Cyber leaders are embracing generative AI and product suites, while ditching siloed tools. Plus, check out a guide packed with anti-phishing tips, and another one full of IAM security best practices. Also, discover the skills that cybersecurity recruiters value the most. And much more!
Dive into six things that are top of mind for the week ending October 20.
In: Defensive generative AI technology and integrated cybersecurity suites. Out: Tool sprawl from individual security products that don’t play well together.
That's one of many findings from the “2024 Global Digital Trust Insights” report from PwC, which surveyed 3,800 C-level business, technology and security executives from 71 countries and across a variety of industries.
In a clear trend towards consolidation of cyber toolsets, 44% of respondents reported using an integrated suite of security products, while 39% plan to adopt one in the next two years.
Meanwhile, the report found that while organizations worry about hackers using generative AI to boost their attacks, they’re also excited about leveraging this technology to strengthen their cybersecurity capabilities.
Specifically, almost 70% said they’ll use generative AI for cyber defense in the next 12 months, while 47% are already using it for cyber risk detection and mitigation. One fifth of respondents report already reaping benefits from their use of generative AI for cybersecurity.
To get more details:
For more information about the impact of generative AI on cybersecurity:
To dive deeper into the value of integrated cybersecurity platforms:
Looking for a primer on how to protect your organization from phishing attacks? Check out the guide “Phishing Guidance: Stopping the Attack Cycle at Phase One”, published this week by CISA, the NSA and the FBI. The 14-page document groups its recommendations under two main attack categories: theft of login credentials and malware deployment.
Here’s a sampling of the best practices discussed:
To get more details, check out:
Identity and access management (IAM) is the cybersecurity skill that hiring managers look for the most, closely followed by cloud computing.
That’s according to ISACA’s “State of Cybersecurity 2023, Global Update on Workforce Efforts, Resources and Cyberoperations,” report, which surveyed 2,100 security leaders globally.
Data protection, incident response and DevSecOps rounded out the list of the top five tech skills that recruiters seek when filling cybersecurity jobs.
Regarding soft skills, communication ranks first, followed by critical thinking, problem solving, teamwork and attention to detail.
And speaking of soft skills, it’s the area with the biggest gap among cybersecurity pros, followed by cloud computing, security controls, coding skills and software development.
Other interesting findings include:
To get more details, download the report and check out these ISACA resources:
Entering a password manually without any other form of authentication remains the most common method for logging into online accounts, although it’s considered the least secure.
That’s a key finding from the “Online Authentication Barometer” report, released this week by the FIDO Alliance, a tech industry consortium that promotes alternative login technologies and authentication standards.
Now in its fourth year, the report is based on a survey of 10,000 consumers in Australia, China, France, Germany, India, Japan, Singapore, South Korea, the U.K. and the U.S.
Other important findings include:
It’s promising that respondents are increasingly interested in using stronger authentication methods such as biometrics, Andrew Shikiar, Executive Director and CMO at FIDO Alliance, said in a statement.
“That said, high password usage without 2FA worryingly reflects how little consumers are still being offered alternatives like biometrics, resulting in lingering usage,” he added.
To get more details, read the report’s announcement “FIDO Alliance study reveals growing demand for password alternatives as AI-fuelled phishing attacks rise” and check out the “2023 Online Authentication Barometer” report.
For more information about new methods of authentication:
And speaking of authentication methods, a new document from CISA and the NSA states that, when it comes to securing IAM systems, MFA and single sign-on (SSO) remain thorny challenges for enterprise developers and technology vendors.
The joint document, titled “Identity and Access Management: Developer and Vendor Challenges”, outlines these roadblocks and offers recommendations.
Here’s a sampling of challenges and their recommended solutions for tech vendors:
To get more details, read the “Identity and Access Management: Developer and Vendor Challenges” publication.
Software should be designed with customer security as a core goal, and should be secure “out of the box”, requiring no complex configurations and no extra fees for any security features.
That’s the “secure by design” and “secure by default” vision outlined in the revamped guide “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure By Design Software” jointly released this week by CISA, the FBI, the NSA and cyber agencies from 13 countries.
“Together, these two philosophies move much of the burden of staying secure to manufacturers and reduce the chances that customers will fall victim to security incidents resulting from misconfigurations, insufficiently fast customer patching, or many other common issues,” reads the guide.
The document, which was published originally in April, grew from 15 pages to 36 pages, with the bulk of the additions detailing further CISA’s three main “secure by design” principles for software makers:
While mostly focused on best practices for software vendors, the document also includes recommendations for software customers, including:
To get more details, check out:
Juan has been writing about IT since the mid-1990s, first as a reporter and editor, and now as a content marketer. He spent the bulk of his journalism career at International Data Group’s IDG News Service, a tech news wire service where he held various positions over the years, including Senior Editor and News Editor. His content marketing journey began at Qualys, with stops at Moogsoft and JFrog. As a content marketer, he's helped plan, write and edit the whole gamut of content assets, including blog posts, case studies, e-books, product briefs and white papers, while supporting a wide variety of teams, including product marketing, demand generation, corporate communications, and events.
Enter your email and never miss timely alerts and security guidance from the experts at Tenable.
Formerly Tenable.io
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.
Formerly Tenable.io
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
65 assets
Choose Your Subscription Option:
Thank you for your interest in Tenable.io. A representative will be in touch soon.
FREE FOR 7 DAYS
Tenable Nessus is the most comprehensive vulnerability scanner on the market today.
Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.
Fill out the form below to continue with a Nessus Pro Trial.
Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.
Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.
BUY
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
65 assets
Choose Your Subscription Option:
Thank you for your interest in Tenable.io. A representative will be in touch soon.
Formerly Tenable.io Web Application Scanning
Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.
Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.
Formerly Tenable.io Web Application Scanning
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.
Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.
Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.
Thank you for your interest in Tenable Lumin. A representative will be in touch soon.
Formerly Tenable.sc
Please fill out this form with your contact information.
A sales representative will contact you shortly to schedule a demo.
* Field is required
Formerly Tenable.ot
Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.
Formerly Tenable.ad
Continuously detect and respond to Active Directory attacks. No agents. No privileges.
On-prem and in the cloud.
Exceptional unified cloud security awaits you!
We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.
Thank you for your interest in Tenable Cloud Security. A representative will be in touch soon.
Exposure management for the modern attack surface.
Formerly Tenable.asm
Know the exposure of every asset on any platform.
Thank you for your interest in Tenable Attack Surface Management. A representative will be in touch soon.
FREE FOR 7 DAYS
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
FREE FOR 7 DAYS
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.