Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
'Phoning Home': Your Latest Data Exfiltration Headache
Companies phone enterprise customer data home securely and for a variety of perfectly legitimate and useful reasons. The problems stem from insufficient disclosure.
Who Gets Privileged Access & How to Enforce It
Let's begin by re-evaluating IT infrastructures to determine who has access to what, why, and when.
Tough Love: Debunking Myths about DevOps & Security
It's time to move past trivial 'shift left' conceptions of DevSecOps and take a hard look at how security work actually gets accomplished.
Beat the Heat: Dark Reading Caption Contest Winners
Phishing, token codes, training, MFA, polluted data entry, and whales. And the winners are ...
The Flaw in Vulnerability Management: It's Time to Get Real
Companies will never be 100% immune to cyberattacks. But by having a realistic view of the basics, starting with endpoint vulnerabilities, we can build for a safer future.
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
The old-school technology is experiencing new popularity, but too many people assume mainframes are inherently secure.
Why Companies Fail to Learn from Peers' Mistakes (and How They Can Change)
Far too often, there's a new breach in the headlines. Companies need to start learning some obvious lessons.
Microservices Flip App Security on Its Head
With faster application deployment comes increased security considerations.
The California Consumer Privacy Act's Hidden Surprise Has Big Legal Consequences
The CCPA's provision devoted to 'reasonable' cybersecurity procedures and policies could trip up your business. Get ready now.
History Doesn't Repeat Itself in Cyberspace
The 10th anniversary of the US Cyber Command is an opportunity to prepare for unknowns in the rapidly changing cybersecurity landscape.
6 Security Considerations for Wrangling IoT
The Internet of Things isn't going away, so it's important to be aware of the technology's potential pitfalls.
It's (Still) the Password, Stupid!
The best way to protect your identity in cyberspace is the simplest: Use a variety of strong passwords, and never, ever, use "123456" no matter how easy it is to type.
Yes, FaceApp Really Could Be Sending Your Data to Russia
FaceApp has an unprecedented level of access to data from 150 million users. What could its endgame be? We unpack three potential risks.
Rethinking Website Spoofing Mitigation
Deception technology is evolving rapidly, making it easier for organizations to turn the tables on their attackers. Here's how.
When Perceived Cybersecurity Risk Outweighs Reality
Teams need to manage perceived risks so they can focus on fighting the real fires.
Security & the Infinite Capacity to Rationalize
To improve the security posture of our organizations, we must open our eyes to rationalization and put an end to it with logic. Here's how.
Fighting Back Against Mobile Fraudsters
The first step toward identifying and preventing mobile fraud threats is acknowledging that mobile security requires a unique solution.
Black Hat: A Summer Break from the Mundane and Controllable
Enjoy the respite from the security tasks that await you back at home. Then prepare yourself for the uphill battles to come. Here's how.
Demystifying New FIDO Standards & Innovations
Staying on top of the latest cybersecurity risks and preferred attack methods can feel impossible, but standards like FIDO2 are designed to help relieve the burden.
SecOps Success Through Employee Retention
To keep your turnover low, focus on these areas: compensation, advancement opportunities, training, and environment.
Why the Network Is Central to IoT Security
Is there something strange about your network activity? Better make sure all of your IoT devices are under control.
The Attribution Trap: A Waste of Precious Time & Money
Aiming for attribution doesn't help most organizations become more secure. It can actually have the opposite effect.
Transforming 'Tangible Security' into a Competitive Advantage
Today's consumers want to see and touch security. Meeting this demand will be a win-win for everyone, from users to vendors to security teams.
CISOs Must Evolve to a Data-First Security Program
Such a program will require effort and reprioritization, but it will let your company fight modern-day threats and protect your most important assets.
4 Network Security Mistakes Bound to Bite You
It's Shark Week again! Are you ready to outmaneuver sharks of the cyber variety? These tips can help.
3 Takeaways from the First American Financial Breach
Data leaks from business logic flaws are not well understood and difficult to identify before they reach production environments. Here's how to find and prevent them.
Answer These 9 Questions to Determine if Your Data Is Safe
Data protection regulations are only going to grow tighter. Make sure you're keeping the customer's best interests in mind.
The Commoditization of Multistage Malware Attacks
Malware that used to be advanced is now available to everyone. These three actions could help you stay safer.
The War for Cyber Talent Will Be Won by Retention not Recruitment
Six steps for creating a work environment that challenges, stimulates, rewards, and constantly engages employees fighting the good fight against cybercriminals.
CISO Pressures: Why the Role Stinks and How to Fix It
CISOs spend much less time in their role than other members of the boardroom. It's a serious problem that must be addressed.
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Why apples-to-apples performance tests are the only way to accurately gauge the impact of network security products and solutions.
How Capture the Flag Competitions Strengthen the Cybersecurity Workforce
These competitions challenge participants with problems involving digital forensics, cryptography, binary analysis, web security, and many other fields.
Calculating the Value of Security
What will it take to align staff and budget to protect the organization?
A Password Management Report Card
New research on password management tools identifies the relative strengths and weaknesses of 12 competing offerings.
For Real Security, Don't Let Failure Be Your Measure of Success
For too long, we've focused almost exclusively on keeping out the bad guys rather than what to do when they get in (and they will).
How Attackers Infiltrate the Supply Chain & What to Do About It
With some security best practices, enterprises can significantly reduce the chances that a potential supply chain attack will affect business operations.
Is 2019 the Year of the CISO?
The case for bringing the CISO to the C-suite's risk and business-strategy table.
Is Machine Learning the Future of Cloud-Native Security?
The nature of containers and microservices makes them harder to protect. Machine learning might be the answer going forward.
A Lawyer’s Guide to Cyber Insurance: 4 Basic Tips
The time to read the fine print in your cybersecurity insurance policy is before you sign on the dotted line.
Most Organizations Lack Cyber Resilience
Despite increasing threats, many organizations continue to run with only token cybersecurity and resilience.
The Security of Cloud Applications
Despite the great success of the cloud over the last decade, misconceptions continue to persist. Here's why the naysayers are wrong.
Why You Need a Global View of IT Assets
It may seem obvious, but many companies lose sight of the fact that they can't protect what they don't know they even have.
4 Reasons Why SOC Superstars Quit
Security analysts know they are a hot commodity in the enviable position of writing their own ticket. Here's how to keep them engaged, challenged, and happy.
Cloud Security and Risk Mitigation
Just because your data isn't on-premises doesn't mean you're not responsible for security.
Insider Threats: An M&A Dealmaker's Nightmare
Because data has never been more portable, taking it has never been easier. And that's a huge problem during mergers and acquisitions.
20 Questions to Ask During a Real (or Manufactured) Security Crisis
There are important lessons to be learned from a crisis, even the ones that are more fiction than fact.
Disarming Employee Weaponization
Human vulnerability presents a real threat for organizations. But it's also a remarkable opportunity to turn employees into our strongest cyber warriors.
In Cybercrime's Evolution, Active, Automated Attacks Are the Latest Fad
Staying ahead can feel impossible, but understanding that perfection is impossible can free you to make decisions about managing risk.
The Case for Encryption: Fact vs. Fiction
The common belief that encryption enables bad behavior primarily used by thieves, international terrorists, and other villainous characters is simply not true. Here's why.
Building the Future Through Security Internships
Akamai University, a 12-week internship program, was built from the ground up with the goal of promoting the student not the company.
|
Latest Comment: Lifeguard: [ waving naval flags ] Slide back to the firewall! You are blocking the ports! Repeat! You are blocking the bubble ...
7 Threats & Disruptive Forces Changing the Face of CybersecurityThis Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Here’s some insight on what's working – and what isn't – in the data center.
Tweet This
0 Comments
