CxO Corner

Ian Keller October 2, 2024September 30, 2024CISO Blogalchemycyberdefence, ciso, leadership, Troublemaker Leave a comment

Navigating the Cybersecurity Landscape: A CISO’s Perspective on the Latest Threat Report for the Finance Industry

Been in cybersecurity for decades. Seen it all. Financial sector is a prime target. Need threat intelligence, collaboration, and investment in new tech. Stakes are too high to do anything less.

Ian Keller October 1, 2024September 30, 2024CISO Blogalchemycyberdefence, ciso, leadership Leave a comment

Impact of the New SEC Cybersecurity Regulations on Business Risk and Information Security Practices

New SEC Cybersecurity Regulations: A Must-Read for Public Companies

The SEC has introduced stricter cybersecurity disclosure requirements for public companies. This article breaks down the key impacts, including increased accountability, mandatory reporting, and the need for enhanced cybersecurity practices. Don’t miss out on this essential information. #cybersecurity #SEC #publiccompanies #regulation

New SEC Cybersecurity Regulations: A Must-Read for Public Companies

Ian Keller September 30, 2024October 1, 2024CISO Blogalchemycyberdefence, ciso, cybersecurity, leadership Leave a comment

Strengthening Information Security by Taming the Technical Debt Dragon

First off lets define what technical debt is, specifically when looking at it through the lens of a CISO. Technical debt, in with this context, refers to the consequences of making suboptimal decisions for the sake of short-term benefits or to meet deadlines. It’s like borrowing money: while it can provide immediate relief, it eventually needs to be repaid, often with interest. Technical debt is a pervasive challenge in software development and it carries significant implications for information security. While … Continue reading “Strengthening Information Security by Taming the Technical Debt Dragon”

Ian Keller September 28, 2024September 30, 2024CISO Blogalchemycyberdefence, CISO Leave a comment

Hacking Kia: Remotely Hijack A Car Using Only Its License Plate

In a recent security breach that sent shockwaves through the automotive industry, researchers discovered a vulnerability that allowed them to remotely hijack Kia and Hyundai vehicles using only their license plates. This alarming revelation has raised serious concerns about the security of modern cars and the potential for malicious actors to exploit these vulnerabilities. How It Works The attack leverages a flaw in the vehicles’ keyless entry systems. By capturing the radio signal emitted by the car’s key fob, hackers … Continue reading “Hacking Kia: Remotely Hijack A Car Using Only Its License Plate”

Ian Keller September 28, 2024September 30, 2024CISO Blogalchemycyberdefence, CISO, CriticalInfrastructure, SecurityAwareness, Vulnerabilities Leave a comment

A Critical Infrastructure Alert: Automatic tank gauges (ATGs)

Automatic tank gauges (ATGs) are indispensable tools for monitoring and managing critical infrastructure, such as fuel storage, water reservoirs, and chemical tanks. However, these systems are increasingly becoming targets for cyberattacks, exposing vulnerabilities that could have severe consequences. Recent research has highlighted critical vulnerabilities in ATGs, including: These vulnerabilities could lead to: To mitigate these risks, organizations must: By taking these steps, organizations can help safeguard their critical infrastructure and prevent costly disruptions.

Ian Keller September 27, 2024September 30, 2024CISO BlogCISO Leave a comment

Microsoft Sets January Deadline for Windows Users

Are you still using older versions of Windows? Microsoft has announced that they will be discontinuing support for certain Windows operating systems in January 2025. This means that users who haven’t updated to a supported version will no longer receive security updates or technical assistance. What does this mean for you?

Ian Keller September 27, 2024September 30, 2024CISO BlogCISO Leave a comment

NIST Drops Password Complexity and Mandatory Reset Rules: A New Era for Password Security

NIST has dropped its recommendations for complex passwords, mandatory reset rules, and account lockout policies. These changes mark a significant shift in password security and reflect evolving research on human behavior and cybersecurity threats. By adopting a more user-friendly and effective approach, organizations can improve security, reduce costs, and enhance the user experience.

Ian Keller September 26, 2024September 30, 2024CISO BlogCISO

Gatewatcher Releases Cyber Threats Semester Report (July – December 2023)

Ian Keller February 5, 2023February 5, 2023CISO Blog

Toxic Leadership and Insider Threat

Ian Keller December 14, 2022December 14, 2022CISO BlogCISO Leave a comment

3^rd party breach causes Uber headaches

The security of your supply chain and 3rd parties cannot be overstated especially when they have access to Personal or Privileged information. Although its exceptionally difficult to police at least ensure that you have some form of coverage, do site visits, have in person interviews with their #ciso and get assurance and comfort that they act in your best interest, as you need to provide this assurance to your #leadership https://www.bleepingcomputer.com/news/security/uber-suffers-new-data-breach-after-attack-on-vendor-info-leaked-online/