Thursday, July 19, 2018

Why the Best Defense Is a Good Offensive Security Strategy

When many people think about offensive security, they picture a mysterious figure wearing a hoodie, sitting behind a black-and-green terminal, diligently typing away as he probes enterprise networks. But the cybersecurity world has evolved well beyond this Hollywood hacker...

What’s On the Horizon for SIEM Technology? Five Upcoming Innovations in Security Analytics

All solutions evolve over time as new technologies are introduced and market shifts occur — and security information and event management (SIEM) is no exception. The most recent changes in SIEM technology are driven by increased cloud adoption, the...

Digital Strategy Isn’t Meeting Security Needs — Here’s What to Do

We are in the midst of a digital transformation. And yet, IT departments are struggling to develop a digital strategy that addresses data privacy and cybersecurity. In a world where the General Data Protection Regulation (GDPR) is now in...

How to Navigate Business Ethics in a Data-Hungry Digital World

In this data-hungry world, high-profile breaches continue to make headlines. As global corporations and technology giants continue to collect enormous amounts of personal information, legislators and consumers are starting to ask pointed questions about business ethics. Even when companies aren’t...

How the IBM X-Force IRIS Cyberattack Framework Helps Security Teams Reduce Risk at All Levels

This article is the first installment in a three-part series about cyberattack preparation and execution. Stay tuned to learn more. Security teams need guidance to better understand, track and defend against patterns of malicious behavior, which will help them contend...

Key Questions for Effective Cyber Risk Management From the ISO 31000:2018

The implementation of a risk-management process requires a significant investment of time, energy and resources from any organization. But how can those tasked with managing cyber risk ensure the investment worthwhile and effective? The International Standards Organization (ISO) put forth...

Move Over, Ransomware: Why Cybercriminals Are Shifting Their Focus to Cryptojacking

According to the 2018 IBM X-Force Threat Intelligence Index, the frequency and sophistication of malicious cryptocurrency mining, also called “cryptojacking,” has increased drastically in the past year. This mining is changing malicious actors’ priorities: While they had previously targeted...

As Seen on TV: Important Lessons for Winning the Fight Against Cybercrime

In recent years, we’ve seen ample evidence of our collective cybersecurity failures. But we still haven’t learned the most important lessons. To start, there is no silver bullet — no single technological fix. What’s more, while cybercriminals have been coordinating...

How Multifactor Authentication Can Help U.S. Government Contractors Achieve DFARS Compliance

To say that organizations today are concerned about cybersecurity would be a gross understatement. Every time we turn around, there are reports of incidents where cybercriminals have either gamed a global social media tool or compromised a corporate customer...

How Can an ISAC Improve Cybersecurity and Resilience?

Sharing computer security threat information is now an established practice in IT. Whether automatically or manually, the primary motivator to pool resources is to improve your own capabilities and those of your peers for responding to security threats and...

Security Analysts Are Overworked, Understaffed and Overwhelmed — Here’s How AI Can Help

Times are tough for security analysts. In addition to the growing industrywide talent shortage, the threat landscape is expanding in both volume and sophistication — and security teams lack the resources they need to keep up. To some extent, static...

Think You’ve Got Nothing to Hide? Think Again — Why Data Privacy Affects Us All

We all hear about privacy, but do we really understand what this means? According to privacy law expert Robert B. Standler, privacy is “the expectation that confidential personal information disclosed in a private place will not be disclosed to...

Understanding SIEM Technology: How to Add Value to Your Security Intelligence Implementation

Security information and event management (SIEM) technology has been around for more than a decade — and the market is growing by the minute. So, it may seem strange that so many organizations lack a proper understanding of what a...

Why It’s Time to Cross Out the Checklist Approach to Vendor Security

It’s such a great feeling to check a box on your vendor security checklist. You establish a relationship with a third party — check! You meet another regulatory requirement — check! Once you’ve marked down every item and an...

Calculating the Cost of a Data Breach in 2018, the Age of AI and the IoT

Businesses run on risk: They take a chance, place their bets in the marketplace and often reap great rewards. But when thinking about the cost of a data breach, you may wonder about the price for your company and...

Why the Best Defense Is a Good Offensive Security Strategy

When many people think about offensive security, they picture a mysterious figure wearing a hoodie, sitting behind a black-and-green terminal, diligently typing away as he probes enterprise networks. But the cybersecurity world has evolved well beyond this Hollywood hacker...

Google hit with $5.1b fine in EU’s Android antitrust case

This could mean the end of free Android. In the meantime, Google plans to appeal.

Privacy Advocates Say Kelsey Smith Act Gives Police Too Much Power

This bill making its way through Congress would allow law enforcement to more easily uncover location data for cell phones from mobile carriers in an emergency.

IDG Contributor Network: Hack like a CISO

I have written several times over the last couple of years about how the role of today’s CISOs have changed and are now more tuned to support business activities and the management of enterprise risk. Serving an organization as...

Cisco patches critical vulnerabilities in Policy Suite

One of the worst security flaws permits attackers to act as root and execute arbitrary code.