With signs pointing to a global economic downturn, cybersecurity organizations are already thinking about managing budgets and doing more than less. Four CISOs share a wide range of belt-tightening tips, from putting the squeeze on your vendors and suppliers to training and hiring from within.
How effective are your cybersecurity awareness programs—and do your employees agree?
This central question was the cornerstone of this research project which assessed the efficacy of cybersecurity
awareness programs from both perspectives—the security professional
and the non-security employee.
Nation-state attackers are not just looking for major vulnerabilities to gain control of the enterprise. They are exploiting minor flaws to gain access and increase the severity of their attacks, says Matanda Doss, executive director of cybersecurity and technology controls at JPMorgan Chase.
Vista Equity Partners' specialization in enterprise software and bench of subject-matter experts should help KnowBe4 reach $1 billion in ARR, says CEO Stu Sjouwerman. The processes and tech stack that got KnowBe4 to $300 million in ARR today aren't necessarily what'll get the firm to $1 billion.
Hack The Box has completed a Series B funding round to add more cloud security and a gamification approach to its cybersecurity training platform. The Kent, England-based startup was founded in 2017 to provide pen testers and red teamers with a way to test their offensive security skills.
Vista Equity Partners and KnowBe4 have struck a deal to take the security awareness giant private for $4.6 billion in this week's second massive security acquisition. The agreement comes after the Austin, Texas-based investment firm upped its offer by $380 million, or nearly 4%, to $24.90 per share.
Vista Equity Partners has joined Thoma Bravo in the take-private cybersecurity spree, offering to buy security awareness training behemoth KnowBe4 at a $4.22 billion valuation. KnowBe4 says it has received a nonbinding offer from Vista of $24 per share for the shares not currently owned by Vista.
Evolving social engineering campaigns - including a significant rise in vishing attacks - continue to pose significant data security threats to healthcare and public sector entities, federal authorities warn, urging entities to take steps to avoid falling victim.
A well-managed multi-cloud strategy "is a sensible approach" because it allows organizations to move different workloads between providers, but it gets a "bit more complicated when you start thinking about workload portability," says Lee Newcombe, security director, Capgemini U.K.
Huntress has made the largest acquisition in its eight-year history, buying Curricula to boost user education. Huntress evaluated seven companies with security training tools and chose Curricula for its ease of use, manageability for smaller customers and enjoyable online learning experience.
The latest edition of the ISMG Security Report analyzes why the number of ransomware attacks and the amounts being paid in ransoms are both on the rise. It also discusses today's cyberthreat landscape and whether organizations should rely on user training to improve security.
Raising user awareness is too often incorrectly considered to be a panacea for faulty information security programs. "It can drive risk reduction, but it is not the primary driver of risk reduction," says Adam Wedgbury, head of enterprise security architecture at Airbus.
Beyond advising the seniormost levels of the business in the strategic use of technology, the need to recruit new cybersecurity professionals often also tops the list of tasks facing today's security leaders, says Rob Hornbuckle, CISO of Allegiant Air.
Emerging cybersecurity guidance from the U.S. Securities and Exchange Commission is helping to make boards of directors more informed and more eager to discuss cyber risks and how to mitigate them, says John McClure, CISO of Sinclair Broadcast Group.