Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
COVID-19 Creates Opening for OT Security Reform
Operations technology was once considered low risk, at least until the virus came along and re-arranged the threat landscape.
Attacker Dwell Time: Ransomware's Most Important Metric
How to bolster security defenses by zeroing in on the length of time an interloper remains undetected inside your network.
Shifting Left of Left: Why Secure Code Isn't Always Quality Code
Enabling engineers to share responsibility for security and empowering them to erase common vulnerabilities are good starting points.
The Shared Irresponsibility Model in the Cloud Is Putting You at Risk
Step up, put the architecture and organization in place, and take responsibility. If you don't, who will?
Safeguarding Schools Against RDP-Based Ransomware
How getting online learning right today will protect schools, and the communities they serve, for years to come.
WannaCry Has IoT in Its Crosshairs
The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware.
Solving the Problem With Security Standards
More explicit threat models can make security better and open the door to real and needed innovation.
Since Remote Work Isn't Going Away, Security Should Be the Focus
These three steps will help organizations reduce long-term work-from-home security risks.
My Journey Toward SAP Security
When applications are critical to the business's core functions, the CISO and their staff better get the security right.
7 Non-Technical Skills Threat Analysts Should Master to Keep Their Jobs
It's not just technical expertise and certifications that enable analysts to build long-term careers in cybersecurity.
New Google Search Hacks Push Viruses & Porn
Three incidents demonstrate how cybercriminals leverage the scourge of black-hat search engine optimization to manipulate search results.
Permission Management & the Goldilocks Conundrum
In today's COVID-19 era, managing access has become even more difficult, especially for large organizations. Here's how to get it "just right."
5 Steps to Greater Cyber Resiliency
Work from home isn't going away anytime soon, and the increased vulnerability means cyber resiliency will continue to be critical to business resiliency.
IDaaS: A New Era of Cloud Identity
As identity-as-a-service becomes the standard for enterprise identity management, upstarts and established competitors are competing to define the market's future. Participate in Omdia's IDaaS research.
Mitigating Cyber-Risk While We're (Still) Working from Home
One click is all it takes for confidential information to land in the wrong hands. The good news is that there are plenty of ways to teach preventative cybersecurity to remote workers.
Time for CEOs to Stop Enabling China's Blatant IP Theft
Protecting intellectual property in the name of US economic and national security should be part of every company's fiduciary duty.
Struggling to Secure Remote IT? 3 Lessons from the Office
The great remote work experiment has exacerbated existing challenges and exposed new gaps, but there are things to be learned from office challenges.
8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?
Cybersecurity Bounces Back, but Talent Still Absent
While the demand for cybersecurity talent rebounds, organizations will need to focus on cyber-enabled roles to fill immediate skills gaps.
Taking Security With You in the WFH Era: What to Do Next
As many organizations pivot to working from home, here are some considerations for prioritizing the new security protocols.
Encrypted Traffic Inference: An Alternative to Enterprise Network Traffic Decryption
Finding threats in encrypted inbound network traffic is complex and expensive for enterprises, but a fascinating new approach could eliminate the need for decryption.
Simplify Your Privacy Approach to Overcome CCPA Challenges
By building a privacy-forward culture from the ground up and automating processes, organizations can simplify their approach to privacy and be prepared for any upcoming regulations.
Open Source Security's Top Threat and What To Do About It
With open source developers regularly churning out new tools, the risk landscape has become too fragmented to properly monitor.
Fraud Prevention During the Pandemic
When the economy is disrupted, fraud goes up, so let's not ignore the lessons we can learn from previous downturns.
Managed IT Providers: The Cyber-Threat Actors' Gateway to SMBs
Criminals have made MSPs a big target of their attacks. That should concern small and midsize businesses a great deal.
Ripple20 Malware Highlights Industrial Security Challenges
Poor security practices allowed software vulnerabilities to propagate throughout industrial and IoT products for more than 20 years.
7 Cybersecurity Priorities for Government Agencies & Political Campaigns
As election season ramps up, organizations engaged in the process must strengthen security to prevent chaos and disorder from carrying the day. Here's how.
Top 5 Identity-Centric Security Imperatives for Newly Minted Remote Workers
In the wake of COVID-19, today's remote workforce is here to stay, at least for the foreseeable future. And with it, an increase in identity-related security incidents.
VPNs: The Cyber Elephant in the Room
While virtual private networks once boosted security, their current design doesn't fulfill the evolving requirements of today's modern enterprise.
8 Frequently Asked Questions on Organizations' Data Protection Programs
Adherence to data protection regulations requires a multidisciplinary approach that has the commitment of all employees. Expect to be asked questions like these.
The Hidden Security Risks of Business Applications
Today's enterprises depend on mission-critical applications to keep them productive, help better serve customers, and keep up with demand. It's important that they also know the risks.
Fake Data and Fake Information: A Treasure Trove for Defenders
Cybersecurity professionals are using false data to deceive cybercriminals, enabling them to protect networks in new and innovative ways.
5 Ways for Cybersecurity Teams to Work Smarter, Not Harder
Burnout is real and pervasive, but some common sense tools and techniques can help mitigate all that.
Don't Forget Cybersecurity on Your Back-to-School List
School systems don't seem like attractive targets, but they house lots of sensitive data, such as contact information, grades, health records, and more.
Why Kubernetes Clusters Are Intrinsically Insecure (& What to Do About Them)
By following best practices and prioritizing critical issues, you can reduce the chances of a security breach and constrain the blast radius of an attempted attack. Here's how.
ISO 27701 Paves the Way for a Strategic Approach to Privacy
As the first certifiable international privacy management standard, ISO 27701 is a welcome addition to the existing set of common security frameworks.
Why Are There Still So Many Windows 7 Devices?
As the FBI warns, devices become more vulnerable to exploitation as time passes, due to a lack of security updates and new, emerging vulnerabilities.
From Defense to Offense: Giving CISOs Their Due
In today's unparalleled era of disruption, forward-thinking CISOs can become key to company transformation -- but this means resetting relationships with the board and C-suite.
Redefining What CISO Success Looks Like
Key to this new definition is the principle that security programs are designed to minimize business risk, not to achieve 100% no-risk.
The Inside Threat from Psychological Manipulators
How internal manipulators can actually degrade your organization's cyber defense, and how to defend against them.
How CISOs Can Play a New Role in Defining the Future of Work
Rather than just reacting to security issues in the COVID-19 era, CISOs are now in a position to be change agents alongside their C-suite peers.
The 'Shared Responsibility' Misnomer: Why the Cloud Continues to Confound
Under the "shared responsibility model," the security management of cloud offerings is split equally between the vendor and the customer. Easy enough, right?
Deep Fake: Setting the Stage for Next-Gen Social Engineering
Humans are susceptible to normalcy bias, which may leave us vulnerable to disinformation that reinforces our beliefs.
Three Easy Ways to Avoid Meow-like Database Attacks
The largest problem facing database security today is the disconnect between security teams and DBAs beginning from the moment of configuration and continuing throughout the database lifecycle.
The Fatal Flaw in Data Security
Simply stated: No matter how sophisticated your security software is, data cannot be simultaneously used and secured. But that may be changing soon.
Dark Reading Launches New Section on Physical Security
Partnership with IFSEC enables Dark Reading to cover new areas of security and expand its audience.
Average Cost of a Data Breach in 2020: $3.86M
When companies defend themselves against cyberattacks, time is money.
Post-Pandemic Digitalization: Building a Human-Centric Cybersecurity Strategy
COVID-19 won't be the last major disruption of its kind. Instead, it is a glimpse into what may be to come as digitalization continues to affect all aspects of our lives.
Twitter Hack: The Spotlight that Insider Threats Need
The high profile attack should spur serious board-level conversations around the importance of insider threat prevention.
Black Hat USA 2020 Musings: Weird and Wonderful Virtual Events are Here to Stay
Black Hat USA 2020 was nothing like an in-person event, but it was incredibly useful for all involved, providing even the most grizzled industry veterans with fresh perspectives.
|
Special Report: Computing's New NormalThis special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Tweet This
0 Comments
