When is the last time your company truly thought about the security of your network, devices and data? If this answer isn’t “yesterday” or “today,” then your agency, and the client data it is entrusted with, might be at risk. Dror Liwer, CISO of Coronet, outlines what agencies can do to get serious about cybersecurity.
With hundreds, if not thousands of security alerts per day pouring into Security Operations Centers (SOC), security professionals are fighting a losing battle. Fortunately, tried-and-true manufacturing techniques can turn the tide. Heather Hixon of DFLabs outlines two techniques that can help even the playing field between SOCs and their adversaries.
The Ancient Athenian Themistocles said: “He who controls the sea controls everything.” In today's world, the "sea" is the "communications sea" and the "communications sea" relies on anything and everything cyber. George Platsis of SDI Cyber lays out how somebody has been quietly dominating the communications sea and what the implications are for everybody — including who will rule this empire.
There is a widespread need for organizations to modernize their security operations. Why? It creates the structure to eliminate distractions caused by chasing compliance mandates and the latest “shiny technology objects” and allows security organizations to reduce enterprise risk. Mark Maxey of Optiv outlines how to get started on modernizing operations.
Cyber Insurance is a rapidly growing market, and small- to medium-sized businesses are driving that growth. Ari Vared, Senior Director of Product at CyberPolicy, explains that as SMBs gather more data to leverage business decisions, they also need to be more aware of cyber risks and be prepared for an incident.
To address the rising tide of data breaches, social network providers have enhanced their built-in security and have focused primarily on improving multi-factor authentication processes. To better understand what varying platforms offer, Ehud Amiri, senior director for product management at OneLogin, looks at how the leading social media sites are protecting their users.
Despite the common belief that mainframes are secure fortresses of data, it's much easier than businesses might think to access the mainframe by hacking an employee's mobile phone or other connected smart device. Ray Overby, President of Key Resources, Inc., lays out two new ways that cybercriminals can get into corporate networks through a personal IoT device.
Until manufacturers of IoT devices incorporate strong security into their products, the only reliable way to keep devices from compromising an enterprise is to use network topology to prevent attackers from interacting with such devices. Dr. Srinivas Mukkamala, co-founder and CEO of RiskSense, looks at the top IoT security risks facing enterprises.
As more people bring their own devices to work (BYOD), companies embracing blockchain can ensure that the infrastructure is secure and their employees are accommodated. Alistair Johnson, founder & CEO of Nuggets, explains how this new technology accommodates a fresh understanding of work and the technological peculiarities that come with it.
ITSPmagazine co-founder Sean Martin interviews Howard Miller, co-author of “Developing a Framework and Methodology for Assessing Cyber Risk for Business Leaders“ (Journal of Applied Business and Economics, volume 20 (3), 2018), about the background of and vision related to this research article, how it applies to companies, boards and CEOs, risk management systems, and the ongoing development with Pepperdine CyRP.
In the past, nation states such as North Korea and China had a very limited ability to respond to the U.S.’ military attacks or sanctions. But in today’s digital world, these countries use cyber-attacks to deter a sanction or get retribution. Wayne Lloyd, Federal CTO of RedSeal, provides a list of actions organizations can take to ensure good cyber hygiene and digital resilience to withstand a cyber event and/or recover quickly.
Given all the vendor- and analyst-speak in the security space, it’s become difficult for organizations to know the difference between Security Information and Event Management (SIEM) and security analytics. Here are 6 ways to tell a SIEM from a security analytics product.
Criminal cryptomining has replaced ransomware as the leading type of cyber attack in 2018. While not all cryptomining is criminal in nature, this new type of cyber attack has gained momentum and popularity as a result of its success. Lastline’s director of threat intelligence, Andy Norton, explains the popular criminal techniques used to mine cryptocurrencies — and what lies ahead for cryptomining.
As more security technology companies emerge, consolidate and disappear, CISOs are struggling to understand which products are really worth their investment. Absolute’s Director of Security Strategy Josh Mayfield shares how CISOs can cut through the product marketing jargon and break down the five questions every CISO should ask a potential security vendor.
Some of the most popular DDoS mitigation tools are also the least effective. Many enterprise organizations have been lulled into a false sense of security, literally, and are ill-prepared to defend against modern DDoS attacks, primarily because they don’t fully understand the extent of the risk. Tom Bienkowski of NETSCOUT Arbor explains those risks and suggests defenses.
Decentralized systems based on technologies such as Blockchain must take into consideration the safety of the security researcher and provide the means to report vulnerabilities anonymously. And because flaws are inevitable, companies working in this space must have a mature, responsible disclosure policy.
As information and network security tools become more advanced, many bad actors find that it’s easier to trick humans than to keep modifying their exploit kits so they can bypass or undermine cybersecurity software. President of TeamViewer Americas Finn Faldi provides tips and insights on how to avoid common phishing and phone scams.
Today’s CISOs have one thing in common: the pressing need for funding to keep their security programs vital. Worldwide IT security spending jumped nearly 8 percent in the past year to top $90 billion, and it’s forecast to climb above $113 billion by 2020, but despite these numbers, executive decision-makers now want InfoSec costs inexorably linked to business value and return on investment.
As banks innovate to meet the changing demands of connected consumers, they are also increasing their attack surface, potentially making highly sought-after user data more accessible to cybercriminals. To mitigate these threats, financial services firms have to be aware of the risks that come with new capabilities and adjust their security architecture accordingly.
The National Vulnerability Database (NVD is a leading source of intelligence on vulnerabilities for InfoSec professionals, and while it provides many benefits, it also has its limitations. This article will explain the advantages of using the NVD for vulnerability management, point out some of the blind spots that have occurred recently, and recommend best practices for successful mitigation.
Privileged accounts give users the ability to compromise an organization’s network, systems and data, but discovering such incidents can take months or years. Michael Fimin outlines the Top 5 threats that result from poor privilege account management and explains 3 ways organizations can mitigate risk of privilege abuse.
In today’s world of rising threats and continuously increasing attacks, developing the right set of metrics for vulnerability management is necessary to keep up with the growth of potentially critical vulnerabilities. This article breaks down the seemingly complicated practice of inventorying organizational assets to understand what the most likely threats are and build the right metrics for vulnerability management.
With hackers using ransomware and other attack methods to compromise high-value privileged user credentials, organizations need to take a serious look at how they approach their cyber defense. Here’s where to start.
These days, every report on the Internet of Things (IoT) reminds us that we are continuing to increase our connectivity to the Internet through everyday appliances, sensors, and wearables, despite rampant security risks. In this new Experts Corner, Scott Totzke looks at how already-vulnerable technologies are left wide open.
When it comes to the Internet of Things, it’s easy to identify the breadth and depth of the potential value of these connected things. It’s not so easy identifying the threats, risks, and related management solutions. Expert Chuck Brooks gives us his view into how to get a handle on these challenges.
The number of data breaches tracked in 2016 in the U.S. reached an all-time record of 1,093 incidents and exposed more than 36 million records. The situation in 2017 is not getting any better, as the wave of data breaches continues to roll on. As cyber threats evolve, we look back at some of the worst breaches of 2016 and see what we can learn from them to avoid making the same mistakes in future.
Verizon has released its 10th annual Data Breach Investigations Report (DBIR), a comprehensive and multi-faceted look-back on breach trends, threat actor tactics and apparent motivations, based on analysis by the company or one of its 65 partners of 1,935 breach events occurring in 2016. This Experts Corner article examines some of its findings by some of the industry's top experts.
A new Kaspersky report shows criminals are enjoying profit margins of up to 95% on some DDoS attacks. Attackers are also demanding a ransom from a target in return for not launching a DDoS attack, or calling off an ongoing attack. Ben Herzberg from Imperva tells us why you need to pay attention to these stats.
There is an overarching theme driving these security breaches: ineffective adherence to secure design principles. Expert Ted Harrington explores the world of secure design principles (and anti-principles) as a means to build resilient systems.