Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Schadenfreude Is a Bad Look & Other Observations About Recent Disclosures
The debate about whether Android or iOS is the more inherently secure platform misses the larger issues that both platforms are valuable targets and security today is no guarantee of security tomorrow.
Federal CIOs Zero In on Zero Trust
Here's how federal CIOs can begin utilizing the security concept and avoid predictable obstacles.
5 Steps to Protect Against Ransomware Attacks
Paying a ransom is strongly discouraged by experts. So, how do you protect your organization?
Why Bricking Vulnerable IoT Devices Comes with Unintended Consequences
Infosec vigilantism can cause serious harm in the era of industrial IoT and connected medical devices.
The Connected Cybercrime Ecosystem & the Impact of the Capital One Breach
A company's security battle is not between that company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem.
Close the Gap Between Cyber-Risk and Business Risk
Four steps outlining how security teams can better understand their company's cyber-risk and demonstrate to company leadership what's being done to mitigate the resulting business risk.
How to Think Like a Hacker
In the arms race of computer security, it's never been more important to develop an adversarial mindset that can identify assumptions and determine if and how they can be violated.
Network Security Must Transition into the Cloud Era
An integrated approach is the best way to provide organizations with the tools they need to decrease the attack surface and use strong security controls.
A Realistic Threat Model for the Masses
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
How the Software-Defined Perimeter Is Redefining Access Control
In a world where traditional network boundaries no longer exist, VPNs are showing their age.
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
As in any battle, understanding and exploiting the terrain often dictates the outcome.
Beyond the Horde: The Uptick in Targeted Attacks (And How to Fight Back)
We're seeing a dramatic rise in targeted attacks, but following these guidelines can help your enterprise stay safe.
10 Steps to Assess SOC Maturity in SMBs
Facing a system and organization controls audit doesn't have to be stressful for small and midsize businesses if they follow these guidelines.
Cybercrime: AI's Growing Threat
Cyberecurity incidents expected to rise by nearly 70% and cost $5 trillion annually by 2024.
Common Pitfalls of Security Monitoring
We need technology, but we can’t forget the importance of humans working methodically to make it effective.
How FISMA Requirements Relate to Firmware Security
Federal guidelines can help all organizations pragmatically and meaningfully improve their firmware security.
Quantum-Safe Cryptography: The Time to Prepare Is Now
Quantum computing is real and it's evolving fast. Is the security industry up to the challenge?
Controlling Data Leakage in Cloud Test-Dev Environments
The focus on digital transformation and compressing development release cycles is appealing, but that means security can be left behind. How should security practitioners address this challenge?
Navigating Your First Month as a New CISO
The single most important thing you can do is to start building the relationships and political capital you'll need to run your security program. Here's how.
AIOps: The State of Full Packet Capture Enters the Age of Practicality
How machine learning and artificial intelligence are changing the game of acting on large volumes of network data in near real time.
'Harvesting Attacks' & the Quantum Revolution
Stockpiles of stolen information sitting in foreign databases are ready to be exposed the minute there's a working quantum computer in five to ten years. The time to act is now.
Is Your Organization Suffering from Security Tool Sprawl?
Most companies have too many tools, causing increased costs and security issues.
Bridging the Gap Between Security & DevOps
An inside look into the engineering mindset of DevOps from the vantage of a career security professional.
Why You Need to Think About API Security
Businesses of all sorts are increasingly relying on APIs to interact with customers in smartphone apps, but they have their own unique set of vulnerabilities.
Long-Lining: Reeling In the Big Fish in Your Supply Chain
The object of this new attack campaign is not swordfish or tuna but high-ranking executives within target organizations.
The Future of Account Security: A World Without Passwords?
First step: Convince machines that we are who we say we are with expanded biometrics, including behaviors, locations, and other information that makes "us" us.
4 Cybersecurity Best Practices for Electrical Engineers
Most electrical engineering firms are targeted by threat actors of opportunity because of two necessary ingredients: people and computers. These four tips will help keep you safer.
6 Best Practices for Performing Physical Penetration Tests
A cautionary tale from a pen test gone wrong in an Iowa county courthouse.
How Network Logging Mitigates Legal Risk
Logging that is turned on, captured, and preserved immediately after a cyber event is proof positive that personal data didn't fall into the hands of a cybercriminal.
A Safer IoT Future Must Be a Joint Effort
We're just at the beginning of an important conversation about the future of our homes and cities, which must involve both consumers and many players in the industry
Deconstructing an iPhone Spearphishing Attack
How criminals today bypass smartphone anti-theft protection and harvest AppleID and passwords taken from fake Apple servers.
Crowdsourced Security & the Gig Economy
Crowdsourced platforms have redefined both pentesting and the cybersecurity gig economy. Just not in a good way.
DevSecOps: Recreating Cybersecurity Culture
Bringing developers and security teams together guided by a common goal requires some risk-taking. With patience and confidence, it will pay off. Here's how.
How Ransomware Criminals Turn Friends into Enemies
Managed service providers are the latest pawns in ransomware's game of chess.
5 Common Cloud Configuration Mistakes
It's a joint responsibility to keep data safe in the cloud. Here's what cloud customers must do to keep their end of the bargain.
How Intel Unlocks the Powerful Potential of Diversity in Cybersecurity
Sparking cultural shifts within an organization -- and throughout an entire industry -- can feel like a monumental task, but the juice is well worth the squeeze.
Preventing PTSD and Burnout for Cybersecurity Professionals
The safety of our digital lives is at stake, and we need to all do our part in raising awareness of these issues.
Taking a Fresh Look at Security Ops: 10 Tips
Maybe you love your executive team, your security processes, tools, or strategy. Maybe you hate them. Whatever the situation, it's likely at some point that things will have changed.
A Definitive Guide to Crowdsourced Vulnerability Management
Knowing about a bug and actually securing it are very different things. These six steps will get you from "oh, sh*t" to fixed.
The Fight Against Synthetic Identity Fraud
Advanced data and innovative technology will help organizations more easily identify abnormal behavior and tell legitimate customers apart from "fake" ones.
Proposed Browser Security Guidelines Would Mean More Work for IT Teams
CA/Browser Forum wants SSL certificates to expire after a year. Many businesses that rely on them aren't equipped to cope.
Firmware: A New Attack Vector Requiring Industry Leadership
It's time for cybersecurity manufacturers and solution providers to step up and show leadership in addressing firmware security. Read why and how.
Data Is the New Copper
Data breaches fuel a complex cybercriminal ecosystem, similar to copper thefts after the financial crisis.
AI Is Everywhere, but Don't Ignore the Basics
Artificial intelligence is no substitute for common sense, and it works best in combination with conventional cybersecurity technology. Here are the basic requirements and best practices you need to know.
From Spyware to Ninja Cable
Attackers don't need sophisticated James Bondian hardware to break into your company. Sometimes a $99 device will do.
Why Businesses Fail to Address DNS Security Exposures
Increasing awareness about the critical importance of DNS security is the first step in improving the risk of being attacked. It's time to get proactive.
Automation: Friend of the SOC Analyst
Faced by increasingly sophisticated threats, organizations are realizing the benefits of automation in their cybersecurity programs.
It's Not Healthy to Confuse Compliance with Security
Healthcare organizations should be alarmed by the frequency and severity of cyberattacks. Don't assume you're safe from them just because you're compliant with regulations.
An Inside Look at How CISOs Prioritize Budgets & Evaluate Vendors
In-depth interviews with four market-leading CISOs reveal how they prioritize budgets, measure ROI on security investments, and evaluate new vendors.
A Tale of Two Buzzwords: 'Automated' and 'Autonomous' Solutions Aren't the Same Thing
Enterprises must learn the difference between the two and the appropriate use cases for each.
|
Latest Comment: Day 34: They still haven't noticed we replaced the entire SOC with socks.
7 Threats & Disruptive Forces Changing the Face of CybersecurityThis Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Tweet This
0 Comments
