_Experts-Humans

We Need More Than Employee Training Against Phishing

Emails have long been the customary approach for delivering phishing scams, which have affected more than one-third of all organizations. However, as most organizations move toward improving their security, attackers are developing other methods that use more than just email. Atif Mushtaq, founder of SlashNext, explains the newer, short-lived tactics that are being used to target human weaknesses and exploit employee vulnerabilities.

Marketing Is Overpromising And Under-Delivering Cybersecurity

The fear-mongering of cybersecurity is ruining the industry, as emotions are being targeted rather rationality. Fear sells, after all. Nathan Burke of Axonius discusses the current state of the InfoSec industry and what the way forward is from here.

Gamification: The ‘Secret Sauce’ For Your Software Security Program

With security often seen as an obstacle in the path of innovation, adhering to project delivery deadlines and staying agile, it can be something of a dirty word in the software industry. Pieter Danhieux, CEO of Secure Code Warrior, explains how to engage developers to code securely, bridge the gap between the development and security functions of the business, and strive for a higher build standard of software.

3 Strategies for Overcoming Security Burnout

With the problematic talent shortage in security, organizations are consistently operating understaffed and team members are forced to pick up the slack, which results in job fatigue and stress. Eric Sheridan, Chief Scientist at WhiteHat Security, offers three strategies for overcoming security burnout.

Productivity or Cybersecurity? Now You Can Have Both

When it comes to protecting end-user devices, many enterprises see two choices: either lock down devices and limit what users can access, or prioritize productivity and take some chances with security. Tal Zamir shows why this either/or proposition is untenable for CISOs, IT and end-users, and how a new software-defined endpoint approach is enabling enterprises to deliver completely secure and totally unrestricted user experience.

Building Cybersecure Culture through an Age-Old Technique: Apprenticeships

With an alarming talent gap in the industry, cybersecurity can no longer be thought of as a technical problem with a technical solution; it must be treated as a critical business concern. Charles Eaton of CompTIA discusses how apprenticeships can supply companies with a more predictable, sustainable pipeline of applicants, while providing new cybersecurity workers with necessary experience, education and mentorship.

Every Parent's Nightmare: Your Child Is Being Cyberbullied

It is every parent’s nightmare: their child is being bullied. Except it’s even more insidious if the bullying is happening online where it’s hard to see and even harder to stop. How can you prevent, spot and address cyberbullying, how can you get your child to talk about what might be happening to them, and how can you help them overcome it? Here are a few tips to get you started.

Companies Lost Trust In Their Users. What's Next?

Data breaches reached a historic high in 2017, with 1,579 reported, which left 179 million records exposed. Ryan Wilk, VP of Delivery for NuData Security, explains why a whole new authentication framework is needed that positively identifies customers online and biometrics is helping to solve this challenge.

Automation Is The Core Of Data Protection

For organizations, the average total cost of a data breach is over $3 million. For employees or customers, the cost is a loss of privacy, identity theft, and immediate or future monetary loss. Here's why automation is the core of data protection and why it should be a business priority this year.

Take Time To Understand The Cyber Threat Landscape

Cybercrime is on the rise. The number of data breaches in 2017 was staggering and things are likely to get worse. Employee error, employee manipulation, hacking-as-a-service, and the gap between development and test make things even more challenging. Says Dr. Rao Papolu, it's time to take some time to assess the main threats to your cyber defenses.

Admins and Privileged Accounts Are The Keys To The Kingdom

The fact is that the people behind the keyboards are your weakest endpoints and the apathy in recognizing that fact is the biggest security threat of organizations today. So, what do we do to address this risk?

How to Mentor the Next generation of Technologists

My last article for ITSPmagazine defined the term “technologist,” a label that applies to people working in companies of all shapes and sizes across the country along a broad spectrum of industries—not just those that write software and make hardware. in this new piece, we will take a look at the mentorship process for the next generation of technologists.

Your Organization's Greatest Threat? It's Bob.

You know Bob who works for your organization? That's right, Bob, the CFO. Nice guy. Organized, always on time, gets the job done. Good guy (except when he got tanked at the Christmas party but let's not talk about that). Well, there's something you might not know about Bob: He's incredibly dangerous to your business. 

Balancing Security and Privacy in the Enterprise

Enterprise security teams have a namesake job to do – secure their organizations – but it does not have to come at the expense of their colleague’s privacy. How, then, do organizations balance the requirements and expectations of both sides and keep their data secure while ensuring that the company refrains from violating privacy laws?

Not 100% Sure It’s Grandma? It’s probably Phishing

Could you spot a phishing attack if and when it crosses your inbox? What about your colleagues? Your executive staff and mangers that hold the keys to the kingdom? Read on to explore the anatomy of a phishing email and how to avoid falling prey to these attacks.

The Building Blocks Of CyberSecurity Are People

There’s an old joke in the community that there is no patch for the user – technology can be fixed, but human mistakes cannot be overcome. In this new An InfoSec Life article, Joseph Pindar shares his beliefs that peoples’ actions aren’t a problem that can be easily dismissed with a joke.

Seriously?! Can You Not Do That? | Chapter I - Bad Habits and InfoSec Apathy

People go to work to do their job. They have meetings to attend, calls to make, tasks to complete, quotas to reach, and much more. So they can’t be bothered with worrying about information security. However, their habits – good and bad, innocent or malicious – are putting their employer’s business at risk. All it takes is one poorly made decision, or maybe even the lack of a decision in many cases, to damage or even destroy a business.

Seriously?! Can You Not Do That? | Prologue

Ahhh yes, our employees. We love them dearly, but sometimes they do things that put the company at risk of a data breach or other cyber attack. I reached out to the InfoSec community to help me capture some of the more common scenarios and troubling cases where employees could cause a company harm, both unknowingly and maliciously.

Penalties For Insecure Employees. Yes? No?

In today's breach-a-day environment, should companies issue penalties to insecure employees? Preempt’s Heather Howland thinks so. But just how severe should these penalties be? Let's find out.

No Worries, We Have the Biggest FireWall. Oh Look, a Pretty Horse, Bring It Inside!

There are plenty of security solutions designed to secure the fences that are the first line of defense in most organizations, but what about the threat from within? Expert Ameesh Divatia looks at why insider threats are the next big security challenge.