Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
DevSecOps: Recreating Cybersecurity Culture
Bringing developers and security teams together guided by a common goal requires some risk-taking. With patience and confidence, it will pay off. Here's how.
How Ransomware Criminals Turn Friends into Enemies
Managed service providers are the latest pawns in ransomware's game of chess.
Five Common Cloud Configuration Mistakes
It's a joint responsibility to keep data safe in the cloud. Here's what cloud customers must do to keep their end of the bargain.
How Intel Unlocks the Powerful Potential of Diversity in Cybersecurity
Sparking cultural shifts within an organization -- and throughout an entire industry -- can feel like a monumental task, but the juice is well worth the squeeze.
Preventing PTSD and Burnout for Cybersecurity Professionals
The safety of our digital lives is at stake, and we need to all do our part in raising awareness of these issues.
Taking a Fresh Look at Security Ops: 10 Tips
Maybe you love your executive team, your security processes, tools, or strategy. Maybe you hate them. Whatever the situation, it's likely at some point that things will have changed.
A Definitive Guide to Crowdsourced Vulnerability Management
Knowing about a bug and actually securing it are very different things. These six steps will get you from "oh, sh*t" to fixed.
The Fight Against Synthetic Identity Fraud
Advanced data and innovative technology will help organizations more easily identify abnormal behavior and tell legitimate customers apart from "fake" ones.
Proposed Browser Security Guidelines Would Mean More Work for IT Teams
CA/Browser Forum wants SSL certificates to expire after a year. Many businesses that rely on them aren't equipped to cope.
Firmware: A New Attack Vector Requiring Industry Leadership
It's time for cybersecurity manufacturers and solution providers to step up and show leadership in addressing firmware security. Read why and how.
Data Is the New Copper
Data breaches fuel a complex cybercriminal ecosystem, similar to copper thefts after the financial crisis.
AI Is Everywhere, but Don't Ignore the Basics
Artificial intelligence is no substitute for common sense, and it works best in combination with conventional cybersecurity technology. Here are the basic requirements and best practices you need to know.
From Spyware to Ninja Cable
Attackers don't need sophisticated James Bondian hardware to break into your company. Sometimes a $99 device will do.
Why Businesses Fail to Address DNS Security Exposures
Increasing awareness about the critical importance of DNS security is the first step in improving the risk of being attacked. It's time to get proactive.
Automation: Friend of the SOC Analyst
Faced by increasingly sophisticated threats, organizations are realizing the benefits of automation in their cybersecurity programs.
It's Not Healthy to Confuse Compliance with Security
Healthcare organizations should be alarmed by the frequency and severity of cyberattacks. Don't assume you're safe from them just because you're compliant with regulations.
An Inside Look at How CISOs Prioritize Budgets & Evaluate Vendors
In-depth interviews with four market-leading CISOs reveal how they prioritize budgets, measure ROI on security investments, and evaluate new vendors.
A Tale of Two Buzzwords: 'Automated' and 'Autonomous' Solutions Aren't the Same Thing
Enterprises must learn the difference between the two and the appropriate use cases for each.
3 Promising Technologies Making an Impact on Cybersecurity
The common thread: Each acts as a force multiplier, adding value to every other security technology around it.
Upping the Ante on Anti-Analysis
Attackers are becoming more sophisticated in their obfuscation and anti-analysis practices to avoid detection.
ISAC 101: Unlocking the Power of Information
How information sharing and analysis centers provide contextual threat information by creating communities that helps security professionals and their organizations grow in maturity and capability.
To Navigate a Sea of Cybersecurity Solutions, Learn How to Fish
Three steps for relieving the pressure of picking the right tools.
Privacy 2019: We're Not Ready
To facilitate the innovative use of data and unlock the benefits of new technologies, we need privacy not just in the books but also on the ground.
Securing Our Infrastructure: 3 Steps OEMs Must Take in the IoT Age
Security has lagged behind adoption of the Internet of Things. The devices hold much promise, but only if a comprehensive security model is constructed.
Unsecured IoT: 8 Ways Hackers Exploit Firmware Vulnerabilities
As new Internet of Things products enter the market, speed shouldn't trump concerns about security.
Cryptography & the Hype Over Quantum Computing
It's not time to move to post-quantum cryptography yet -- too many things are still up in the air. But you can start to become prepared by making sure your infrastructure is agile.
Capital One Breach: What Security Teams Can Do Now
Knowing the methods of the attacker, as laid out in the federal indictment, allow us to prevent similar attacks.
Threat Intelligence Gateways: A Useful Adjunct to Overworked Perimeter Security
Comparative research shows the relative strengths and weaknesses of five TIG vendors and which kinds of security organization will reap the most benefit.
5 Identity Challenges Facing Today’s IT Teams
To take control over your company's security, identify and understand the biggest identity and access management challenges facing IT teams today and start addressing them.
'Phoning Home': Your Latest Data Exfiltration Headache
Companies phone enterprise customer data home securely and for a variety of perfectly legitimate and useful reasons. The problems stem from insufficient disclosure.
Who Gets Privileged Access & How to Enforce It
Let's begin by re-evaluating IT infrastructures to determine who has access to what, why, and when.
Tough Love: Debunking Myths about DevOps & Security
It's time to move past trivial 'shift left' conceptions of DevSecOps and take a hard look at how security work actually gets accomplished.
Beat the Heat: Dark Reading Caption Contest Winners
Phishing, token codes, training, MFA, polluted data entry, and whales. And the winners are ...
The Flaw in Vulnerability Management: It's Time to Get Real
Companies will never be 100% immune to cyberattacks. But by having a realistic view of the basics, starting with endpoint vulnerabilities, we can build for a safer future.
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
The old-school technology is experiencing new popularity, but too many people assume mainframes are inherently secure.
Why Companies Fail to Learn from Peers' Mistakes (and How They Can Change)
Far too often, there's a new breach in the headlines. Companies need to start learning some obvious lessons.
Microservices Flip App Security on Its Head
With faster application deployment comes increased security considerations.
The California Consumer Privacy Act's Hidden Surprise Has Big Legal Consequences
The CCPA's provision devoted to 'reasonable' cybersecurity procedures and policies could trip up your business. Get ready now.
History Doesn't Repeat Itself in Cyberspace
The 10th anniversary of the US Cyber Command is an opportunity to prepare for unknowns in the rapidly changing cybersecurity landscape.
6 Security Considerations for Wrangling IoT
The Internet of Things isn't going away, so it's important to be aware of the technology's potential pitfalls.
It's (Still) the Password, Stupid!
The best way to protect your identity in cyberspace is the simplest: Use a variety of strong passwords, and never, ever, use "123456" no matter how easy it is to type.
Yes, FaceApp Really Could Be Sending Your Data to Russia
FaceApp has an unprecedented level of access to data from 150 million users. What could its endgame be? We unpack three potential risks.
Rethinking Website Spoofing Mitigation
Deception technology is evolving rapidly, making it easier for organizations to turn the tables on their attackers. Here's how.
When Perceived Cybersecurity Risk Outweighs Reality
Teams need to manage perceived risks so they can focus on fighting the real fires.
Security & the Infinite Capacity to Rationalize
To improve the security posture of our organizations, we must open our eyes to rationalization and put an end to it with logic. Here's how.
Fighting Back Against Mobile Fraudsters
The first step toward identifying and preventing mobile fraud threats is acknowledging that mobile security requires a unique solution.
Black Hat: A Summer Break from the Mundane and Controllable
Enjoy the respite from the security tasks that await you back at home. Then prepare yourself for the uphill battles to come. Here's how.
Demystifying New FIDO Standards & Innovations
Staying on top of the latest cybersecurity risks and preferred attack methods can feel impossible, but standards like FIDO2 are designed to help relieve the burden.
SecOps Success Through Employee Retention
To keep your turnover low, focus on these areas: compensation, advancement opportunities, training, and environment.
Why the Network Is Central to IoT Security
Is there something strange about your network activity? Better make sure all of your IoT devices are under control.
|
Latest Comment: Because Sock Puppets don't get fired for being brutally honest describing the weaknesses of existing security controls.
7 Threats & Disruptive Forces Changing the Face of CybersecurityThis Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Here’s some insight on what's working – and what isn't – in the data center.
Tweet This
0 Comments
