1 in 4 CISOs Wants to Say Sayonara to Security | Half of Apps Have High-Risk Vulnerabilities Due to Open Source

Thanks to burnout and stress, Gartner predicts churn and even departure from profession among half of today's security leaders by 2025. [TechWeb]( Follow Dark Reading: [RSS]( February 23, 2023 LATEST SECURITY NEWS & COMMENTARY [1 in 4 CISOs Wants to Say Sayonara to Security]( Thanks to burnout and stress, Gartner predicts churn and even departure from profession among half of today's security leaders by 2025. [Half of Apps Have High-Risk Vulnerabilities Due to Open Source]( Open source software dependencies are affecting the software security of different industries in different ways, with mature industries becoming more selective in their open source usage. [Analysts Slam Twitter's Decision to Disable SMS-Based 2FA]( Making the option available only to paid subscribers — while also claiming SMS authentication is broken — doesn't make sense, some say. Is it a cash grab? [Majority of Ransomware Attacks Last Year Exploited Old Bugs]( New research shows that 57 vulnerabilities that threat actors are currently using in ransomware attacks enable everything from initial access to data theft. [Cybersecurity Jobs Remain Secure Despite Recession Fears]( Only 10% of corporate executives expect to lay off members of cybersecurity teams in 2023, much lower than other areas, as companies protect hard-to-find skill sets. [Google Translate Helps BEC Groups Scam Companies in Any Language]( BEC gangs Midnight Hedgehog and Mandarin Capybara show how online marketing and translation tools are making it easy for these threat groups to scale internationally. [Massive GoAnywhere RCE Exploit: Everything You Need to Know]( Weeks after an exploit was first announced in a popular cloud-based file transfer service, could some organizations still be vulnerable? The answer is yes. [Not Stoked: Burton Snowboards' Online Orders Disrupted After Cyberattack]( The snow sports specialist is investigating to see what caused the operations-disrupting "cyber incident." [AppSec Threats Deserve Their Own Incident Response Plan]( With a rearranging of priorities and good incident response plans, organizations can be ready to face the future of software attacks. [7 Tips for Mitigating Cyber-Risks to Your Corporate Social Media]( How to stay safe, even when tech-savvy admins can't tell the difference between a scam and the truth. [Name That Toon: Join the Club]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [Insider Threats Don't Mean Insiders Are Threatening]( By implementing tools that enable internal users to do their jobs efficiently and securely, companies reduce insider threat risk by building insider trust. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Modern Software: What's Really Inside?]( Open source has changed the software game from build or buy to assemble with care. [Simplify to Survive: How Organizations Can Navigate Cyber-Risk]( Simplification can result in efficiencies, reduced overhead, and the ability to respond to cyber threats more quickly. [MORE]( EDITORS' CHOICE [Scammers Mimic ChatGPT to Steal Business Credentials]( Hackers will take anything newsworthy and turn it against you, including the world's most advanced AI-enabled chatbot. LATEST FROM THE EDGE [Despite Breach, LastPass Demonstrates the Power of Password Management]( What's scarier than keeping all of your passwords in one place and having that place raided by hackers? Maybe reusing insecure passwords. LATEST FROM DR TECHNOLOGY [Researchers Create an AI Cyber Defender That Reacts to Attackers]( The system based on deep reinforcement learning can adapt to defenders' tactics and stop 95% of simulated attacks, according to its developers. WEBINARS - [Ten Emerging Vulnerabilities Every Enterprise Should Know]( Every day, black hat attackers and white hat researchers are discovering new security vulnerabilities in widely-used systems and applications that might be exploited to compromise your data. Are you aware of the newest - and potentially most impactful - vulnerabilities ... - [The Importance of Bespoke Security]( In this webinar, you will hear from our subject matter experts, Hanah Darley, Head of Threat Research and Toby Lewis, Global Head of Threat Analysis. The discussion will cover the difference between media coverage of cyber threats compared with the ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Essential Guide to Secure Web Gateway]( - [Enable and Protect Your Remote Workforce]( - [Evaluator's Guide for Managed Detection and Response (MDR) Services]( - [Making Cybersecurity Mesh a Reality]( - [Empower Digital Transformation by Protecting Converged IT and OT]( - [What Elite Threat Hunters See that Others Miss]( - [Seven Ways to Avoid the Nightmare of a Cloud Misconfiguration Attack]( [View More White Papers >>]( FEATURED REPORTS - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [UL Solutions Advances Automotive Safety and Security]( [Trend Micro Acquires SOC Technology Expert Anlyz]( [Black Hat to Launch Official Certification Program]( [CREST Calls for Greater Equity, Inclusion and Diversity As Part of National Cyber Security Strategy]( [SASE Market to Exceed Over $60B Between 2022 and 2027, According to Dell'Oro Group]( [Malwarebytes Expands Platform With New Application Block Capabilities]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Promise and Reality of Cloud Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)