Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
SOC 2 Attestation Tips for SaaS Companies
Attestation helps SaaS vendors demonstrate that digital security is a primary focus.
Improving the Vulnerability Reporting Process With 5 Steps
Follow these tips for an effective and positive experience for both the maintainer and external vulnerability reporter.
Name That Toon: Greetings, Earthlings
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
Looking for Greater Security Culture? Ask an 8-Bit Plumber
After 40 years of navigating catastrophes, video game character Mario can help us with a more intelligent approach to DevOps and improving security culture.
Business Email Compromise Costs Businesses More Than Ransomware
Ransomware gets the headlines, but business paid out $1.8 billion last year to resolve BEC issues, according to an FBI report.
How to Attack Yourself Better in 2021
Social engineering pen testing is just one step in preventing employees from falling victim to cybercriminals.
2020 Changed Identity Forever; What's Next?
For all the chaos the pandemic caused, it also sparked awareness of how important an identity-centric approach is to securing today's organizations.
Beware the Bug Bounty
In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors.
SolarWinds: A Catalyst for Change & a Cry for Collaboration
Cybersecurity is more than technology or safeguards like zero trust; mostly, it's about collaboration.
How the Biden Administration Can Make Digital Identity a Reality
A digital identity framework is the answer to the US government's cybersecurity dilemma.
6 Tips for Managing Operational Risk in a Downturn
Many organizations adjust their risk appetite in an economic downturn, as risk is expanded to include supplier and customer insolvency, not to mention cash-flow changes.
Nation-State Attacks Force a New Paradigm: Patching as Incident Response
IT no longer has the luxury of thoroughly testing critical vulnerability patches before rolling them out.
Bolstering Our Nation's Defenses Against Cybersecurity Attacks
Shawn Henry, former Executive Assistant Director of the FBI and current CrowdStrike president of services and CSO, shares the top three cybersecurity priorities that the Biden administration needs to address.
Dark Reading to Upgrade Site Design, Performance
Improvements will make site content easier to navigate, faster, and more functional.
5 Objectives for Establishing an API-First Security Strategy
With APIs predicted to be the most common attack vector by 2022, an API-first security strategy is critical now more than ever.
Clear & Present Danger: Data Hoarding Undermines Better Security
Facebook and Google can identify patterns of attack within their own data, but smaller businesses rarely see enough traffic to successfully identify an attack or warn users.
Wake Up and Smell the JavaScript
The SolarWinds attack showed the true meaning of a supply chain breach. And it's the canary in the coal mine for sensitive data on the Web.
Omdia Research Spotlight: XDR
Few emerging cybersecurity market segments are garnering more attention than XDR. Here, Omdia highlights its recent research on XDR.
Women Are Facing an Economic Crisis & the Cybersecurity Industry Can Help
Investing in women's cybersecurity careers can bring enormous benefits and help undo some of the significant economic damage wrought by the pandemic.
Handcuffs Over AI: Solving Security Challenges With Law Enforcement
We've tried everything else ... now it's time to make the prospect of getting caught -- and punished -- a real deterrent to cybercrime.
Rethinking Cyberattack Response: Prevention & Preparedness
The SolarWinds incident is the starkest reminder yet that complacency can exact a terrible price.
5 Ways to Transform Your Phishing Defenses Right Now
By transforming how you approach phishing, you can break the phishing kill chain and meaningfully reduce your business risk.
Cartoon Caption Winner: Something Seems Afoul
And the winner of Dark Readings's March cartoon caption contest is ...
Ryuk's Rampage Has Lessons for the Enterprise
The Ryuk ransomware epidemic is no accident. The cybercriminals responsible for its spread have systematically exploited weaknesses in enterprise defenses that must be addressed.
NFT Thefts Reveal Security Risks in Coupling Private Keys & Digital Assets
Compromised NFT accounts highlight security concerns inherent in the design of centralized systems.
7 Ways to Reduce Cyber Threats From Remote Workers
The pandemic's decline won't stop the work-from-home trend nor the implications for cybersecurity, so it's crucial to minimize the threats.
US Tech Dominance Rides on Securing Intellectual Property
A recent, mostly overlooked pardon points to a big problem in the US tech industry: Intellectual property offers a lucrative golden ticket for insiders.
Solving the Leadership Buy-In Impasse With Data
Justify your requirements with real numbers to get support for security investments.
The Role of Visibility in Securing Cloud Applications
Traditional data center approaches aren't built for securing modern cloud applications.
What's So Great About XDR?
XDR is a significant advance in threat detection and response technology, but few enterprises understand why. Omdia identifies four catalysts driving the emergence of XDR.
Advice From Security Experts: How to Approach Security in the New Normal
Here are the biggest lessons they've learned after a year of work from home, and how they advise their counterparts at organizations to proceed as a result of those lessons.
3 Ways Vendors Can Inspire Customer Trust Amid Breaches
As customers rely more on cloud storage and remote workforces, the probability of a breach increases.
Watch Out for These Cyber-Risks
It's difficult to predict what will materialize in the months ahead in terms of cyber-risks, which is why it's wise to review your organization's security posture now.
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
The Cyber Kill Chain and MITRE ATT&CK are popular reference frameworks to analyze breaches, but amid the rise of XDR, we may need a new one.
In the Rush to Embrace Hybrid Cloud, Don't Forget About Security
Cloud service providers typically only secure the infrastructure itself, while customers are responsible for their data and application security.
4 Open Source Tools to Add to Your Security Arsenal
Open source solutions can offer an accessible and powerful way to enhance your security-testing capabilities.
Data Bias in Machine Learning: Implications for Social Justice
Take historically biased data, then add AI and ML to compound and exacerbate the problem.
Moving from DevOps to CloudOps: The Four-Box Problem
With SOC teams running services on multiple cloud platforms, their big concern is how to roll up configuration of 200+ servers in a comprehensive way.
Security Operations in the World We Live in Now
Despite the challenges of remote work, security operations teams can position themselves well for the future.
The CIO's Shifting Role: Improving Security With Shared Responsibility
CIOs must create a culture centered around cybersecurity that is easily visible and manageable.
How Personally Identifiable Information Can Put Your Company at Risk
By being more mindful of how and where they share PII, employees will deprive cybercriminals of their most useful tool.
What a Federal Data Privacy Law Would Mean for Consumers
With an array of serious proposals from both sides of the political divide, it looks as though the US may finally have a national privacy law.
Prioritizing Application & API Security After the COVID Cloud Rush
As companies hit the gas to accommodate the rapid shift to work-from-home, security fell behind. Now, it's time to close those gaps.
Disrupting the Cybercriminal Supply Chain
It is time to turn the tables on cybercriminals and use their own tactics against them.
Data Protection Is a Group Effort
When every employee is well-versed in customer data privacy principles, the DPO knows the enterprise's sensitive data is in good hands.
Top 3 Cybersecurity Lessons Learned From the Pandemic
Defending an enterprise of fully remote employees and their devices at this scale and speed had never been done before. Now, we do it every day.
On the Road to Good Cloud Security: Are We There Yet?
Misconfigured infrastructure is IT pros' top cloud security concern, but they're conflicted on how to address it in practice.
How Us Shady Geeks Put Others Off Security
Early adopters of security and privacy tools may be perceived by others as paranoid, which, in turn, may repel non-experts from protecting themselves online.
Women's History Month: Making Mentorship Meaningful
This month is a perfect opportunity for us to take a step back and think about what role we want to play as women in the technology sector.
Beware the Package Typosquatting Supply Chain Attack
Attackers are mimicking the names of existing packages on public registries in hopes that users or developers will accidentally download these malicious packages instead of legitimate ones.
|
Latest Comment: Congratulations George - you have won the Venuvian Lottery! Now if you will just type in your SSN, Date of Birth, Mother's maiden name ...
2021 Top Enterprise IT TrendsWe've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Tweet This
0 Comments
