Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Zero-Factor Authentication: Owning Our Data
Are you asking the right questions to determine how well your vendors will protect your data? Probably not.
Don't Let Iowa Bring Our Elections Back to the Stone Age
The voting experience should be the same whether the vote is in person, by mail, or over the Internet. Let's not allow one bad incident stop us from finding new ways to achieve this.
Cyber Fitness Takes More Than a Gym Membership & a Crash Diet
Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.
5 Common Errors That Allow Attackers to Go Undetected
Make these mistakes and invaders might linger in your systems for years.
Why Ransomware Will Soon Target the Cloud
As businesses' daily operations become more dependent on cloud services, ransomware authors will follow to maximize profits. The good news: Many of the best practices for physical servers also apply to the cloud.
China's Military Behind 2017 Equifax Breach: DoJ
Four members of China's People Liberation Army hacked the information broker, leading to the theft of sensitive data on approximately 145 million citizens.
6 Factors That Raise The Stakes For IoT Security
Developments that exacerbate the risk and complicate making Internet of Things devices more secure.
Day in the Life of a Bot
A typical workday for a bot, from its own point of view.
Ransomware Attacks: Why It Should Be Illegal to Pay the Ransom
For cities, states and towns, paying up is short-sighted and only makes the problem worse.
Embracing a Prevention Mindset to Protect Critical Infrastructure
A zero-trust, prevention-first approach is necessary to keep us safe, now and going forward.
Securing Containers with Zero Trust
A software identity-based approach should become a standard security measure for protecting workloads in all enterprise networks.
Eight Flaws in MSP Software Highlight Potential Ransomware Vector
An attack chain of vulnerabilities in ConnectWise's software for MSPs has similarities to some of the details of the August attack on Texas local and state agencies.
Why DPOs and CISOs Must Work Closely Together
Recent data protection laws mean that the data protection officer and CISO must work in tandem to make sure users' data is protected.
Phishing Today, Deepfakes Tomorrow: Training Employees to Spot This Emerging Threat
Cybercriminals are evolving their tactics, and the security community anticipates voice and video fraud to play a role in one of the next big data breaches -- so start protecting your business now.
New Report Spotlights Changes in Phishing Techniques
Common and evolving strategies include the use of zero-font attacks, homograph attacks, and new tactics for fake attachments.
Dustman Attack Underscores Iran's Cyber Capabilities
For nearly six months, an attack group linked to Iran reportedly had access to the network of Bahrain's national oil company, Bapco, before it executed a destructive payload.
Will This Be the Year of the Branded Cybercriminal?
Threat actors will continue to grow enterprise-style businesses that evolve just like their legitimate counterparts.
Operationalizing Threat Intelligence at Scale in the SOC
Open source platforms such as the Malware Information Sharing Platform are well positioned to drive a community-based approach to intelligence sharing.
Mechanics of a Crypto Heist: How SIM Swappers Can Steal Cryptocurrency
The true vulnerability at the heart of SIM-swap attacks on crypto accounts lies in crypto exchanges' and email providers' variable implementation of 2FA.
2020 & Beyond: The Evolution of Cybersecurity
As new technologies disrupt the industry, remember that security is a process, not a goal. Educate yourself on how you can best secure your corner of the Web.
7 Tips to Keep Your Family Safe Online Over the Holidays
Security experts offer key cyber advice for family members.
Why Enterprises Buy Cybersecurity 'Ferraris'
You wouldn't purchase an expensive sports car if you couldn't use it properly. So, why make a pricey security investment before knowing it fits into your ecosystem?
Get Organized Like a Villain
What cybercrime group FIN7 can teach us about using agile frameworks.
Intel's CPU Flaws Continue to Create Problems for the Tech Community
We can't wait out this problem and hope that it goes away. We must be proactive.
4 Tips to Run Fast in the Face of Digital Transformation
This gridiron-inspired advice will guarantee your digital transformation success and keep your data safe.
Application & Infrastructure Risk Management: You've Been Doing It Backward
Before getting more scanning tools, think about what's needed to defend your organization's environment and devise a plan to ensure all needed tools can work together productively.
How to Get Prepared for Privacy Legislation
All the various pieces of legislation, both in the US and worldwide, can feel overwhelming. But getting privacy basics right is a solid foundation.
DDoS: An Underestimated Threat
Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. Here's how to fight back.
The 5-Step Methodology for Spotting Malicious Bot Activity on Your Network
Bot detection over IP networks isn't easy, but it's becoming a fundamental part of network security practice.
Most Companies Lag Behind '1-10-60' Benchmark for Breach Response
Average company needs 162 hours to detect, triage, and contain a breach, according to a new CrowdStrike survey.
A Security Strategy That Centers on Humans, Not Bugs
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
Quantum Computing Breakthrough Accelerates the Need for Future-Proofed PKI
Public key infrastructure is a foundational security tool that has evolved to become a critical base for future advancements. Today's generation of PKI can be coupled with quantum-resistant algorithms to extend the lifespan of digital certificates for decades.
BSIMM10 Shows Industry Vertical Maturity
The Building Security In Maturity Model is the only detailed measuring stick for software security initiatives, and it continues to evolve.
How Does Your Cyber Resilience Measure Up?
The security measures companies take today may not be enough for tomorrow's cyber assault, but switching to a proactive, risk-based framework may better protect your organization.
Cybersecurity: An Organizationwide Responsibility
C-suite execs must set an example of good practices while also supporting the IT department with enough budget to protect the organization from next-generation cyberattacks.
Unreasonable Security Best Practices vs. Good Risk Management
Perfection is impossible, and pretending otherwise just makes things worse. Instead, make risk-based decisions.
Why Cyber-Risk Is a C-Suite Issue
Organizations realize the scale of cyber-risk but lack counter-actions to build resilience.
Accounting Scams Continue to Bilk Businesses
Yes, ransomware is plaguing businesses and government organizations, but impersonators inserting themselves into financial workflows — most often via e-mail — continue to enable big paydays.
Social Media: Corporate Cyber Espionage's Channel of Choice
Proactive defense and automation can help your company deal with scale and prioritize risks in order to more efficiently fight cyber espionage.
Disclosure Does Little to Dissuade Cyber Spies
In the past, outing nation-state cyber espionage groups caused a few to close up shop, but nowadays actors are more likely to switch to new infrastructure and continue operations.
To Secure Multicloud Environments, First Acknowledge You Have a Problem
Multicloud environments change rapidly. Organizations need a security framework that is purpose-built for the cloud and that aligns with their digital transformation strategy.
8 Trends in Vulnerability and Patch Management
Unpatched flaws continue to be a major security issue for many organizations.
Why Cloud-Native Applications Need Cloud-Native Security
Today's developers and the enterprises they work for must prioritize security in order to reap the speed and feature benefits these applications and new architectures provide.
5 Things the Hoodie & the Hard Hat Need to Know About Each Other
Traditionally, the worlds of IT (the hoodie) and OT (the hard hat) have been separate. That must change.
State of SMB Insecurity by the Numbers
SMBs still perceive themselves at low risk from cyberthreats — in spite of attack statistics that paint a different pictur
Schadenfreude Is a Bad Look & Other Observations About Recent Disclosures
The debate about whether Android or iOS is the more inherently secure platform misses the larger issues that both platforms are valuable targets and security today is no guarantee of security tomorrow.
Federal CIOs Zero In on Zero Trust
Here's how federal CIOs can begin utilizing the security concept and avoid predictable obstacles.
Why Bricking Vulnerable IoT Devices Comes with Unintended Consequences
Infosec vigilantism can cause serious harm in the era of industrial IoT and connected medical devices.
The Connected Cybercrime Ecosystem & the Impact of the Capital One Breach
A company's security battle is not between that company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem.
How the Software-Defined Perimeter Is Redefining Access Control
In a world where traditional network boundaries no longer exist, VPNs are showing their age.
|
6 Emerging Cyber Threats That Enterprises Face in 2020This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Tweet This
6 Comments
