-
1 week ago | 
darkreading.com | Joan Goodchild
While sitting in a board meeting for a healthcare service provider, veteran CISO John Rouffas was struck by a disconnect he said was impossible to ignore. The security update was familiar: training metrics were high, patching was on schedule, and vendor relationships were in place. The board's members walked away reassured about the provider's security program. They shouldn't have.
-
1 month ago | 
darkreading.com | Joan Goodchild
In nearly 20 years as Director of Cybersecurity with the Electronic Frontier Foundation (EFF), Eva Galperin has received countless emails and calls from women who have been harassed online, found their images manipulated into humiliating media, had their private information spread across the web, or fear their every digital move is being tracked. She's seen firsthand how quickly online harassment spirals from a virtual annoyance to a threat to real-life safety.
-
1 month ago | 
mimecast.com | Joan Goodchild
In the inaugural edition of the Human Risk Roundup, we delve into recent, real-world examples of how cybercriminals exploit human vulnerabilities to breach organizational defenses. Designed for CISOs and security leaders, this regular feature from Mimecast provides actionable insights into the evolving tactics and psychological strategies used by attackers, helping you stay ahead in safeguarding your organization’s most critical asset—its people.
-
1 month ago | 
mimecast.com | Joan Goodchild
Several recent ransomware attacks on UK retailers demonstrate that human error is a primary factor in cybersecurity breaches. Recent incidents involving Marks & Spencer (M&S), Harrods, and Co-op highlight how human risk plays a critical role in enabling these attacks. While technical vulnerabilities contribute to the problem, the underlying factor often remains human behavior, whether through compromised credentials or exploited helpdesk protocols.
-
Feb 28, 2025 | 
securityboulevard.com | Richi Jennings |Joan Goodchild |David Sopas
The Home of the Security Bloggers Network
-
Feb 20, 2025 | 
darkreading.com | Joan Goodchild
These days, the word "toxic" gets thrown around a lot in many contexts, but when used to describe organizational culture, it poses an actual threat. When employees are constantly overworked, undervalued, or forced to operate in high-stress, blame-heavy environments, mistakes are inevitable. Fatigue leads to oversight, disengagement breeds carelessness, and a lack of psychological safety prevents people from speaking up about vulnerabilities or potential risks.
-
Jan 29, 2025 | 
darkreading.com | Joan Goodchild
QUESTION: There are times when cybersecurity teams need to say, "No," to business stakeholders. What is the best way to go about it? Saying “Yes” in business feels good, but, unfortunately, it’s not always possible. And among security departments, saying “No” isn’t happening often enough.
-
Jan 23, 2025 | 
darkreading.com | Joan Goodchild
For years, cybersecurity was frequently (and derisively) referred to as "The Department of No." Business executives griped that in the face of innovation, cybersecurity teams would slap down ideas, list reasons why the project was insecure, and why what they wanted to do was not feasible. Then came a mindshift change. As more security leaders were tasked with demonstrating a return on investment for security budgets, security departments started finding ways to say "yes" more often.
-
Dec 30, 2024 | 
darkreading.com | Joan Goodchild
From the growing sophistication of zero-day exploits to the entrenchment of nation-state and cybercriminal alliances, 2024 delivered more evidence of how quickly the threat landscape continues to evolve. The year reinforced hard truths about the persistence of attackers and the systemic challenges of defense. We look back on some of the events that defined 2024 and the tactical insights that security teams can apply to stay ahead in the ongoing battle in 2025.
-
Dec 20, 2024 | 
darkreading.com | Joan Goodchild
Experienced security leaders know that attackers are patient. Attackers can infiltrate corporate chat systems like Slack or Microsoft Teams and just ... watch. For months, they monitor conversations, learn who the experienced staff are, and take notes on upcoming vacation plans and each team member's communication style. Then when the company shifts to a skeleton crew — perhaps during a major holiday or summer break — they strike.
