News & Commentary

The issue for cloud adopters is no longer where your data sits in AWS, on-premises, Azure, Salesforce, or what have you. The important questions are: Who has access to it, and how is it protected?

6 Security Training Hacks to Increase Cyber IQ Org-Wide

Slideshows | 9/21/2018 |

Move beyond generic, annual security awareness training with these important tips.

Turn the NIST Cybersecurity Framework into Reality: 5 Steps

Commentary | 9/20/2018 |

Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.

WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication

Commentary | 9/19/2018 |

5 comments

New standards offer protection against hacking, credential theft, phishing attacks, and hope for the end of an era of passwords as a security construct.

The Top 5 Security Threats & Mitigations for Industrial Networks

Commentary | 9/18/2018 |

While vastly different than their IT counterparts, operational technology environments share common risks and best practices.

New Study Details Business Benefits of Biometrics

Quick Hits | 9/12/2018 |

Biometric authentication can be good for security and for business, according to a new study from Goode Intelligence

Machine Identities Need Protection, Too

Quick Hits | 8/31/2018 |

A new study shows that device identities need a level of protection that they're not getting from most organizations.

4 Benefits of a World with Less Privacy

Commentary | 8/30/2018 |

5 comments

The privacy issue is a problem for a lot of people. I see it differently.

How One Company’s Cybersecurity Problem Becomes Another's Fraud Problem

Commentary | 8/29/2018 |

8 comments

The solution: When security teams see something in cyberspace, they need to say something.

A False Sense of Security

Commentary | 8/24/2018 |

Emerging threats over the next two years stem from biometrics, regulations, and insiders.

The Votes Are In: Election Security Matters

Commentary | 8/22/2018 |

Three ways to make sure that Election Day tallies are true.

How to Gauge the Effectiveness of Security Awareness Programs

Commentary | 8/21/2018 |

If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.

Make a Wish: Dark Reading Caption Contest Winners

Commentary | 8/18/2018 |

Certification, endpoint security, 2FA, phishing, and PII were among the themes and puns offered by readers in our latest cartoon caption competition. And the winners are ...

The 5 Challenges of Detecting Fileless Malware Attacks

Commentary | 8/17/2018 |

Simply applying file-based tools and expectations to fileless attacks is a losing strategy. Security teams must also understand the underlying distinctions between the two.

Shadow IT: Every Company's 3 Hidden Security Risks

Commentary | 8/7/2018 |

Companies can squash the proliferation of shadow IT if they listen to employees, create transparent guidelines, and encourage an open discussion about the balance between security and productivity.

How GDPR Could Turn Privileged Insiders into Bribery Targets

Commentary | 8/2/2018 |

Regulatory penalties that exceed the cost of an extortion payout may lead to a new form of ransomware. These four steps can keep you from falling into that trap.

Every Week Is Shark Week in Cyberspace

Commentary | 7/27/2018 |

7 comments

Your data, identities, and credentials are cyber chum. Here's how to protect yourself from the feeding frenzy.

London Calling with New Strategies to Stop Ransomware

Commentary | 7/23/2018 |

The new London Protocol from the Certificate Authority Security Council/Browser Forum aims to minimize the possibility of phishing activity on high-value identity websites.

The Fundamental Flaw in Security Awareness Programs

Commentary | 7/19/2018 |

It's a ridiculous business decision to rely on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, or nation-state.

Beyond Passwords: Why Your Company Should Rethink Authentication

Commentary | 7/19/2018 |

Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here's how to get started.

India Telecom Regulator: Users Have Primary Data Rights

Quick Hits | 7/16/2018 |

Organizations 'should be restrained from using metadata to identify individual users,' says the Telecom Regulatory Authority of India.

Reactive or Proactive? Making the Case for New Kill Chains

Commentary | 7/6/2018 |

Classic kill chain models that aim to find and stop external attacks don't account for threats from insiders. Here what a modern kill chain should include.

White House Email Security Faux Pas?

Commentary | 6/22/2018 |

The Executive Office of the President isn't complying with the DMARC protocol, but that has fewer implications than some headlines would suggest.

Inside a SamSam Ransomware Attack

Commentary | 6/20/2018 |

Here's how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.

3 Tips for Driving User Buy-in to Security Policies

Commentary | 6/18/2018 |

Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.

Dark Reading Launches Second INsecurity Conference

News | 6/5/2018 |

To be held in Chicago Oct. 23-25, defense-focused conference will feature closed-door discussions, co-resident Black Hat Training sessions

Fortinet Completes Bradford Networks Purchase

Quick Hits | 6/4/2018 |

NAC and security firm added to Fortinet's portfolio.

5 Tips for Protecting SOHO Routers Against the VPNFilter Malware

Slideshows | 6/2/2018 |

Most home office users need to simply power cycle their routers and disable remote access; enterprises with work-at-home employees should move NAS behind the firewall.

The Good News about Cross-Domain Identity Management

Commentary | 5/31/2018 |

Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.

Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours

Commentary | 5/31/2018 |

The situation Facebook is in should be prompting all security teams to evaluate just how defenseless or protected the people in their organizations are.

6 Security Investments You May Be Wasting

Slideshows | 5/31/2018 |

Not all tools and services provide the same value. Some relatively low-cost practices have a major payoff while some of the most expensive tools make little difference.

6 Ways Third Parties Can Trip Up Your Security

Slideshows | 5/29/2018 |

Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems

GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?

News | 5/25/2018 |

14 comments

The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.

GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'

Commentary | 5/22/2018 |

There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.

Why Isn't Integrity Getting the Attention It Deserves?

Commentary | 5/17/2018 |

A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.

6 Enterprise Password Managers That Lighten the Load for Security

Slideshows | 5/3/2018 |

EPMs offer the familiar password wallet with more substantial administrative management and multiple deployment models.

Spring Clean Your Security Systems: 6 Places to Start

Commentary | 5/2/2018 |

The sun is shining and you have an extra kick in your step. Why not use that newfound energy to take care of those bothersome security tasks you've put off all winter?

'Zero Login:' The Rise of Invisible Identity

Commentary | 4/27/2018 |

Will new authentication technologies that recognize users on the basis of their behaviors finally mean the death of the despised password?

12 Trends Shaping Identity Management

Slideshows | 4/26/2018 |

As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'

Despite Risks, Nearly Half of IT Execs Don't Rethink Cybersecurity after an Attack

Commentary | 4/25/2018 |

6 comments

A recent survey reveals a troubling degree of security inertia lurking among scores of organizations. But there are a few bright spots.

Biometrics Are Coming & So Are Security Concerns

Commentary | 4/20/2018 |

Could these advanced technologies be putting user data at risk?

8 Ways Hackers Monetize Stolen Data

Slideshows | 4/17/2018 |

Hackers are craftier than ever, pilfering PII piecemeal so bad actors can combine data to set up schemes to defraud medical practices, steal military secrets and hijack R&D product information.

20 Ways to Increase the Efficiency of the Incident Response Workflow

Commentary | 4/10/2018 |

Despite all the good intentions of some great security teams, we are still living in a "cut-and-paste" incident management world.

Protect Yourself from Online Fraud This Tax Season

Commentary | 4/6/2018 |

Use these tips to stay safe online during everyone's least-favorite time of the year.

One-Third of Internal User Accounts Are 'Ghost Users'

News | 4/4/2018 |

Attackers and malware can easily move laterally through an organization, thanks to inadequate access controls on file systems and a proliferation of inactive but enabled users.

Francisco Partners Buys Bomgar

Quick Hits | 4/3/2018 |

Private equity firm Francisco Partners plans to acquire Bomgar, a privileged access and identity management company.

Deconstructing the DOJ Iranian Hacking Indictment

Commentary | 3/29/2018 |

The alleged attackers used fairly simple tools, techniques and procedures to compromise a new victim organization on an almost weekly basis for over five years.

A Data Protection Officer's Guide to the GDPR Galaxy

Commentary | 3/19/2018 |

Impending deadline got you freaking out? These five tips might help you calm down, at least a little.

Voice-Operated Devices, Enterprise Security & the 'Big Truck' Attack

Commentary | 3/15/2018 |

The problem with having smart speakers and digital assistants in the workplace is akin to having a secure computer inside your office while its wireless keyboard is left outside for everyone to use.

Segmentation: The Neglected (Yet Essential) Control

Commentary | 3/14/2018 |