News & Commentary

The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.

Insider Threats & Insider Objections

Commentary | 12/7/2018 |

The ‘tyranny of the urgent’ and three other reasons why it’s hard for CISOs to establish a robust insider threat prevention program.

Republican Committee Email Hacked During Midterms

Quick Hits | 12/5/2018 |

The National Republican Congressional Committee detected the compromise of four staffers' email accounts in April.

6 Ways to Strengthen Your GDPR Compliance Efforts

Slideshows | 12/5/2018 |

Companies have some mistaken notions about how to comply with the new data protection and privacy regulation – and that could cost them.

Another Microsoft MFA Outage Affects Multiple Services

Quick Hits | 11/27/2018 |

Once again, multifactor authentication issues have caused login problems for users across Office 365 and Azure, among other services.

8 Tips for Preventing Credential Theft Attacks on Critical Infrastructure

Commentary | 11/27/2018 |

Stolen credentials for industrial control system workstations are fast becoming the modus operandi for ICS attacks by cybercriminals.

Empathy: The Next Killer App for Cybersecurity?

Commentary | 11/13/2018 |

The toughest security problems involve people not technology. Here's how to motivate your frontline employees all the way from the service desk to the corner office.

Guilty Plea Made in Massive International Cell Phone Fraud Case

Quick Hits | 11/9/2018 |

A former West Palm Beach resident is the fifth defendant to plead guilty in a case involving thousands of victims.

Why Password Management and Security Strategies Fall Short

News | 11/7/2018 |

Researchers say companies need to rethink their password training and take a more holistic approach to security.

Where Is the Consumer Outrage about Data Breaches?

Commentary | 11/1/2018 |

4 comments

Facebook, Equifax, Cambridge Analytica … Why do breaches of incomprehensible magnitude lead to a quick recovery for the businesses that lost or abused the data and such little lasting impact for the people whose information is stolen.

FIFA Reveals Second Hack

Quick Hits | 11/1/2018 |

Successful phishing campaign leads attackers to confidential information of world soccer's governing body.

Companies Fall Short on 2FA

Quick Hits | 10/30/2018 |

New research ranks organizations based on whether they offer two-factor authentication.

The Case for MarDevSecOps

Commentary | 10/30/2018 |

11 comments

Why security must lead the integration of marketing into the collaborative security and development model in the cloud.

10 Steps for Creating Strong Customer Authentication

Commentary | 10/30/2018 |

Between usability goals and security/regulatory pressures, setting up customer-facing security is difficult. These steps and best practices can help.

Securing Severless: Defend or Attack?

Commentary | 10/25/2018 |

The best way to protect your cloud infrastructure is to pay attention to the fundamentals of application security, identity access management roles, and follow configuration best-practices.

Gartner Experts Highlight Tech Trends – And Their Security Risks

News | 10/22/2018 |

Security must be built into systems and applications from the beginning of the design process, they agreed.

Risky Business: Dark Reading Caption Contest Winners

Commentary | 10/19/2018 |

Phishing, anti-shoulder surfing, Russia and other hysterical identity management puns and comments. And the winners are ...

Window Snyder Shares Her Plans for Intel Security

News | 10/11/2018 |

The security leader, known for her role in securing Microsoft, Apple, and Mozilla, discusses her new gig and what she's working on now.

Not All Multifactor Authentication Is Created Equal

Commentary | 10/11/2018 |

Users should be aware of the strengths and weaknesses of the various MFA methods.

Who Do You Trust? Parsing the Issues of Privacy, Transparency & Control

Commentary | 10/5/2018 |

Technology such as Apple's device trust score that decides "you" is “not you” is a good thing. But only if it works well.

California Enacts First-in-Nation IoT Security Law

Quick Hits | 10/1/2018 |

The new law requires some form of authentication for most connected devices.

FBI IC3 Warns of RDP Vulnerability

Quick Hits | 9/28/2018 |

Government agencies remind users that RDP can be used for malicious purposes by criminal actors.

The Cloud Security Conundrum: Assets vs. Infrastructure

Commentary | 9/25/2018 |

The issue for cloud adopters is no longer where your data sits in AWS, on-premises, Azure, Salesforce, or what have you. The important questions are: Who has access to it, and how is it protected?

Account Takeover Attacks Become a Phishing Fave

Quick Hits | 9/20/2018 |

More than three-quarters of ATOs resulted in a phishing email, a new report shows.

WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication

Commentary | 9/19/2018 |

5 comments

New standards offer protection against hacking, credential theft, phishing attacks, and hope for the end of an era of passwords as a security construct.

The Top 5 Security Threats & Mitigations for Industrial Networks

Commentary | 9/18/2018 |

While vastly different than their IT counterparts, operational technology environments share common risks and best practices.

IoT Threats Triple Since 2017

Quick Hits | 9/18/2018 |

Rapidly evolving malware is posing an ever-greater threat to the IoT – and business users of the Internet.

Military, Government Users Just as Bad About Password Hygiene as Civilians

News | 9/14/2018 |

New report comes out just as group of US senators chastise Secretary of State Mike Pompeo for not using multifactor authentication.

4 Trends Giving CISOs Sleepless Nights

Commentary | 9/12/2018 |

IoT attacks, budget shortfalls, and the skills gap are among the problems keeping security pros up at night.

4 Practical Measures to Improve Election Security Now

Commentary | 9/11/2018 |

It's more critical than ever for states to protect our democratic system and voting infrastructure from foreign cyber espionage.

Authentication Grows Up

News | 9/4/2018 |

Which forms of multi-factor authentication (MFA) are working, which are not, and where industry watchers think the market is headed.

How to Gauge the Effectiveness of Security Awareness Programs

Commentary | 8/21/2018 |

If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.

Shadow IT: Every Company's 3 Hidden Security Risks

Commentary | 8/7/2018 |

Companies can squash the proliferation of shadow IT if they listen to employees, create transparent guidelines, and encourage an open discussion about the balance between security and productivity.

IT Managers: Are You Keeping Up with Social-Engineering Attacks?

Commentary | 8/6/2018 |

Increasingly sophisticated threats require a mix of people, processes, and technology safeguards.

Is SMS 2FA Enough Login Protection?

News | 8/3/2018 |

Experts say Reddit breach offers a prime example of the risks of depending on one-time passwords sent via text.

London Calling with New Strategies to Stop Ransomware

Commentary | 7/23/2018 |

The new London Protocol from the Certificate Authority Security Council/Browser Forum aims to minimize the possibility of phishing activity on high-value identity websites.

Beyond Passwords: Why Your Company Should Rethink Authentication

Commentary | 7/19/2018 |

Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here's how to get started.

Bomgar Acquires Avecto

Quick Hits | 7/10/2018 |

Purchase adds layers to privileged access management system.

Reactive or Proactive? Making the Case for New Kill Chains

Commentary | 7/6/2018 |

Classic kill chain models that aim to find and stop external attacks don't account for threats from insiders. Here what a modern kill chain should include.

Consumers Rank Security High in Payment Decisions

Quick Hits | 7/3/2018 |

Security is a top priority when it comes to making decisions on payment methods and technologies.

iOS 12 2FA Feature May Carry Bank Fraud Risk

Quick Hits | 7/2/2018 |

Making two-factor authentication faster could also make it less secure.

10 Tips for More Secure Mobile Devices

Slideshows | 6/27/2018 |

Mobile devices can be more secure than traditional desktop machines - but only if the proper policies and practices are in place and in use.

Secure Code: You Are the Solution to Open Source’s Biggest Problem

Commentary | 6/25/2018 |

Seventy-eight percent of open source codebases examined in a recent study contain at least one unpatched vulnerability, with an average of 64 known vulnerabilities per codebase.

Inside a SamSam Ransomware Attack

Commentary | 6/20/2018 |

Here's how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.

3 Tips for Driving User Buy-in to Security Policies

Commentary | 6/18/2018 |

Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.

Survey Shows Florida at the Bottom for Consumer Cybersecurity

News | 6/6/2018 |

A new survey shows that residents of the Sunshine State engage in more risky behavior than their counterparts in the other 49 states.

Fortinet Completes Bradford Networks Purchase

Quick Hits | 6/4/2018 |

NAC and security firm added to Fortinet's portfolio.

5 Tips for Protecting SOHO Routers Against the VPNFilter Malware

Slideshows | 6/2/2018 |

Most home office users need to simply power cycle their routers and disable remote access; enterprises with work-at-home employees should move NAS behind the firewall.

The Good News about Cross-Domain Identity Management

Commentary | 5/31/2018 |

Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.

Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours

Commentary | 5/31/2018 |