In today’s world of rising threats and continuously increasing attacks, developing the right set of metrics for vulnerability management is necessary to keep up with the growth of potentially critical vulnerabilities. This article breaks down the seemingly complicated practice of inventorying organizational assets to understand what the most likely threats are and build the right metrics for vulnerability management.
Preparing for the GDPR leads to many questions for compliance teams, like, can we identify and monitor all websites collecting PII on behalf of our company? Are those collection points secure? Are they accompanied by compliance statements and controls? RiskIQ explores these potential issues and offers tips on how to address them.
This article came as the result of a discussion with Sean Martin regarding how Arctic Wolf's work with the City of Sparks impacts the police and its officers. It describes how the police officers do their job differently and how an increase in tech and cyber changes the way they view society and the way they live their lives.
Threat detection relies on signatures or the correlation of system events to identify indicators of compromise (IOCs). As such, it is primarily reactive and used to verify if a breach has occurred, and to assess the scope and spread of a threat. This article explains how proactive threat hunting can address this inherent weakness in threat detection by assuming a threat or threat actor has not been detected, yet may have targeted an organization.
KRACK, as acronyms go, seemed an appropriate handle for last month’s WiFi security disclosure. After a quarter stuffed with bad security news, a new flaw in one of our most beloved technologies might have a few security pros on the verge of cracking. The showiest security disasters make news, but breaches happen every day to organizations of every type around the world. The attacker perpetrating the next big cybersecurity incident is probably already behind someone’s firewall. And while you should definitely patch your vulnerabilities and maybe even turn off your WiFi (ok, just kidding, no one’s going to turn off the WiFi), that’s not going to be enough. We need to change how we think about cybersecurity.
Website accessibility technologies broaden the use of the devices and applications, giving individuals with disabilities the opportunity to experience the capabilities and benefits of the personal computing, the Internet, and all they have to offer. However, as with most things technical, security and privacy are often afterthoughts; the same prove true as accessibility features are used.
The Internet of Things (IoT) introduces a wealth of value as we look to make our digital lives more automated, streamlined, and easier. Unfortunately, with this value comes risk; risk that manifests itself not just in our personal lives, but in our professional business lives and in the industries and industrial settings that make it all possible. This article will cover the cybersecurity threats posed by data integrity in the era of IoT – particularly as it pertains to enterprise organizations and the industrial sector – and what organizations can do to mitigate the threats.
With the proliferation of attack types and the reality that threat actors are getting smarter, faster, and more efficient at compromising networks, today’s Security Operation Centers (SOC) must be more flexible and agile to detect and stop threats.
Organizations are implementing stricter mandates for what kind of platforms and mobile features employees can use on both personal and corporate-owned devices, prompting a dramatic increase in the rise of "shadow IT" like unauthorized messaging apps. By bringing messaging apps out of the shadows and into the mainstream, organizations can reduce the risk of both outside and inside threats to the enterprise.
In honor of Women’s Entrepreneurship Day (November 19), we are highlighting some amazing female founders and CEOs in cybersecurity and tech. Get to know the women who have launched, grown and run these successful companies!
The fact is that the people behind the keyboards are your weakest endpoints and the apathy in recognizing that fact is the biggest security threat of organizations today. So, what do we do to address this risk?
One of the toughest challenges facing military veterans is making the transition to civilian life. It’s difficult for many of them to see how their military training translates into a civilian career, and the process of job hunting can be daunting. There's hope though; and this program is one example of good things happening in the industry.
Ransomware creates turmoil every day – for individuals and for enterprises. But there is encouraging news. Ransomware, by its very nature, tips its hand with characteristics that make it predictable and recognizable. These distinct features enable advanced security tools to detect and defeat ransomware before files are frozen and ransoms demanded.
Financial institutions are suffering cyberattacks of such large volume and capabilities that simply adding more one-off security solutions to the stack will not be sufficient to detect and respond to data breaches. To stay a step ahead of cybercriminals, financial institutions should focus of the automation of threat intelligence to inform security updates as quickly as possible.
Equifax took 40 days to report its breach, which is arguably morally incorrect and unacceptable in today's world. The EU GDPR has a 72-hour breach notification rule. Following the GDPR's example, we recommend a more unified approach.
From time to time, we get asked about support for business rules. Usually, the person asking the question comes from a background in traditional Business Process Management (BPM), where business rules are treated as a discrete subject. What can we do to make sure business rules don’t need to be treated as something discrete and separate?
A new vulnerability was recently exposed and a proof of concept for an exploit was demonstrated alongside of it, highlighting again just how delicate the Internet really is. This time, the vulnerability impacts a protocol used across a variety of devices, taking aim at both business and end user systems—as well as data. Here’s what we know thus far.
Even with some of the largest breaches taking place recently, amid the deluge of attacks around the world and targeting all industries, the WannaCry and Petya attacks may earn a hashmark in a historical for changing for forcing the security community to reconsider its posture.
Let’s face it, in the CyberSecurity profession, we like to learn things the hard way. But, if we look at the whole picture and ask "why" every now and then, things just might get a little easier.
The GDPR is a de facto mandate for every company to invest in process automation software. How can business workflows help with privacy compliance? Read to learn more.