Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
How to Achieve Collaboration Tool Compliance
Organizations must fully understand the regulatory guidance on collaboration security and privacy so they can continue to implement and expand their use of tools such as Zoom and Teams.
Vulnerability Management Has a Data Problem
Security teams have an abundance of data, but most of it lacks the context necessary to improve remediation outcomes.
The Data-Centric Path to Zero Trust
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.
How to Boost Executive Buy-In for Security Investments
Linking security budgets to breach-protection outcomes helps executives balance spending against risk and earns CISOs greater respect in the C-suite.
Bringing Zero Trust to Secure Remote Access
Demand for secure remote access has skyrocketed during the pandemic. Here Omdia profiles more secure alternatives to virtual private network (VPN) technology.
Over-Sharer or Troublemaker? How to Identify Insider-Risk Personas
It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks.
SolarWinds Hack Lessons Learned: Finding the Next Supply Chain Attack
The SolarWinds supply chain compromise won't be the last of its kind. Vendors and enterprises alike must learn and refine their detection efforts to find the next such attack.
When It Comes To Security Tools, More Isn't More
Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success.
Top 5 'Need to Know' Coding Defects for DevSecOps
Integrating static analysis into the development cycle can prevent coding defects and deliver secure software faster.
The 3 Most Common Types of BEC Attacks (And What You Can Do About Them)
Always be skeptical and double check credentials.
How to Protect Your Organization's Digital Footprint
As the digital risk landscape evolves and grows, organizations must stay vigilant against online threats.
What You Need to Know About California's New Privacy Rules
Proposition 24 will change Californians' rights and business's responsibilities regarding consumer data protection.
COVID-19's Acceleration of Cloud Migration & Identity-Centric Security
Here are some tips for updating access control methods that accommodate new remote working norms without sacrificing security.
How to Build Cyber Resilience in a Dangerous Atmosphere
Our polarized climate and COVID-19 are putting the nation's cybersecurity in imminent danger, and it's past time to act.
Mobile Endpoint Security: Still the Crack in the Enterprise's Cyber Armor
A combination of best practices and best-in-class technology will help keep your enterprise from falling victim to ever-growing threats.
Reducing the Risk of Third-Party SaaS Apps to Your Organization
Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks.
India: A Growing Cybersecurity Threat
Geopolitical tensions and a dramatic rise in offensive and defensive cyber capabilities lead India to join Iran, Russia, China, and North Korea as a top nation-state adversary.
Defending the COVID-19 Vaccine Supply Chain
We must treat this supply chain like a piece of our nation's critical infrastructure, just like the electrical grid or air traffic control system.
10 Benefits of Running Cybersecurity Exercises
There may be no better way to ascertain your organization's strengths and weaknesses than by running regular security drills.
Quarterbacking Vulnerability Remediation
It's time that security got out of the armchair and out on the field.
Enterprise IoT Security Is a Supply Chain Problem
Organizations that wish to take advantage of the potential benefits of IoT systems in enterprise environments should start evaluating third-party risk during the acquisition process.
Prepare to Fight Upcoming Cyber-Threat Innovations
Cybercriminals are preparing to use computing performance innovations to launch new types of attacks.
Security as Code: How Repeatable Policy-Driven Deployment Improves Security
The SaC approach lets users codify and enforce a secure state of application configuration deployment that limits risk.
We Have a National Cybersecurity Emergency -- Here's How We Can Respond
Let's prioritize bipartisan strategic actions that can ensure our national security and strengthen the economy. Here are five ideas for how to do that.
2021 Cybersecurity Predictions: The Intergalactic Battle Begins
There's much in store for the future of cybersecurity, and the most interesting things aren't happening on Earth.
VPNs, MFA & the Realities of Remote Work
The work-from-home-era is accelerating cloud-native service adoption.
Corporate Credentials for Sale on the Dark Web: How to Protect Employees and Data
It's past time to retire passwords in favor of other methods for authenticating users and securing systems.
Why the Weakest Links Matter
The recent FireEye and SolarWinds compromises reinforce the fact that risks should be understood, controls should be in place, and care should be taken at every opportunity.
SSO and MFA Are Only Half Your Identity Governance Strategy
We need better ways to manage user identities for accessing applications, especially given the strain it places on overworked IT and security teams.
Nowhere to Hide: Don't Let Your Guard Down This Holiday Season
Harden your defenses to ensure that your holiday downtime doesn't become an open door for cyber threats.
The Private Sector Needs a Cybersecurity Transformation
Cybersecurity must get to the point where it's equated with actually stopping an attack by identifying the methods the bad guys use and taking those methods away.
Startups Should Do Things That Don't Scale, but Security Isn't One of Them
Emerging businesses that don't embrace scalable security do so at their own peril.
Penetration Testing: A Road Map for Improving Outcomes
As cybersecurity incidents gain sophistication, to ensure we are assessing security postures effectively, it is critical to copy real-world adversaries' tools, tactics, and procedures during testing activities.
Cloud Identity and Access Management: Understanding the Chain of Access
Here's where enterprises encounter challenges with cloud IAM and the best practices they should follow to correct these mistakes.
The Line Between Physical Security & Cybersecurity Blurs as World Gets More Digital
Security teams are being challenged by the connected nature of IP devices, and preventing them from being compromised by cybercriminals has become an essential part of keeping people and property safe.
The Holiday Shopping Season: A Prime Opportunity for Triangulation Fraud
As e-commerce sales increase, so does the risk of hard-to-detect online fraud.
Navigating the Security Maze in a New Era of Cyberthreats
Multiple, dynamic threats have reshaped the cyber-risk landscape; ignore them at your peril.
Why Compliance Is No Longer King for Financial Services Cybersecurity
Financial services companies' experience in risk management serves them well when it comes to minimizing their cyber-risk.
Attackers Know Microsoft 365 Better Than You Do
Users have taken to Microsoft Office 365's tools, but many are unaware of free features that come with their accounts -- features that would keep them safe.
Avoiding a 1984-Like Future
We must not simply trust technology to be safe. Technology providers and users should agree on severe security practices, and these standards must be implemented wherever data goes.
Flash Dies but Warning Signs Persist: A Eulogy for Tech's Terrible Security Precedent
Flash will be gone by the end of the year, but the ecosystem that allowed it to become a software security serial killer is ready to let it happen again.
Cloud Security Threats for 2021
Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late.
From FUD to Fix: Why the CISO-Vendor Partnership Needs to Change Now
CISOs and their staffs are up against too many systems, screens, and alerts, with too few solutions to effectively address pain points.
Automated Pen Testing: Can It Replace Humans?
These tools have come a long way, but are they far enough along to make human pen testers obsolete?
Why I'd Take Good IT Hygiene Over Security's Latest Silver Bullet
Bells and whistles are great, but you can stay safer by focusing on correct configurations, posture management, visibility, and patching.
The Cybersecurity Skills Gap: It Doesn't Have to Be This Way
Once it becomes clear that off-the-shelf experts aren't realistic at scale, cultivating entry-level talent emerges as the only long-term solution -- not just for a hiring organization but for the field as a whole.
Can't Afford a Full-time CISO? Try the Virtual Version
A vCISO can align a company's information security program to business strategy and budgeting guidance to senior management.
Manchester United Cyberattack Highlights Controversy in Paying Ransomware Attackers
The Premier League English football (soccer) club team is reportedly being held to ransom by cyberattackers. Manchester United may face a difficult decision: whether to pay a ransom for release of its stolen data.
Why Vulnerable Code Is Shipped Knowingly
The business priority of speed of development and deployment is overshadowing the need for secure code.
Failing Toward Zero: Why Your Security Needs to Fail to Get Better
Each security incident should lead to a successive reduction in future incidences of the same type. Organizations that fail toward zero embrace failure and learn from their mistakes.
|
2020: The Year in SecurityDownload this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Tweet This
0 Comments
