News & Commentary

If you're just getting on the EU General Data Protection Regulation bandwagon, here's where you should begin.

How Systematic Lying Can Improve Your Security

Commentary | 10/11/2017 |

No, you don't have to tell websites your mother's actual maiden name.

Why Your Business Must Care about Privacy

Commentary | 9/26/2017 |

It might not have something to hide, but it definitely has something to protect.

SecureAuth to Merge with Core Security

News | 9/20/2017 |

K1 Investment Management, which owns Core Security, plans to acquire the identity management and authentication company for more than $200 million.

GDPR & the Rise of the Automated Data Protection Officer

Commentary | 9/19/2017 |

Can artificial intelligence and machine learning solve the skills shortage as the EU's General Data Protection Regulation deadline approaches?

How Apple's New Facial Recognition Technology Will Change Enterprise Security

Commentary | 9/19/2017 |

Expect a trickle-down effect, as tech similar to Face ID becomes offered outside of Apple.

Workplace IoT Puts Companies on Notice for Smarter Security

Commentary | 9/6/2017 |

Blacklisting every "thing" in sight and banning connections to the corporate network may sound tempting, but it's not a realistic strategy.

The Active Directory Botnet

Dark Reading Videos | 8/30/2017 |

It's a nightmare of an implementation error with no easy fix. Ty Miller and Paul Kalinin explain how and why an attacker could build an entire botnet inside your organization.

New York's Historic FinSec Regulation Covers DDoS, Not Just Data

News | 8/28/2017 |

Starting today, New York banks and insurers must report to authorities within 72 hours on any security event that has a 'reasonable likelihood' of causing material harm to normal operations.

GoT & the Inside Threat: Compromised Insiders Make Powerful Adversaries

Commentary | 8/24/2017 |

13 comments

What Game of Thrones' Arya Stark and the Faceless Men can teach security pros about defending against modern malware and identity theft.

Risky Business: Why Enterprises Can’t Abdicate Cloud Security

Commentary | 8/7/2017 |

It's imperative for public and private sector organizations to recognize the essential truth that governance of data entrusted to them cannot be relinquished, regardless of where the data is maintained.

Dark Reading News Desk Live at Black Hat USA 2017

Commentary | 7/27/2017 |

4 comments

Over 40 interviews streaming live right from Black Hat USA, July 26-27, from 2 p.m. - 7 p.m. Eastern Time (11 - 4 P.T.).

Healthcare Industry Lacks Awareness of IoT Threat, Survey Says

News | 7/20/2017 |

10 comments

Three-quarters of IT decision makers report they are "confident" or "very confident" that portable and connected medical devices are secure on their networks.

4 Steps to Securing Citizen-Developed Apps

Commentary | 7/19/2017 |

Low- and no-code applications can be enormously helpful to businesses, but they pose some security problems.

AWS S3 Breaches: What to Do & Why

Commentary | 7/17/2017 |

Although basic operations in Amazon's Simple Storage Services are (as the name implies) - simple - things can get complicated with access control and permissions.

The High Costs of GDPR Compliance

Commentary | 7/11/2017 |

Looming, increasingly strict EU privacy regulations are pushing privacy spending to the top of IT priorities and budgets.

Avoiding the Dark Side of AI-Driven Security Awareness

Commentary | 7/5/2017 |

Can artificial intelligence bring an end to countless hours of boring, largely ineffective user training? Or will it lead to a surveillance state within our information infrastructures?

8 Things Every Security Pro Should Know About GDPR

Slideshows | 6/30/2017 |

Organizations that handle personal data on EU citizens will soon need to comply with new privacy rules. Are you ready?

Defining Security: The Difference Between Safety & Privacy

Commentary | 6/28/2017 |

Words matter, especially if you are making a case for new security measures, state-of-the-art technology or personnel.

WannaCry Blame Game: Why Delayed Patching is Not the Problem

Commentary | 6/27/2017 |

While post mortems about patching, updating, and backups have some value, the best preventative security controls are increased understanding and knowledge.

WannaCry? You’re Not Alone: The 5 Stages of Security Grief

Commentary | 6/22/2017 |

10 comments

As breach after breach hits the news, security professionals cope with the classic experiences of denial, anger, bargaining, depression, and acceptance.

Microsoft, Accenture Team up on Blockchain for Digital ID Network

Quick Hits | 6/19/2017 |

Microsoft and Accenture use blockchain tech to build a digital ID network, which will help give legal identification to 1.1 billion people without official documents.

Climbing the Security Maturity Ladder in Cloud

Commentary | 6/15/2017 |

These five steps will insure that you achieve the broadest coverage for onboarding your most sensitive workloads.

Why Compromised Identities Are IT’s Fault

Commentary | 6/7/2017 |

The eternal battle between IT and security is the source of the problem.

Securely Managing Employee Turnover: 3 Tips

Commentary | 6/5/2017 |

Don't let the process spiral into organizational chaos. Here are steps you can take to keep your company safe.

DNS Is Still the Achilles’ Heel of the Internet

Partner Perspectives | 6/1/2017 |

Domain Name Services is too important to do without, so we better make sure it’s reliable and incorruptible

The Case for Disclosing Insider Breaches

Commentary | 5/31/2017 |

Too often organizations try to sweep intentional, accidental or negligent employee theft of data under the rug. Here’s why they shouldn’t.

You Have One Year to Make GDPR Your Biggest Security Victory Ever

News | 5/25/2017 |

14 comments

The EU's new razor-toothed data privacy law could either rip you apart or help you create the best security program you've ever had. Here's how.

Data Security & Privacy: The Risks of Not Playing by the Rules

Commentary | 5/24/2017 |

Achieving compliance is a complex and challenging process. But with the right systems and policies, you can stay ahead of the next data breach — and the regulators.

In Search of an Rx for Enterprise Security Fatigue

Commentary | 5/22/2017 |

Are you exhausted by the vast number of measures your organization needs to keep its systems and data safe? You're not alone.

Deconstructing the 2016 Yahoo Security Breach

Commentary | 5/19/2017 |

One good thing about disasters is that we can learn from them and avoid repeating the same mistakes. Here are five lessons that the Yahoo breach should have taught us.

The Fundamental Flaw in TCP/IP: Connecting Everything

Commentary | 5/17/2017 |

4 comments

Almost 30 years after its inception, it's time to fix the engine that both fuels the modern day Internet and is the root cause of its most vexing security challenges.

Your Grandma Could Be the Next Ransomware Millionaire

Commentary | 5/15/2017 |

3 comments

Today's as-a-service technology has democratized ransomware, offering practically anyone with a computer and an Internet connection an easy way to get in on the game.

Shining a Light on Security’s Grey Areas: Process, People, Technology

Commentary | 5/9/2017 |

The changing distributed and mobile business landscape brings with it new security and privacy risks. Here’s how to meet the challenge.

Backdoors: When Good Intentions Go Bad

Commentary | 5/5/2017 |

Requiring encrypted applications to provide backdoors for law enforcement will weaken security for everyone.

Why OAuth Phishing Poses A New Threat to Users

Commentary | 5/4/2017 |

Credential phishing lets attackers gain back-end access to email accounts, and yesterday's Google Docs scam raises the risk to a new level.

Google Docs Phishing Attack Abuses Legitimate Third-Party Sharing

Quick Hits | 5/3/2017 |

Phishing messages appear nearly identical to legitimate requests to share Google documents, because in many ways, they are.

Users Overshare Sensitive Enterprise Data

News | 4/20/2017 |

Survey finds nearly half of the employees trained to protect sensitive data engage in risky security practices.

Google Won't Trust Symantec and Neither Should You

Commentary | 4/19/2017 |

As bad as this controversy is for Symantec, the real damage will befall the company and individual web sites deemed untrustworthy by a Chrome browser on the basis of a rejected Symantec certificate.

Man Admits Hacking into His Former Employer's Network

Quick Hits | 4/17/2017 |

Tennessee man pleads guilty in federal court, acknowledging he illegally accessed his former employer's networks to gain an edge over his rival.

6 New Security Startups Named to MACH37 Spring Cohort

Slideshows | 4/15/2017 |

The companies selected this year include technical talent that draws from Silicon Valley to Hungary and Western Europe.

Health Savings Account Fraud: The Rapidly Growing Threat

Commentary | 4/14/2017 |

As income tax season comes to a close, financially-motivated cybercriminals are honing new tactics for monetizing medical PII.

How Innovative Companies Lock Down Data

Commentary | 4/12/2017 |

A mix of back-to-basics security and a set of new, data-centric best practices is key to defending against a future of growing and sophisticated cyberattacks.

The New Shadow IT: Custom Data Center Applications

Commentary | 4/7/2017 |

3 comments

If you think you’ve finally gotten control of unsanctioned user apps, think again. The next wave of rogue apps is on its way from your data center to the cloud.

OSX.Dok: New & Sophisticated Mac Malware Strikes

Partner Perspectives | 4/7/2017 |

Phishing-deployed malware can capture account credentials for any website users log into.

11 UK Charities Punished for Violating Data Privacy Law

Quick Hits | 4/6/2017 |

Organizations fined between £6,000 and £18,000 by UK’s Information Commissioner’s Office.

ADP CISO Offers Tips to Leverage Security to Grow the Business

News | 4/4/2017 |

Savvy CISOs would do their companies a favor by broadly integrating security across the organization, a move that can yield greater revenues, cost savings and an entry into new markets.

The Business of Security: How your Organization Is Changing beneath You

Commentary | 3/30/2017 |

And why it’s your job to change with it and ‘skate where the puck is headed.’

To Gain Influence, CISOs Must Get Security's Human Element Right

Commentary | 3/29/2017 |