaps and develop solutions, and research and identify new attacks targeting Sendbird’s products. Cyber Network Analyst Cynerio | … More →

The post Cybersecurity jobs available right now: December 10, 2024 appeared first on Help Net Security.

The Department of the Treasury is sanctioning Chinese cybersecurity company Sichuan Silence, and one of its employees, Guan Tianfeng, for their roles in the April 2020 compromise of tens of thousands of firewalls worldwide. Many of the victims were U.S. critical infrastructure companies. The Department of Justice unsealed an indictment on Guan for the same activity. The U.S. Department of State also announced a Rewards for Justice reward offer of up to $10 million for … More →

The post US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks appeared first on Help Net Security.

The holiday season is approaching, and with it, the tradition of gift-giving. For professionals and enthusiasts alike, a well-chosen book can provide both knowledge and inspiration. To help with ideas on what to give, we’ve compiled a list of cybersecurity books to consider. Security Yearbook 2024: A History and Directory of the IT Security Industry Author: Richard Stiennon In the book, you’ll find a comprehensive directory of cybersecurity vendors, updated for 2024, complete with headquarters … More →

The post Top cybersecurity books for your holiday gift list appeared first on Help Net Security.

In this Help Net Security video, Richard Hummel, NETSCOUT’s Director of Threat Intelligence, talks about his journey into cybersecurity and offers insight for those that are interested in pursuing it as a career.

The post What makes for a fulfilled cybersecurity career appeared first on Help Net Security.

High-risk access exists throughout the workplace, in almost every job role, proving that the time has come for organizations to re-think the way they protect their workforce, according to CyberArk. CyberArk surveyed 14,003 employees in the UK, USA, France, Germany, Australia and Singapore to uncover workforce behaviors that security teams are most keen to put a stop to. Employees depend on privileged access to complete daily tasks These days, almost all employees have some kind … More →

The post 65% of office workers bypass cybersecurity to boost productivity appeared first on Help Net Security.

In this Help Net Security interview, Doug Kersten, CISO of Appfire, explains how treating AI like a human can change the way cybersecurity professionals use AI tools. He discusses how this shift encourages a more collaborative approach while acknowledging AI’s limitations. Kersten also discusses the need for strong oversight and accountability to ensure AI aligns with business goals and remains secure. Treating AI like a human can accelerate its development. Could you elaborate on how … More →

The post Treat AI like a human: Redefining cybersecurity appeared first on Help Net Security.

Application Security Engineer TE Connectivity | USA | Remote – View job details As an Application Security Engineer, you will design, develop, and implement a robust Application Security program. Create and maintain application security policies, standards, and procedures. Participate in the incident response process, focusing on application-related security incidents. Investigate and analyze security breaches and provide actionable recommendations to prevent recurrence. Cryptography engineer Leonar | France | On-site – View job details As a Cryptography … More →

The post Cybersecurity jobs available right now: December 3, 2024 appeared first on Help Net Security.

The cyber world needs your expertise. However, the security leaders of tomorrow require a broad set of skills that job experience alone does not arm you with. What do organizations demand? And how can you acquire the technical and soft skills that drive business prosperity? Download the whitepaper to: Overcome cybersecurity challenges putting enterprise success at risk Make a positive and lasting impact Explore the 9 key characteristics of effective leaders in the field Fill … More →

The post Whitepaper: 9 traits of effective cybersecurity leaders of tomorrow appeared first on Help Net Security.

In today’s dynamic threat landscape, security leaders are under constant pressure to make informed choices about which solutions and strategies they employ to protect their organizations. The “MITRE Engenuity ATT&CK Evaluations: Enterprise” stand out as an essential resource for cybersecurity decision makers to navigate this challenge. Unlike other independent assessments, MITRE ATT&CK Evaluations simulate real-world threats to assess how competing cybersecurity vendors detect and respond to real-world threats. As soon as the highly anticipated 2024 MITRE … More →

The post Why cybersecurity leaders trust the MITRE ATT&CK Evaluations appeared first on Help Net Security.

32% of warehouse respondents report that social engineering is one of the most-used entry points in warehouse cyberattacks – tied with software vulnerabilities (32%) and followed by devices (19%), according to Ivanti. Cyberattacks on warehouses threaten supply chain stability As the backbone of the supply chain, a cyberattack on a warehouse can result in major consequences such as significant operational downtime, damage to a company’s reputation and financial losses. Given the vast amount of data … More →

The post Supply chain managers underestimate cybersecurity risks in warehouses appeared first on Help Net Security.

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. ScubaGear ScubaGear is an open-source tool the Cybersecurity and Infrastructure Security Agency (CISA) created to automatically evaluate Microsoft 365 (M365) configurations for potential security gaps. ScubaGear analyzes an organization’s M365 tenant configuration, offering actionable insights and recommendations to help administrators address security gaps and strengthen defenses within their Microsoft 365 environment. Am I Isolated: Open-source container security … More →

The post Hottest cybersecurity open-source tools of the month: November 2024 appeared first on Help Net Security.

Threat actors are using an ingenious new way for covertly delivering malware to a wide variety of operating systems and platforms: they have created a malware loader that uses Godot Engine, an open-source game engine. The loader – dubbed GodLoader – is distributed through the Stargazers Ghost Network, an extensive network of GitHub accounts and repositories that provides malware distribution “as-a-Service”. According to Check Point researchers, over 17,000 machines have been infected with the malicious … More →

The post Cybercriminals used a gaming engine to create undetectable malware loader appeared first on Help Net Security.

Application Security Engineer Agoda | UAE | Hybrid – View job details As an Application Security Engineer, you will develop and design application-level security controls and standards. Perform application security design reviews against new products and services. Track and prioritize all security issues. Build internal security tools that help fix security problems at scale. Perform code review and drive remediation of discovered issues. Enable automated security testing at scale to measure vulnerability, and report on … More →

The post Cybersecurity jobs available right now: November 26, 2024 appeared first on Help Net Security.

In this Help Net Security interview, Alona Geckler, Chief of Staff, SVP of Business Operations at Acronis, shares her insights on the diversity environment in the cybersecurity and IT industries. She discusses the progress made over the past two decades, initiatives to foster inclusivity, and the remaining challenges. Geckler addresses unconscious bias and barriers to career advancement, offering practical strategies for organizations to foster more inclusive environments. How has the industry evolved in terms of … More →

The post Practical strategies to build an inclusive culture in cybersecurity appeared first on Help Net Security.

Commvault announced Clumio Backtrack, a new capability that will enable enterprises to use automation to rapidly revert objects – or pieces of data – stored in Amazon Simple Storage Service (Amazon S3) to a specific version at a specific point and time. This makes it quick and easy for cloud operations, IT, and security teams to recover data from errors, accidents, or cyberattacks, almost as if they were able to turn back the clock to … More →

The post Commvault Clumio Backtrack helps recover data from errors, accidents, or cyberattacks appeared first on Help Net Security.

As we continue to delegate more infrastructure operations to artificial intelligence (AI), quantum computers are advancing towards Q-day (i.e., the day when quantum computers can break current encryption methods). This could compromise the security of digital communications, as well as autonomous control systems that use AI and ML to make decisions. As AI and quantum converge to reveal extraordinary novel technologies, they will also combine to produce new threat vectors and quantum cryptanalysis. AI and … More →

The post AI Kuru, cybersecurity and quantum computing appeared first on Help Net Security.

Ransomware gangs recruit pen testers to improve attack reliability Threat actors employ pen testers to improve ransomware effectiveness Threat actors are recruiting pen testers to test and improve the reliability of their ransomware for affiliate programs, according to Cato Networks. Any good developer knows that software needs to be tested before deploying in production environments. This is also true for ransomware gangs. They want to ensure that their ransomware can be deployed successfully against organizations. … More →

The post Cybercriminals turn to pen testers to test ransomware efficiency appeared first on Help Net Security.

The Computer Emergency Response Team of Ukraine (CERT-UA), part of the State Service of Special Communications and Information Protection (SSSCIP), has joined forces with the simulation training platform Cyber Ranges to unveil TRYZUB, a cyber resilience training and capability development service. TRYZUB primarily protects military, government entities, and critical infrastructure sectors such as energy, healthcare, finance, telecommunications, and education. Its training is designed for military units, law enforcement, government agencies, and operators of essential infrastructure … More →

The post Ukrainian cyberwar experience becomes blueprint for TRYZUB cyber training service appeared first on Help Net Security.

Application Security Engineer ENOC | UAE | On-site – View job details As an Application Security Engineer, you will establish and maintain DLP policies to prevent unauthorized access, transmission, or disclosure of sensitive data, focusing on both on-premises and cloud environments. Design, implement, and manage CASB solutions to control and monitor access to cloud applications and safeguard data across cloud services. Application Security Engineer Intellias | Poland | Remote – View job details As an … More →

The post Cybersecurity jobs available right now: November 20, 2024 appeared first on Help Net Security.

Quantum announces the DXi9200, the latest generation of its flagship DXi9000 Series hybrid (flash + dense disk) data protection appliances, designed for scalable, efficient backup and recovery services for large organizations. With the continuing threat of ransomware attacks, organizations need to take a comprehensive and proactive approach to secure their data and data copies, continuously validate recovery operations, and quickly recover in case of attack. As the industry’s most scalable, feature-rich, and efficient data protection … More →

The post Quantum DXi9200 helps organizations manage and reduce cybersecurity risks appeared first on Help Net Security.

The age-old tension between development and security teams has long been a source of friction in organizations. Developers prioritize speed and efficiency, aiming to deliver features and products quickly with a fast-paced, iterative development cycle and move on efficiently. On the other hand, security teams strive to balance risk and innovation but must focus on protecting sensitive data and systems with guardrails and ensuring compliance with stringent regulations. These contrasting priorities and communication gaps lead … More →

The post Dev + Sec: A collaborative approach to cybersecurity appeared first on Help Net Security.

In this Help Net Security video, Venkat Gopalakrishnan, Principal Data Science Manager at Microsoft, discusses the development of AI-driven risk scoring models tailored for cybersecurity threats, and how AI is revolutionizing risk assessment and management in cybersecurity.

The post Using AI to drive cybersecurity risk scoring systems appeared first on Help Net Security.

Hijacking domains using a ‘Sitting Ducks attack’ remains an underrecognized topic in the cybersecurity community. Few threat researchers are familiar with this attack vector, and knowledge is scarce. However, the prevalence of these attacks and the risk to organizations are significant. Infoblox researchers estimate that over 1 million registered domains could be vulnerable daily. More evidence found on Sitting Ducks Attacks During a Sitting Ducks attack, the malicious actor gains control of a domain by … More →

The post Cybercriminals hijack DNS to build stealth attack networks appeared first on Help Net Security.

Security leaders feel under increasing pressure to provide assurances around cybersecurity, exposing them to greater personal risk – yet many lack the data and resources to accurately report and close cybersecurity gaps, according to Panaseer. The report analyses the findings of a survey of 400 security decision makers (SDMs) across the US and UK. Security leaders turn to indemnity insurance for protection 61% of organizations have suffered a security breach in the past year because … More →

The post How cybersecurity failures are draining business budgets appeared first on Help Net Security.

Google Cloud unveiled its Cybersecurity Forecast for 2025, offering a detailed analysis of the emerging threat landscape and key security trends that organizations worldwide should prepare for. The report delivers insights into the tactics of cyber adversaries, providing advice for increasing security posture in the coming year. The year of AI-driven cyberattacks The report highlights a shift in the cybersecurity landscape: the rise of artificial intelligence (AI) as a double-edged sword. While AI offers new … More →

The post Google Cloud Cybersecurity Forecast 2025: AI, geopolitics, and cybercrime take centre stage appeared first on Help Net Security.

Whether you’re looking to enhance your existing cybersecurity skills or just beginning your journey in the field, cybersecurity offers a wide range of career opportunities. If you’re considering a career shift, exploring new job opportunities, or aiming to upgrade your skill set, take time to learn about the questions to prepare for in your upcoming cybersecurity job interview. Preparing for the job interview Researching the potential employer will enable you to answer questions in ways … More →

The post Tips for a successful cybersecurity job interview appeared first on Help Net Security.

Cloud Security Lead CIÉ – Córas Iompair Éireann | Ireland | Hybrid – View job details As a Cloud Security Lead, you will ensure the security of CIE’s Azure environment by developing and implementing cloud security strategies and policies. You will safeguard cloud-based data and applications, collaborate with IT teams to integrate cloud security measures, and assess and advise on cloud security configurations. Additionally, you will contribute to security-related design and implementation and work closely … More →

The post Cybersecurity jobs available right now: November 12, 2024 appeared first on Help Net Security.

While the goal of cybersecurity regulations is to bring order among organizations and ensure they take security and risks seriously, the growing number of regulations has also introduced a considerable set of challenges that organizations and their leaders must address. Sara Behar, Content Manager at YL Ventures, discusses how recent regulatory actions and high-profile legal incidents involving cybersecurity leaders have influenced CISO reporting. Chris Denbigh-White, CSO at Next DLP, discusses how emerging technologies, such as … More →

The post Ambitious cybersecurity regulations leave companies in compliance chaos appeared first on Help Net Security.

Through their past military service, veterans are trained to think like adversaries, often share that mission-driven spirit and excel when working with a team to achieve a larger goal. They develop and champion the unique traits that cybersecurity companies need in prospective talent. These organizations must take note, as tapping veterans for cybersecurity roles can mutually benefit their business and the individuals they hire. Below, I’ll explain four reasons veterans make excellent cybersecurity company employees. … More →

The post 4 reasons why veterans thrive as cybersecurity professionals appeared first on Help Net Security.

In this Help Net Security video, Chris Gibson, CEO at FIRST, discusses the evolving threat landscape and provides a unique take on where data breaches and cyber attacks will be in 2025.

The post Key cybersecurity predictions for 2025 appeared first on Help Net Security.

In this Help Net Security interview, Julie Madhusoodanan, Head of CyberSecurity at LinkedIn, discusses how closing the gender gap could enhance cybersecurity’s effectiveness in combating emerging threats. With women still underrepresented in cybersecurity roles, she emphasizes how diverse teams bring essential skills and innovative perspectives. Madhusoodanan outlines strategies like inclusive hiring, mentorship, and flexible work policies as essential steps to foster gender balance in the field. What impact would closing the gender gap in cybersecurity … More →

The post The cybersecurity gender gap: How diverse teams improve threat response appeared first on Help Net Security.

Application Security Engineer MassMutual | USA | Hybrid – View job details As an Application Security Engineer, you will conduct in-depth security assessments, including vulnerability scanning, and code reviews. Ensure secure coding practices are followed, and security controls are incorporated into software designs. Conduct detailed threat modeling to identify attack vectors and potential weaknesses. Ensure compliance with security regulations, frameworks, and industry standards such as OWASP. Cybersecurity Engineer, Resilience Electrolux Group | Italy | On-site … More →

The post Cybersecurity jobs available right now: November 5, 2024 appeared first on Help Net Security.

The IRISSCERT Cyber Crime Conference (IRISSCON) returns on November 6th at the Aviva Stadium, where global cybersecurity leaders will explore AI’s revolutionary role in defending against and contributing to cyber threats. As Ireland’s longest-standing cybersecurity conference, IRISSCON 2024 will dive into AI’s impact on how it both enhances security and enables cybercriminals to scale and automate attacks. With generous support from diamond sponsors ESET, Symantec, and BH Consulting, the event will highlight cutting-edge AI strategies … More →

The post IRISSCON 2024 to address AI’s dual impact on cybersecurity appeared first on Help Net Security.

In this Help Net Security interview, Rachel Barouch, an Organizational Coach for VCs and startups and a former VP HR in both a VC and a Cybersecurity startup, discusses the dynamics of cybersecurity researchers and team-building strategies. She highlights that these researchers, often brilliant and introverted, come with distinctive working styles, making it challenging to foster collaboration. However, with the right approach to assessing, managing, retaining and developing them, organizations can unlock their potential and … More →

The post Hiring guide: Key skills for cybersecurity researchers appeared first on Help Net Security.

In this Help Net Security video, James Edgar, CISO at Corpay, reveals insights into cybersecurity health, concerns, challenges, and other considerations for building a solid defense program. Key insights revealed in Corpay’s 2024 State of Business Cybersecurity Report: 67% of respondents blame lack of capital resources for preventing companies from reaching their desired level of cyber protection. 61% of respondents plan to test or implement AI tools for cybersecurity purposes in the next 12 months. … More →

The post Cybersecurity in crisis: Are we ready for what’s coming? appeared first on Help Net Security.

Medical practices remain vulnerable to cyberattacks, with over a third unable to cite a cybersecurity incident response plan, according to Software Advice. This gap exposes healthcare providers to risks of patient data breaches, HIPAA violations, financial penalties, and patient safety concerns. The findings come at a critical time, as the Health Infrastructure Security and Accountability Act seeks to establish minimum cybersecurity standards across the healthcare industry. Software Advice’s survey found that 59% of medical practices … More →

The post 6 key elements for building a healthcare cybersecurity response plan appeared first on Help Net Security.

API Gateway Security Engineer Ness Technologies | Israel | Hybrid – View job details As an API Gateway Security Engineer, you will be responsible for managing and implementing API Gateway solutions with a strong focus on information security. Your responsibilities will include ongoing maintenance of API systems, managing secure permissions and access, monitoring API traffic to identify anomalies, threats, and intrusion attempts, and collaborating with security and infrastructure teams to identify and manage security risks, … More →

The post Cybersecurity jobs available right now: October 29, 2024 appeared first on Help Net Security.

When building a cybersecurity team, you likely asked yourself, “Should I focus on certifications or real-world skills?” And since you rarely encounter entry-level candidates who can hit the ground running, naturally, you’d consider a candidate with both. But that’s not always the best option unless you have the time, money, and patience. One of these factors usually has a priority over the other. Your starting point or a nice-to-have? ISACA’s State of Cybersecurity 2024 Report … More →

The post What’s more important when hiring for cybersecurity roles? appeared first on Help Net Security.

Cybersecurity Engineer Texas Instruments | USA | On-site – View job details As a Cybersecurity Engineer, you will design, implement and maintain cybersecurity controls for security tools to help drive zero trust and secure by design principles across complex environments. Validate and test security configurations and controls to a variety of security (e.g., firewalls, email gateway, WAFs, DLP, endpoint protection, baselines, etc.). Cyber Security Architect – Product Security Honeywell | USA | On-site – View … More →

The post Cybersecurity jobs available right now: October 23, 2024 appeared first on Help Net Security.

In this Help Net Security interview, Dr Kathryn Jones, Head of School, Computer Science and Informatics at Cardiff University, discusses the challenges and misconceptions that deter women from pursuing careers in cybersecurity. Dr Jones also outlines the diverse skills, mentorship, and outreach programs that empower women to thrive in cybersecurity careers. What are some common misconceptions or biases that may deter women from pursuing a career in cybersecurity? One misconception is the stereotype of a … More →

The post Myths holding women back from cybersecurity careers appeared first on Help Net Security.

A recent Todyl report revealed a 558% increase in BEC (Business Email Compromise), AiTM (Adversary-in-the-Middle), and ATO (Account Takeover) attacks in 2024. In this Help Net Security video, David Langlands, Chief Security Officer at Todyl, discusses these evolving cyber threats. Here are the key findings from the report: BEC is evolving as attackers shift from traditional malware to exploiting human error and vulnerable communication channels. Attackers are exploiting gaps in security like the lack of … More →

The post Evolving cybercriminal tactics targeting SMBs appeared first on Help Net Security.

Cyber-physical devices are increasingly getting compromised and leveraged by criminal groups and state-sponsored threat actors. Fyodor Yarochkin, Senior Threat Solution Architect with Trend Micro, believes that getting a better understanding of attackers’ infrastructure leads to a better understanding of the attackers themselves. (The answers have been lightly edited for clarity.) In your talk at Deep Conference next week, you will be talking about cyber-physical devices being compromised and used by cyber criminals and state-sponsored threat … More →

The post The role of compromised cyber-physical devices in modern cyberattacks appeared first on Help Net Security.

Cognizant announced the debut of Cognizant Neuro Cybersecurity, a new addition to Cognizant’s Neuro suite of platforms, designed to amplify cybersecurity resilience by integrating and orchestrating point cybersecurity solutions across the enterprise. Sophisticated threat actors, hybrid workforces, and the complexity of managing multiple security tools all weigh on an enterprise’s ability to manage cybersecurity risks. Traditional siloed technology and operations often lack the ability to deliver the insights that enable rapid decisions to preserve security … More →

The post Cognizant Neuro Cybersecurity enhances threat detection and response appeared first on Help Net Security.

Application Security Engineer Cognism | France | Hybrid – View job details As an Application Security Engineer, you will conduct in-depth security assessments of web applications, identifying vulnerabilities using automated tools (e.g., SAST, DAST) and manual techniques. You will analyze source code for security vulnerabilities, focusing on secure coding practices, and provide feedback to developers on mitigating risks. Additionally, you will work with DevOps teams to integrate security testing tools and processes into CI/CD pipelines, … More →

The post Cybersecurity jobs available right now: October 16, 2024 appeared first on Help Net Security.

We present a list of selected cybersecurity companies that received funding during the third quarter of 2024 (Q3 2024). Apono October | 15.5 million Apono has raised $15.5 million in a Series A funding led by New Era Capital Partners, with participation from Mindset Ventures, Redseed Ventures, Silvertech Ventures, initial seed investors, and more. Chainguard July | $140 million Chainguard has completed a $140 million Series C round of funding led by Redpoint Ventures, Lightspeed … More →

The post Breaking down the numbers: Q3 2024 cybersecurity funding activity recap appeared first on Help Net Security.

AI is becoming recognized for its potential to strengthen cybersecurity measures and tackle the skills gap across various sectors. Its ability to streamline data management processes boosts efficiency and strengthens security protocols. However, the rise of GenAI has raised alarms about the effectiveness of traditional data privacy practices, urging a reevaluation of existing strategies. Aaron Fulkerson, CEO of Opaque, discusses how the weaponization of GenAI has made existing data privacy practices (like masking, anonymization, tokenization, … More →

The post What lies ahead for AI in cybersecurity appeared first on Help Net Security.

Cloud Cybersecurity Analyst III Texas Health and Human Services | USA | Hybrid – View job details As a Cloud CSAIII, you will be responsible for designing, implementing, and managing security solutions for cloud environments. You will ensure that cloud infrastructures are secure, resilient, and compliant with organizational policies and industry regulations. Your role will involve collaborating with various stakeholders to integrate security best practices into cloud solutions, maintaining a robust security posture, and supporting … More →

The post Cybersecurity jobs available right now: October 9, 2024 appeared first on Help Net Security.

American Water, the largest water and wastewater utility company in the US, has shut down some of its systems following a cyberattack. While the company confirmed that none of its water or wastewater facilities or operations have been negatively affected by the attack, they proactively took their customer portal service (MyWater) offline, and their call center “has limited functionality” while portal is offline. What happened? New Jersey-based American Water is a public utility company with … More →

The post American Water shuts down systems after cyberattack appeared first on Help Net Security.

OTAVA introduced the OTAVA S.E.C.U.R.E. Score to help businesses further improve their security posture. The S.E.C.U.R.E. Score is a dynamic metric that assesses vulnerabilities, and makes recommendations on how to close security gaps and minimize risk. The S.E.C.U.R.E. acronym stands for Shrink, Examine, Contain, Undo, Recover, and Evaluate – the incremental steps to understanding areas of vulnerability, and how to protect businesses from evolving and escalating cyber threats. “Businesses continue to face increasing threats of … More →

The post OTAVA S.E.C.U.R.E. Score simplifies cybersecurity strategy for businesses appeared first on Help Net Security.

Off-the-shelf offensive security tools and poorly configured cloud environments create openings in the attack surface, according to Elastic. Adversaries are utilizing off-the-shelf tools Offensive security tools (OSTs), including Cobalt Strike and Metasploit, made up ~54% of observed malware alerts. The most prevalent malware family observed this year was Cobalt Strike, accounting for 27.02% of infections. Cobalt Strike is a very mature commercial post-exploitation framework with an experienced research and development team. It is so effective … More →

The post Cybercriminals capitalize on poorly configured cloud environments appeared first on Help Net Security.

66% of cybersecurity professionals say their role is more stressful now than it was five years ago, according to ISACA. Major contributors to rising stress levels among cybersecurity professionals According to the data, the top reasons for increased stress among cybersecurity professionals are: An increasingly complex threat landscape (81%) Low budget (45%) Worsening hiring/retention challenges (45%) Insufficiently trained staff (45%) Lack of prioritization of cybersecurity risks (34%). In line with this sentiment around challenging threats, … More →

The post Cybersecurity hiring slows, pros’ stress levels rise appeared first on Help Net Security.

Applied Cybersecurity Engineer (Center for Securing the Homeland) MITRE | USA | Hybrid – View job details As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to address business and operational challenges, including those related to technical IT and OT systems as well as military and government operations. You will define requirements, develop … More →

The post Cybersecurity jobs available right now: October 2, 2024 appeared first on Help Net Security.

Safe Security launched SAFE X, a generative AI-powered mobile app for CISOs. SAFE X delivers CISOs real-time business impact insights into their cybersecurity posture, enabling better decision-making and risk prioritization. CISOs often invest millions of dollars in building their cyber stacks, yet they lack critical business impact insights to prioritize and protect their organization effectively. Instead, they are bogged down by a patchwork of manual reports and outdated dashboards that lack business context and offer … More →

The post SAFE X equips CISOs with integrated data from all their existing cybersecurity products appeared first on Help Net Security.

In this Help Net Security interview, Nadir Izrael, CTO at Armis, discusses how AI has transformed cyberwarfare by amplifying attacks’ scale and sophistication. Izrael emphasizes the need for AI-powered defenses and proactive cybersecurity strategies to combat these evolving threats. How has adopting AI transformed the nature of cyberwarfare, and what specific capabilities does it offer to threat actors? AI has transformed the nature of cyberwarfare. Threat actors can amplify the scale and sophistication of attacks … More →

The post Developing an effective cyberwarfare response plan appeared first on Help Net Security.

Active Directory (AD), Microsoft’s on-premises directory service for Windows domain networks, is so widely used for enterprise identity and access management that compromising it has become almost a standard step in cyber intrusions. “Active Directory is susceptible to compromise due to its permissive default settings, its complex relationships, and permissions; support for legacy protocols and a lack of tooling for diagnosing Active Directory security issues,” Five Eyes cybersecurity agencies have clarified in a recently released … More →

The post Active Directory compromise: Cybersecurity agencies provde guidance appeared first on Help Net Security.

CISO Guardz | Israel | Hybrid – View job details As a CISO, you will develop and implement security policies and procedures to enhance the security of the company’s IT environment. Develop, implement, and maintain a comprehensive information security strategy to protect company data, production systems, and networks from threats; ensure compliance with relevant security standards, regulations, and best practices (PCI DSS, SOX, ISO 27001, etc). Cloud Security Architect Nuix | Australia | Hybrid – … More →

The post Cybersecurity jobs available right now: September 25, 2024 appeared first on Help Net Security.

In this Help Net Security interview, Jon France, CISO at ISC2, discusses cybersecurity workforce growth. He outlines organizations’ challenges, such as budget constraints and limited entry-level opportunities. France also points to the urgent need to upskill current employees and adopt inclusive hiring practices to tackle the growing skills gap in the industry. The ISC2 report indicates that the growth of the cybersecurity workforce could be more stable. What are the main reasons behind this slowdown, … More →

The post Future-proofing cybersecurity: Why talent development is key appeared first on Help Net Security.

More often than not, a cyber attack or a cyber incident that results in business disruption will spur organizations to make changes to improve their cybersecurity and cyber resilience – and sometimes that means changing cybersecurity providers. The recent massive worldwide outage caused by a faulty Crowdstrike sensor content update has had a similar effect on many German organizations, a recent report by the German Federal Office for Information Security (BSI) and Germany’s digital association … More →

The post Organizations are changing cybersecurity providers in wake of Crowdstrike outage appeared first on Help Net Security.

In this Help, Net Security interview, Michael Oberlaender, ex-CISO, and book author, discusses how to strike the right balance between security and operational efficiency. Oberlaender advises companies starting their cybersecurity journey and stresses the importance of aligning with various frameworks. He also introduces his latest book, which provides insights into the CISO role and effective cybersecurity leadership. How do you balance the need for security with operational efficiency and flexibility in an organization’s cybersecurity strategy? … More →

The post Striking the balance between cybersecurity and operational efficiency appeared first on Help Net Security.

Application Security Engineer CHANEL | France | On-site – View job details As an Application Security Engineer, you will perform application-focus, offensive, security assessments of existing and upcoming Chanel’s features and products. Enforce smart CI/CD security tooling (SAST, dependencies checker, IAST, RASP). Identify vulnerability in the source code and design of our products. Fix vulnerabilities or support development team on fixing. Maintain and contribute to Chanel’s Secure Development Lifecycle. Contribute to our Red Team / … More →

The post Cybersecurity jobs available right now: September 18, 2024 appeared first on Help Net Security.

The global cybersecurity workforce gap reached a new high with an estimated 4.8 million professionals needed to effectively secure organizations, a 19% year-on-year increase, according to ISC2. Despite the growing need for professionals, global workforce growth has slowed for the first time since ISC2 began estimating the workforce size six years ago, holding at an estimated 5.5 million people (a 0.1% year-on-year increase). This contrasts with last year, when the workforce grew 8.7% year-on-year despite … More →

The post The cybersecurity workforce of the future requires diverse hiring practices appeared first on Help Net Security.

Concerns about the trustworthiness of internal data exist in nearly all organizations globally, according to TeamViewer. 99% of business leaders pointed to factors undermining trust in internal data, citing multiple versions of the truth (38%), conflicting data management practices (32%) and too many instances of poor hardware reliability (31%) as top reasons for mistrust. Organizations face technology connectivity gaps Interestingly this mistrust of internal data varies across company size. It is more likely to be … More →

The post Internal disconnects vs. cybersecurity: How connectivity shapes challenges appeared first on Help Net Security.

In this Help Net Security, Erica Banks, VP and a leader in Booz Allen’s civilian services business, discusses the Federal Cybersecurity Strategy’s role in safeguarding national assets. Banks outlines key areas for improvement, including funding, talent retention, and leveraging AI for enhanced cyber defense. The Federal Cybersecurity Strategy is a crucial part of protecting national assets. How effective do you think the current strategy is in mitigating cyber threats, and what areas need more attention … More →

The post Top priorities for federal cybersecurity: Infrastructure, zero trust, and AI-driven defense appeared first on Help Net Security.

AI has become a key player in protecting valuable organizational insights from threats. Thanks to AI-enabled data protection practices such as behavior monitoring, enterprises no longer have to be reactive to a cyberattack but can be proactive before a potential threat arises. In this Help Net Security video, Andrew Riddell, Principal Cybersecurity Architect, Logicalis US, explains the benefits and best practices of leveraging AI for cybersecurity.

The post Benefits and best practices of leveraging AI for cybersecurity appeared first on Help Net Security.

The UK National Crime Agency has arrested and detained a suspect – a 17-year-old male in Walsall (West Midlands) – on suspicion of Computer Misuse Act offences in relation to the Transport for London (TfL) cyberattack, the agency has announced today. Also today, TfL has provided some insight into what their investigation has discovered, namely, that the attack was fist noticed on September 1 (Sunday), and that some customer data has been accessed – though … More →

The post Suspect arrested over the Transport for London cyberattack appeared first on Help Net Security.

Healthcare institutions are custodians of vast repositories of sensitive patient data, encompassing comprehensive health histories, insurance profiles, and billing data. The ramifications of a data breach often extend far beyond the immediate task of patching the vulnerabilities and notifying the affected parties. Often, the less visible costs of these incidents can be equally, if not more, devastating to healthcare providers and the patients they serve. The aftermath of a cyberattack can reverberate for months, impacting … More →

The post Cybersecurity is a fundamental component of patient care and safety appeared first on Help Net Security.

ACISO HTX | Singapore | Hybrid – View job details As an ACISO, you will formulate Agency ICT security strategy and work plan, alignment to MHA and HTX’s IT & Cybersecurity strategic directions. Evaluate existing IT environment against MHA and HTX’s IT & Cybersecurity strategic directions. Ensure security governance, compliance by implementing cyber security risk assessment and risk acceptance at appropriate Agency stakeholders. Review, endorse, develop risk management and mitigation plans. Audit / Risk / … More →

The post Cybersecurity jobs available right now: September 11, 2024 appeared first on Help Net Security.

Open-source cybersecurity tools provide transparency and flexibility, allowing users to examine and customize the source code to fit specific security needs. These tools make cybersecurity accessible to a broader range of organizations and individuals. In this article, you will find a list of 33 open-source cybersecurity tools for Linux, Windows, and macOS that you should consider to enhance protection and stay ahead of potential threats. Authentik: Open-source identity provider Authentik is an open-source identity provider … More →

The post 33 open-source cybersecurity solutions you didn’t know you needed appeared first on Help Net Security.

Cybercriminals are beginning to take advantage of the new malicious options that large language models (LLMs) offer them. LLMs make it possible to upload documents with hidden instructions that are executed by connected system components. This is a boon to cybercriminals and, thus, a substantive risk to the enterprises using them. LLMs can be tricked in many ways. Cybercriminals can input malicious prompts that trick the LLM into overriding its guardrails (i.e., generating harmful outputs), … More →

The post AI cybersecurity needs to be as multi-layered as the system it’s protecting appeared first on Help Net Security.

Organizations’ preparedness and resilience against threats isn’t keeping pace with cybercriminals’ advancements. Some CEOs still believe that cybersecurity requires episodic intervention rather than ongoing attention. That isn’t the reality for many companies; cyber threat preparedness requires a concerted training effort, so cybersecurity teams are ready when an attack occurs. Cybersecurity practitioners often share curiosity as a key personality trait, and many enjoy hands-on learning approaches. This naturally makes gamified experiences like competitions and capture-the-flags a … More →

The post How to gamify cybersecurity preparedness appeared first on Help Net Security.

The automotive industry is facing many of the same cybersecurity risks and threats that successful organizations in other sectors are up against, but it’s also battling some distinct ones. In this Help Net Security interview, Josh Smith, Principal Threat Analyst at Nuspire – a managed security services provider that has deep roots in the automotive sector and protects clients like GM and Subaru – talks about the present risks and threats and opines on the … More →

The post The future of automotive cybersecurity: Treating vehicles as endpoints appeared first on Help Net Security.

Cyber Systems Operations United States Air Force | USA | On-site – View job details The United States Air Force is looking for a Cyber Systems Operations Specialist to design, install, and support systems to ensure they operate properly and remain secure from outside intrusion. Cloud Security Service Manager SAP Fioneer | Germany | Remote – View job details You will be responsible for driving continuous improvement of security standards and system hardening, supporting audits … More →

The post Cybersecurity jobs available right now: September 4, 2024 appeared first on Help Net Security.

With cyber threats becoming increasingly sophisticated and targeting critical infrastructure, in this Help Net Security interview, David Ferbrache, managing director of Beyond Blue, discusses the current state of cybersecurity readiness and resilience. Ferbrache talks about the complexities of managing both traditional and digital infrastructures, the critical role of regulatory bodies, the urgent need for public and private sector collaboration to counteract these threats, and much more. With the increasing sophistication of cyber threats targeting national … More →

The post Protecting national interests: Balancing cybersecurity and operational realities appeared first on Help Net Security.

Forescout’s 2024H1 Threat Review is a new report that reviews the current state of vulnerabilities, threat actors, and ransomware attacks in the first half of 2024 and compares them to H1 2023. “Attackers are looking for any weak point to breach IT, IoT, and OT devices, and organizations that don’t know what they have connected to their networks or if it’s secured are being caught flat-footed,” said Barry Mainz, Forescout CEO. “To mitigate these extensive … More →

The post A macro look at the most pressing cybersecurity risks appeared first on Help Net Security.

Accenture and Google Cloud announced that their strategic alliance is advancing solutions for enterprise clients and seeing strong momentum across industries in two critical and related areas: GenAI and cybersecurity. As part of the announcement today, the two companies are increasing their investments in services that support businesses through every stage of their GenAI projects, including providing the expertise to determine optimal use cases, piloting projects for strategic innovation and deploying the engineering prowess needed … More →

The post Accenture expands partnership with Google Cloud to boost AI adoption and cybersecurity appeared first on Help Net Security.

Business Information Security Officer Toyota North America | USA | On-site – View job details Acting as an Information Security ambassador to the business, this role works with technology, data, risk, business, and the larger TFS Information Security team to provide relationship-based security services to the business, promote secure designs, and manage the execution of security testing and remediation. Cyber Security Consultant WithSecure | UK | On-site – View job details The ideal candidate will … More →

The post Cybersecurity jobs available right now: August 28, 2024 appeared first on Help Net Security.

Cybercriminals are capitalizing on the travel and hospitality industry’s peak season, using increased traffic as cover for their attacks, according to Cequence Security. Researchers investigated the top 10 travel and hospitality sites to identify externally visible edge, cloud infrastructure, application stack, API hosts, and security vulnerabilities. Threat researchers observed a consistent pattern across industries: increased website traffic during peak seasons, like the travel and hospitality industry’s vacation and holiday periods, coincides with a surge in … More →

The post Cybercriminals capitalize on travel industry’s peak season appeared first on Help Net Security.

Diligent launched its Network and Information Security Directive (NIS2) Compliance Toolkit, designed to help organizations navigate the complexities of the European Union (EU) NIS2 Directive and bolster their cybersecurity resilience. The toolkit maps cybersecurity risk management obligations mandated by NIS2 against Cyber Risk Management Group’s (CRMG) leading controls library, which is based on international standards and best practices. This helps organizations demonstrate a clear commitment to NIS2 compliance requirements to drive trust with customers, partners, … More →

The post Diligent NIS2 Compliance Toolkit helps organizations bolster their cybersecurity resilience appeared first on Help Net Security.

RSA announced new passwordless, phishing-resistant capabilities that meet stringent technical standards and can help public sector agencies, contractors, and systems integrators fulfill Executive Order 14028 and National Security Memo 8 to improve the nation’s cybersecurity. The RSA Authenticator App is FIDO2-certified and now supports device-bound passkeys that comply with the strictest federal cybersecurity regulations. Part of RSA ID Plus, an identity and access management (IAM) platform built on NIST principles, RSA can provide the authentication … More →

The post RSA Authenticator App improves cybersecurity for federal agencies appeared first on Help Net Security.

Associate Cybersecurity Operations Officer UNICC | USA | On-site – View job details The Center aims to provide trusted ICT services and digital business solutions. You will work under the direct supervision and guidance of the Head of Cybersecurity Operations within the Cybersecurity Division and in close collaboration with the CSO teams. Cybersecurity Engineer, Compliance Electrolux | Italy | Hybrid – View job details You’ll leverage your expertise to guide digital product teams and facilitate … More →

The post Cybersecurity jobs available right now: August 21, 2024 appeared first on Help Net Security.

American semiconductor manufacturer Microchip Technology Incorporated has had some of its business operations disrupted by a cyberattack. “As a result of the incident, certain of the Company’s manufacturing facilities are operating at less than normal levels, and the Company’s ability to fulfill orders is currently impacted,” the company revealed in a SEC filing on Tuesday. What is known about the cyberattack? Microchip Technology detected potentially suspicious activity involving its IT systems on August 17, 2024. … More →

The post Microchip Technology manufacturing facilities impacted by cyberattack appeared first on Help Net Security.

Threat actors use popular file-hosting or e-signature solutions as a disguise to manipulate their targets into revealing private information or downloading malware, according to Abnormal Security. A file-sharing phishing attack is a unique type of phishing threat in which a cybercriminal poses as a known colleague or familiar file-hosting or e-signature solution and sends a target a malicious email containing a link to what appears to be a shared file or document. Should the recipient … More →

The post Cybercriminals exploit file sharing services to advance phishing attacks appeared first on Help Net Security.

Culture is a catalyst for security success. It can significantly reduce cybersecurity risks and boost cybersecurity resilience of any organization. Culture can also greatly enhance the perceived value, relevance and reputation of the cybersecurity function. So how can security leaders develop a positive brand and culture for cybersecurity? Listed below are some recommendations and best practices: 1. Understand the prevailing culture and context To understand why the workforce behaves in a certain way about technology … More →

The post Strategies for security leaders: Building a positive cybersecurity culture appeared first on Help Net Security.

Cyber attacks against higher education institutions increased by 70% in 2023. This is largely due to legacy endpoint security management and practices, limited IT support staff, and overwhelming amounts of data, much of which is PII (personally identifiable information). In this Help Net Security video, Doug Thompson, Chief Education Architect at Tanium, discusses how higher education institutions can defend against even the most sophisticated threats/vulnerabilities despite limited resources. Institutions must approach endpoint security management with … More →

The post Protecting academic assets: How higher education can enhance cybersecurity appeared first on Help Net Security.

Effectively converging, managing and using enterprise data is a huge undertaking. Enterprises have vast hoards of data, but those hoards exist within siloed systems and applications, and it requires a lot of manual effort by highly skilled data scientists, engineers and analysts to extract value from all that data. Data preparation is a rudimentary and necessary task, but it prevents engineers from focusing their time on the high-value tasks like identifying security gaps or storytelling … More →

The post To improve your cybersecurity posture, focus on the data appeared first on Help Net Security.

Cyber threats continued to intensify in the first half of 2024 as cybercriminals exploited security gaps from growing business and technological consolidation, according to Resilience. Consolidation in business and tech fuels new third-party risks Rebounding merger and acquisition (M&A) activity and increasing technology consolidation—in which industries rely on single suppliers for critical platform services—both created a staggering number of potential new points of failure for hackers to exploit. Global M&A deal volume increased 36% in … More →

The post Business and tech consolidation opens doors for cybercriminals appeared first on Help Net Security.

In this Help Net Security video, Frederic Najman, Executive Member of the SFPN (French Union of NoCode Professionals), discusses how NoCode and LowCode technologies enable companies to free up development resources to tackle cybersecurity issues. In a context where three-quarters of CISOs report that their organization has faced an application security incident in the past two years, NoCode and LowCode tools offer new options to free up resources and find solutions to minimize risk.

The post How NoCode and LowCode free up resources for cybersecurity appeared first on Help Net Security.

Cloud Security Specialist EPAM Systems | Chile | Remote – View job details As a Cloud Security Specialist, you will be responsible for creating and maintaining security policies and assisting in the implementation and automation of security solutions within cloud environments. Assist in CSPM tool testing and scoring and CSPM strategic tool implementation. Create and maintain Logic Apps for automation of responses and tickets and create KPI reporting. upport GIS Engineering initiatives. Cloud Security Specialist … More →

The post Cybersecurity jobs available right now: August 14, 2024 appeared first on Help Net Security.

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: August 2024 Patch Tuesday forecast: Looking for a calm August release August 2024 July ended up being more ‘exciting’ than many of us wanted; we’re supposed to be in the height of summer vacation season. First, we had a large set of updates on Patch Tuesday, then we had to work through the CrowdStrike event, and finally many of us … More →

The post Week in review: Tips for starting your cybersecurity career, Patch Tuesday forecast appeared first on Help Net Security.

The Network and Information Security (NIS) 2 Directive is possibly one of the most significant pieces of cybersecurity regulation to ever hit Europe. The 27 EU Member States have until 17 October 2024 to adopt and publish the standards necessary to comply with NIS2, which brings increased requirements to strengthen security conditions and report more regularly, with shorter deadlines, on cyber-attacks. The scope of the NIS2 directive has been dramatically broadened: in some countries, the … More →

The post NIS2: A catalyst for cybersecurity innovation or just another box-ticking exercise? appeared first on Help Net Security.

The sophistication of cyber threats has escalated dramatically, with malicious actors’ deploying advanced tactics, techniques, and procedures (TTPs) to exploit vulnerabilities and evade detection, according to Darktrace. Subscription-based tools such as Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) have also lowered the barrier-to-entry for less experienced attackers, making it easier to carry out complex, multistage attacks. “The threat landscape continues to evolve, but new threats often build upon old foundations rather than replacing them. While we have … More →

The post Malware-as-a-Service and Ransomware-as-a-Service lower barriers for cybercriminals appeared first on Help Net Security.

As businesses strive to protect their data and privacy, the demand for skilled cybersecurity professionals continues to grow. This article provides expert advice to help you navigate the early stages of your cybersecurity career, offering practical tips and insights. Brian Honan, CEO at BH Consulting When advising people at the start of their cybersecurity careers, I recommend that they focus on human networking. I strongly recommend that people get involved in the cybersecurity community/industry. This … More →

The post How to start your cybersecurity career: Expert tips and guidance appeared first on Help Net Security.

In this Help Net Security video, Beth Miller, Field CISO at Code42, highlights a significant trend: 73% of life sciences companies turn to AI to address the cybersecurity skills gap, surpassing adoption rates in other industries. Underresourced security teams face increasing insider-driven data loss events, exacerbated by emerging technologies like AI and GenAI. Leaked trade secrets or critical intellectual property – research data, customer lists, pricing decks, formulary plans, clinical trial data, and source code … More →

The post How life sciences companies use AI to fill the cybersecurity skills gap appeared first on Help Net Security.

Security operation centers (SOCs) need to be better equipped to manage the sheer scale of data to monitor and the increasing sophistication of threats. SOC analysts face a daunting task: sifting through thousands of alerts every day – most of which are false positives – while swiftly identifying and mitigating genuine threats. Many organizations have turned to AI to alleviate their SOC analysts’ load, but some cybersecurity workers fear that there may come a time … More →

The post The role of AI in cybersecurity operations appeared first on Help Net Security.

IBM generative AI capabilities to its managed Threat Detection and Response Services utilized by IBM Consulting analysts to advance and streamline security operations for clients. Built on IBM’s watsonx data and AI platform, the new IBM Consulting Cybersecurity Assistant is designed to accelerate and improve the identification, investigation and response to critical security threats. In addition to being included in IBM Consulting’s threat detection and response practice, the Cybersecurity Assistant will be part of IBM … More →

The post IBM Consulting Cybersecurity Assistant helps clients accelerate alert investigation appeared first on Help Net Security.

Cloud Security Architect Precisely | United Kingdom | Remote – View job details As a Cloud Security Architect, you will be responsible for the design and architecture of Precisely’s cloud security posture. Determine security requirements by evaluating business and product strategies, researching cloud security standards and new technologies, conducting system security and vulnerability analyses and performing risk assessments. Cybersecurity Engineer Electrolux Group | Italy | On-site – View job details As a Cybersecurity Engineer, you … More →

The post Cybersecurity jobs available right now: July 31, 2024 appeared first on Help Net Security.

This article includes excerpts from recent reports we covered, providing statistics and insights into the levels of stress and burnout experienced by cybersecurity professionals. Most cybersecurity pros took time off due to mental health issues Hack The Box | Building a firewall against cybersecurity burnout | June 2024 74% of cybersecurity professionals globally say that they have taken time off due to work-related mental well-being problems, with staff reporting taking an average of 3.4 sick … More →

The post The cost of cybersecurity burnout: Impact on performance and well-being appeared first on Help Net Security.

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update By now, most people are aware of – or have been personally affected by – the largest IT outage the world have ever witnessed, courtesy of a defective update for Crowdstrike Falcon Sensors that threw Windows hosts into a blue-screen-of-death (BSOD) loop. Vulnerability in Telegram app for … More →

The post Week in review: CrowdStrike-triggered outage insights, recovery, and measuring cybersecurity ROI appeared first on Help Net Security.

As AI-generated deepfake attacks and identity fraud become more prevalent, companies are developing response plans to address these threats, according to GetApp. In fact, 73% of US respondents report that their organization has developed a deepfake response plan. This concern stems from the growing sophistication of AI-driven impersonation attacks that can undermine traditional security measures like biometric authentication, which were previously considered highly secure but are now being called into question. Companies are developing deepfake … More →

The post AI-generated deepfake attacks force companies to reassess cybersecurity appeared first on Help Net Security.

Applied Cryptographer Quantstamp | EMEA | Remote – View job details As an Applied Cryptographer, you will research about various cryptographic protocols and have knowledge of cryptographic primitives or concepts, like elliptic curve cryptography, hash functions, and PCPs. You should have experience with at least one major language, like Rust, Python, Java, or C; the exact language is not too important. You should be familiar with versioning software (specifically, GitHub), testing, and a familiarity with … More →

The post Cybersecurity jobs available right now: July 24, 2024 appeared first on Help Net Security.

In this Help Net Security interview, Karthik Swarnam, Chief Security and Trust Officer at ArmorCode, discusses key metrics and KPIs to measure cybersecurity ROI. Swarnam shares strategies for enhancing ROI through proactive measures and effective communication with executive leadership. What are the primary metrics and KPIs used to measure the ROI of cybersecurity investments? Today, cybersecurity investments are evaluated not just for cost avoidance but for a much broader range of benefits. These metrics include: … More →

The post Cybersecurity ROI: Top metrics and KPIs appeared first on Help Net Security.

Microsoft is suffering cybersecurity failures due to systemic problems with strategic leadership. The world is witnessing an alarming trend of cybersecurity issues with Microsoft products and services. Over the past several years, Microsoft has suffered several serious attacks with cloud and email environments being compromised. In some cases, customers were kept in the dark, giving attackers additional time to exploit victims and entrench themselves deeper to the detriment of those affected. Microsoft ignored foundational aspects … More →

The post Microsoft’s cybersecurity dilemma: An open letter to Satya Nadella appeared first on Help Net Security.

In this Help Net Security interview, Koma Gandy, VP of Leadership and Business at Skillsoft, addresses the critical aspects of the cybersecurity skills gap, the need for diverse talent and continuous upskilling in areas like AI and cloud computing. Gandy advocates training that combines technical expertise with essential power skills to meet evolving industry demands and secure future career opportunities in cybersecurity. What are the primary factors contributing to the cybersecurity skills gap? Are there … More →

The post Exploring the root causes of the cybersecurity skills gap appeared first on Help Net Security.

CISO Atera | Israel | On-site – View job details The CISO will oversee our company’s information, cyber, and technology security and will have end to end full responsibility developing, implementing, and enforcing security policies, procedures, and protocols to protect critical data. Cyber Defense Specialist Explora Journeys | Italy | On-site – View job details As a Cyber Defense Specialist, you will operate and optimize security tooling/products, including security email gateway, firewall, IDS/IPS, web security … More →

The post Cybersecurity jobs available right now: July 3, 2024 appeared first on Help Net Security.

Most companies do not know how effectively they are investing money to fight the cybersecurity threat, according to Optiv. Cybersecurity budgets are increasing and cyber incidents are rampant, and yet only a small percentage of respondents have a formal approach to determining cybersecurity budgets, which can lead to inefficiencies and missed opportunities to address critical security gaps. Lack of formal approach to cybersecurity budgets Based on an independent Ponemon Institute survey, the report reveals a … More →

The post Companies spend more on cybersecurity but struggle to track expenses appeared first on Help Net Security.

The University Hospital Centre Zagreb (KBC Zagreb) is under cyberattack that started on Wednesday night, the Croatian Radiotelevision has reported. Because of the attack, the hospital has shut down its information system and will be switching parts of it online once they are sure it’s safe to do so. All services are working, but the processing of patients is slower than usual, Milivoj Novak, Assistant Director at the hospital, has said in a press conference. … More →

The post Largest Croatian hospital under cyberattack appeared first on Help Net Security.

CISO Influx | Indonesia | Remote – View job details As a CISO, you will be responsible for protecting Influx from information security risks through the development, implementation, and maintenance of our security program (policies, procedures, and standards). Cloud Security Engineer Atom | United Kingdom | Remote – View job details As a Cloud Security Engineer, you’ll design, develop and deliver the security model of Atom bank’s cloud environment ensuring that infrastructure, applications, and processes … More →

The post Cybersecurity jobs available right now: June 26, 2024 appeared first on Help Net Security.

In this Help Net Security interview, Kunal Modasiya, VP of Product Management and Growth at Qualys, explores the key features, significant advantages, and innovative technologies behind Qualys CyberSecurity Asset Management 3.0. Can you explain the key features of Qualys CyberSecurity Asset Management 3.0 and how it differs from previous versions? The modern attack surface continues to evolve, and it is becoming untenable for organizations today to rely on siloed point solutions for narrow asset discovery … More →

The post CISOs’ new ally: Qualys CyberSecurity Asset Management 3.0 appeared first on Help Net Security.

We present a list of selected cybersecurity companies that received funding during the second quarter of 2024 (Q2 2024). Alethea April | $20 million Alethea closed a $20 million Series B funding round led by GV, with participation from Ballistic Ventures, who led Alethea’s Series A funding in 2022. Also participating in the round is Hakluyt Capital, which invests alongside leading venture capital funds, targeting companies with high growth potential and international ambitions. BforeAI April … More →

The post Breaking down the numbers: Q2 2024 cybersecurity funding activity recap appeared first on Help Net Security.