When is the last time your company truly thought about the security of your network, devices and data? If this answer isn’t “yesterday” or “today,” then your agency, and the client data it is entrusted with, might be at risk. Dror Liwer, CISO of Coronet, outlines what agencies can do to get serious about cybersecurity.
Randy Bagwell interviews Ian Corey and Doug DePeppe of eosedge Legal about their view of 2019 as a “tipping point,” based on Malcolm Gladwell’s ideas in The Tipping Point: How Little Things Can Make a Big Difference, for behavioral change and enforcement of data protection duties based upon events and laws that emerged in 2018.
The Ancient Athenian Themistocles said: “He who controls the sea controls everything.” In today's world, the "sea" is the "communications sea" and the "communications sea" relies on anything and everything cyber. George Platsis of SDI Cyber lays out how somebody has been quietly dominating the communications sea and what the implications are for everybody — including who will rule this empire.
Local governments and small businesses are frequently being targeted by ransomware attacks. What makes these entities prime targets for malware and how can they avoid being an easy target? Cohesity CTO Steve Grewal suggests what government officials and business owners can do to avoid having their operations halted.
The fear-mongering of cybersecurity is ruining the industry, as emotions are being targeted rather rationality. Fear sells, after all. Nathan Burke of Axonius discusses the current state of the InfoSec industry and what the way forward is from here.
Too often, companies' security strategies revolve around minimizing reputational damage and achieving compliance. Javvad Malik, an award-winning information security consultant and security advocate at AlienVault, suggests that businesses need to take a more granular approach to focus on protecting employee and customer data instead.
Despite the common belief that mainframes are secure fortresses of data, it's much easier than businesses might think to access the mainframe by hacking an employee's mobile phone or other connected smart device. Ray Overby, President of Key Resources, Inc., lays out two new ways that cybercriminals can get into corporate networks through a personal IoT device.
As more people bring their own devices to work (BYOD), companies embracing blockchain can ensure that the infrastructure is secure and their employees are accommodated. Alistair Johnson, founder & CEO of Nuggets, explains how this new technology accommodates a fresh understanding of work and the technological peculiarities that come with it.
In the past, nation states such as North Korea and China had a very limited ability to respond to the U.S.’ military attacks or sanctions. But in today’s digital world, these countries use cyber-attacks to deter a sanction or get retribution. Wayne Lloyd, Federal CTO of RedSeal, provides a list of actions organizations can take to ensure good cyber hygiene and digital resilience to withstand a cyber event and/or recover quickly.
Criminal cryptomining has replaced ransomware as the leading type of cyber attack in 2018. While not all cryptomining is criminal in nature, this new type of cyber attack has gained momentum and popularity as a result of its success. Lastline’s director of threat intelligence, Andy Norton, explains the popular criminal techniques used to mine cryptocurrencies — and what lies ahead for cryptomining.
With data breaches on the rise and personal information ending up in the hands of cyber criminals, we are no longer questioning whether a breach will occur, but when the breach will occur. Marija Atanasova, Sr. Content Strategist for the IT Security community at BrightTALK, interviewed Karen Creasey of NCSAM to learn how to get the most out of National Cyber Security Awareness Month (October).
Decentralized systems based on technologies such as Blockchain must take into consideration the safety of the security researcher and provide the means to report vulnerabilities anonymously. And because flaws are inevitable, companies working in this space must have a mature, responsible disclosure policy.
As information and network security tools become more advanced, many bad actors find that it’s easier to trick humans than to keep modifying their exploit kits so they can bypass or undermine cybersecurity software. President of TeamViewer Americas Finn Faldi provides tips and insights on how to avoid common phishing and phone scams.
The most effective first level of physical defense in your network architecture’s security infrastructure is the firewall. Yoram Ehrlich, VP Products at Niagara Networks, explains how there is now a clear shift toward next-generation firewall (NGFW) technology incorporating advanced know-how.
The #CyberAvengers, a group of salty and experienced professionals, offers a few quick tips that set up a cybersecurity early warning system, giving you a chance to make sure your “cyber fire” does not get out of control.
In the new, hybrid world of IT — often described as borderless — traditional approaches to security have been become inadequate. This article examines the new risks introduced by hybrid IT computing, the challenges these pose, and best practices for addressing them.
Although phishing attacks have been around for many years, they have evolved to form the current fourth-generation threat landscape: phishing beyond email. The real question for security teams is how are untrained, non-security staff supposed to recognize these threats?
Research shows that about half of healthcare organizations rely only on once-a-year security awareness training to educate their users about existing threats and best practices to identify and avoid these threats. For an industry swimming in sensitive information, an annual cybersecurity check-up just won’t cut it.
Privileged accounts give users the ability to compromise an organization’s network, systems and data, but discovering such incidents can take months or years. Michael Fimin outlines the Top 5 threats that result from poor privilege account management and explains 3 ways organizations can mitigate risk of privilege abuse.
In today’s world of rising threats and continuously increasing attacks, developing the right set of metrics for vulnerability management is necessary to keep up with the growth of potentially critical vulnerabilities. This article breaks down the seemingly complicated practice of inventorying organizational assets to understand what the most likely threats are and build the right metrics for vulnerability management.
Preparing for the GDPR leads to many questions for compliance teams, like, can we identify and monitor all websites collecting PII on behalf of our company? Are those collection points secure? Are they accompanied by compliance statements and controls? RiskIQ explores these potential issues and offers tips on how to address them.
Ransomware creates turmoil every day – for individuals and for enterprises. But there is encouraging news. Ransomware, by its very nature, tips its hand with characteristics that make it predictable and recognizable. These distinct features enable advanced security tools to detect and defeat ransomware before files are frozen and ransoms demanded.
Financial institutions are suffering cyberattacks of such large volume and capabilities that simply adding more one-off security solutions to the stack will not be sufficient to detect and respond to data breaches. To stay a step ahead of cybercriminals, financial institutions should focus of the automation of threat intelligence to inform security updates as quickly as possible.
Every company uses e-mail to communicate, but few understand that this type of unstructured data needs to be protected. Considering that over 90% of attacks start with e-mail yet only 43% of IT professionals see projects involving unstructured data as a top priority, it’s not surprising that these attacks can cause significant financial damage. Here’s how companies can safeguard against this risk.
At one time or another, we’ve all connected to the Internet via public Wi-Fi – at a coffee shop, in a hotel, on a plane. The convenience is irresistible, but few people are aware that public Wi-Fi is one of the biggest risks to personal and business security because these networks are so easy to attack for hackers. Cybersecurity experts answer these questions: Are any public WiFi networks safe? What harm can be done on these public networks? And how can you protect yourself against this risk?
If you're a big company and you're not looking for imposters, you're making a big mistake. If you, as an individual, get a job offer emailed to you out of the blue apparently from a big company, it's pretty much a certainty you're going to loose out big time if you get "employed." Read Mark Gibbs' latest Gearhead column to learn why.
You know Bob who works for your organization? That's right, Bob, the CFO. Nice guy. Organized, always on time, gets the job done. Good guy (except when he got tanked at the Christmas party but let's not talk about that). Well, there's something you might not know about Bob: He's incredibly dangerous to your business.
Even with new technologies abound, we’ve come to rely on passwords as our primary means of managing access to systems, applications and data. In reality, passwords are our first—and in most cases, only—line of defense when it comes to protecting against unauthorized access, misuse and theft.