Emails have long been the customary approach for delivering phishing scams, which have affected more than one-third of all organizations. However, as most organizations move toward improving their security, attackers are developing other methods that use more than just email. Atif Mushtaq, founder of SlashNext, explains the newer, short-lived tactics that are being used to target human weaknesses and exploit employee vulnerabilities.
The fear-mongering of cybersecurity is ruining the industry, as emotions are being targeted rather rationality. Fear sells, after all. Nathan Burke of Axonius discusses the current state of the InfoSec industry and what the way forward is from here.
With security often seen as an obstacle in the path of innovation, adhering to project delivery deadlines and staying agile, it can be something of a dirty word in the software industry. Pieter Danhieux, CEO of Secure Code Warrior, explains how to engage developers to code securely, bridge the gap between the development and security functions of the business, and strive for a higher build standard of software.
With the problematic talent shortage in security, organizations are consistently operating understaffed and team members are forced to pick up the slack, which results in job fatigue and stress. Eric Sheridan, Chief Scientist at WhiteHat Security, offers three strategies for overcoming security burnout.
When it comes to protecting end-user devices, many enterprises see two choices: either lock down devices and limit what users can access, or prioritize productivity and take some chances with security. Tal Zamir shows why this either/or proposition is untenable for CISOs, IT and end-users, and how a new software-defined endpoint approach is enabling enterprises to deliver completely secure and totally unrestricted user experience.
With an alarming talent gap in the industry, cybersecurity can no longer be thought of as a technical problem with a technical solution; it must be treated as a critical business concern. Charles Eaton of CompTIA discusses how apprenticeships can supply companies with a more predictable, sustainable pipeline of applicants, while providing new cybersecurity workers with necessary experience, education and mentorship.
It is every parent’s nightmare: their child is being bullied. Except it’s even more insidious if the bullying is happening online where it’s hard to see and even harder to stop. How can you prevent, spot and address cyberbullying, how can you get your child to talk about what might be happening to them, and how can you help them overcome it? Here are a few tips to get you started.
Data breaches reached a historic high in 2017, with 1,579 reported, which left 179 million records exposed. Ryan Wilk, VP of Delivery for NuData Security, explains why a whole new authentication framework is needed that positively identifies customers online and biometrics is helping to solve this challenge.
For organizations, the average total cost of a data breach is over $3 million. For employees or customers, the cost is a loss of privacy, identity theft, and immediate or future monetary loss. Here's why automation is the core of data protection and why it should be a business priority this year.
Cybercrime is on the rise. The number of data breaches in 2017 was staggering and things are likely to get worse. Employee error, employee manipulation, hacking-as-a-service, and the gap between development and test make things even more challenging. Says Dr. Rao Papolu, it's time to take some time to assess the main threats to your cyber defenses.
The fact is that the people behind the keyboards are your weakest endpoints and the apathy in recognizing that fact is the biggest security threat of organizations today. So, what do we do to address this risk?
My last article for ITSPmagazine defined the term “technologist,” a label that applies to people working in companies of all shapes and sizes across the country along a broad spectrum of industries—not just those that write software and make hardware. in this new piece, we will take a look at the mentorship process for the next generation of technologists.
You know Bob who works for your organization? That's right, Bob, the CFO. Nice guy. Organized, always on time, gets the job done. Good guy (except when he got tanked at the Christmas party but let's not talk about that). Well, there's something you might not know about Bob: He's incredibly dangerous to your business.
Enterprise security teams have a namesake job to do – secure their organizations – but it does not have to come at the expense of their colleague’s privacy. How, then, do organizations balance the requirements and expectations of both sides and keep their data secure while ensuring that the company refrains from violating privacy laws?
Could you spot a phishing attack if and when it crosses your inbox? What about your colleagues? Your executive staff and mangers that hold the keys to the kingdom? Read on to explore the anatomy of a phishing email and how to avoid falling prey to these attacks.
There’s an old joke in the community that there is no patch for the user – technology can be fixed, but human mistakes cannot be overcome. In this new An InfoSec Life article, Joseph Pindar shares his beliefs that peoples’ actions aren’t a problem that can be easily dismissed with a joke.
People go to work to do their job. They have meetings to attend, calls to make, tasks to complete, quotas to reach, and much more. So they can’t be bothered with worrying about information security. However, their habits – good and bad, innocent or malicious – are putting their employer’s business at risk. All it takes is one poorly made decision, or maybe even the lack of a decision in many cases, to damage or even destroy a business.
Ahhh yes, our employees. We love them dearly, but sometimes they do things that put the company at risk of a data breach or other cyber attack. I reached out to the InfoSec community to help me capture some of the more common scenarios and troubling cases where employees could cause a company harm, both unknowingly and maliciously.
There are plenty of security solutions designed to secure the fences that are the first line of defense in most organizations, but what about the threat from within? Expert Ameesh Divatia looks at why insider threats are the next big security challenge.
Network engineers are forced to keep up with the complexities and changes brought by hybrid clouds, containers, SDN and other developments. Throw the human element into the mix, and you have a recipe for outages and vulnerabilities. Expert Sajid Awan explains the significance of key findings from a global study conducted by Dimensional Research and what they mean for networks.
Many SMB employees out there put themselves – and their sensitive data – in harm’s way because they are unaware of the risks and the proper security measures to take. In fact, in many data breach cases, human error is often the culprit.
Jamison Utter explores the relationship between business values and cybersecurity; a look at the impact of business models being too concerned with bottom lines, stock prices, and shareholder expectations.
Psychology skills are supplanting technical skills as a critical hacker skill. "A culture of security is in place when rhetoric is replaced with action," says Gene Fredriksen CISM, CRISC and VP & CISO, PSCU.
‘Compliance does not equal security’ was the mantra of this session called Two-Factor Isn’t Enough – We Show You Why. Ryan Rowcliffe of SecureAuth reminded us that merely having a two-factor authentication technology in place isn’t nearly safe enough because when it comes to convenience, people will almost always eschew security measures.
When the weakest link in a business’ IT security is “end users who…are too easily fooled by social engineering attacks,” how do you protect your organization? Here are two studies that show just how foolish people can be.
Cybersecurity only works if you actually implement it – otherwise, it’s like having a state-of-the art alarm system on your house but then leaving the bedroom window open for fresh air. Unfortunately, the weakest link in the security chain comes down to the end users.