Tuesday, March 19, 2019

Does GDPR compliance reduce breach risk?

Compliance can be costly and often feels more like red tape and a barrier to business than anything that provides a benefit. A report by EY and the International Association of Privacy Professionals (IAPP) estimates that organizations have spend...

Cyber risk management challenges are impacting the business

There was quite a bit of banter about boardroom cybersecurity actions at this year’s RSA Security Conference. No surprise here; business executives understand what’s at stake and are asking CISOs to provide more cyber risk data and metrics, so...

12 tips for effectively presenting cybersecurity to the board

Cybersecurity is a top concern for boards of directors.To read this article in full, please click here(Insider Story)

IDG Contributor Network: Huawei and Apple smartphones are both made in China – why is only one banned in Australia?

It feels like there is no more controversial brand in the tech industry right now than Huawei.The Chinese telco giant was recently banned by Australia from participating in their 5G network rollout amidst national security concerns, and its CFO—Meng...

Ransomware attack drives city to seek greater network visibility into cyber threats

Local governments have been under siege from ransomware attacks in recent years. Colorado announced a state of emergency and called in the National Guard’s cyber team to help after its Department of Transportation was hit with SamSam ransomware in...

3 ways to monitor encrypted network traffic for malicious activity

Security experts have been screaming at you for years to encrypt all network traffic. They have a point: Making a secure configuration the default configuration is an obviously good idea. Both the standards and products that implement encryption are...

IDG Contributor Network: Cybersecurity education in the age of acceleration

This is a story of how a career setback turned out to be a setup for something bigger.It was the year 2000, and I had just gone through a layoff. I was a network engineer and felt I needed...

Self-sovereign identity: 3 key questions

If you work in the area of identity you will have noticed a lot of talk about self-sovereign identity (SSI).  As a concept, it applies the goal of placing the user at the center of digital identity management and...

Security executives on the move and in the news

The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for...

My two favorite companies from RSA Conference 2019

I’ve got a confession to make. I’ve never attended an RSA Conference before last week. For RSAC 2019, however, I had the honor of giving one of my favorite presentations, 12 Ways to Hack 2FA. The crowd filled the...

Congress steers clear of industrial control systems cybersecurity

Rule number one about legislation affecting the cybersecurity of industrial control systems (ICS) is that no one talks about legislation affecting the cybersecurity of ICS. At least it seems that way based on a number of attempts to get...

BrandPost: Digital Convergence’s Impact on OT Security

There’s an old expression that says, “when it rains it pours.” This has never been more true than the current impact of digital transformation on security teams charged with protecting IT and OT networks. Today’s CSOs and CISOs find...

Windows security updates that require new registry keys

Windows computers and servers update on a monthly basis. Most of these updates are self-installing and need no other interaction. Sometimes, though, you need to add registry keys to enable or disable additional security settings. I discussed the additional...

City of Raleigh implements ICS monitoring tool for water treatment plants

Asking small municipalities to defend themselves against nation-state adversaries is a tall order, but it all begins with the basics of cybersecurity — the "blocking and tackling" — Steve Worley, SCADA security manager for Raleigh, NC, tells CSO. That...

BrandPost: Flaw Fix Rates Are Low – How Can They Be Improved?

In this episode we discuss the latest findings on flaw fix rates in enterprises. Chris Eng, Vice President of Research, Veracode, offers perspective on what figures in the State of Software Security report reveal about the troubling amount of...

IDG Contributor Network: Top 5 solutions to reduce ‘cyber friction’

I recently helped my son build his first pine wood derby car. He took second place out of a field of ~60 cars. The secret of taking a block of wood, four nails and cheap plastic wheels is reducing...

IDG Contributor Network: Navigating a challenging cybersecurity skills landscape

As much as tools and technology evolve in the cybersecurity industry, organizations remain reliant on clever, well-trained humans with incisive critical thinking skills to protect themselves from the perilous cyber threat landscape. But just as the threat landscape continues...

What is quantum cryptography? It’s no silver bullet, but could improve security

Quantum cryptography definition Quantum cryptography, also called quantum encryption, applies principles of quantum mechanics to encrypt messages in a way that it is never read by anyone outside of the intended recipient. It takes advantage of quantum’s multiple states, coupled...

The buzz at RSA 2019: Cloud security, network security, managed services and more

Like many other cybersecurity professionals, I spent last week at the RSA security conference in rainy San Francisco. Here are a few of my impressions:Cybersecurity and business leaders are coming together – awkwardly. Remember when we used to wish...

7 hot cybersecurity trends (and 4 going cold)

The whole tech industry is dynamic and constantly changing. And if you're in IT security, you're in a unique position that the changes can be forced upon you by techniques developed by malicious hackers. That means that there's always...
SC Magazine

Norwegian aluminum producer Norsk Hydro hit by an unspecified cyberattack

Norwegian aluminum producer Norsk Hydro was hit by a cyber attack which began Monday evening and escalated into the night. The Norwegian National Security Authority (NSM) declined to comment on what type of attack it was but said the extent...
SC Magazine

Glitch exposes Sprint customer data to other users

A bug has allowed some Sprint customers to see the personal data of other customers from their online accounts. The information visible includes names, cell phone numbers as well as calls made by other users and, and a Tech Crunch report cited...

6 Ways Mature DevOps Teams Are Killing It in Security

New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
The Register

Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled

Norway the power and metals wrangler could have seen this one coming Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware infection on its computers.…

Old Tech Spills Digital Dirt on Past Owners

Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.