Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
DevSecOps: The Answer to the Cloud Security Skills Gap
There's a skills and resources gap industrywide, but a DevSecOps approach can go a long way toward closing that gap.
BSIMM10 Shows Industry Vertical Maturity
The Building Security In Maturity Model is the only detailed measuring stick for software security initiatives, and it continues to evolve.
5 Cybersecurity CISO Priorities for the Future
Seven chief information security officers share their pain points and two-year spending plans.
How Does Your Cyber Resilience Measure Up?
The security measures companies take today may not be enough for tomorrow's cyber assault, but switching to a proactive, risk-based framework may better protect your organization.
Cybersecurity: An Organizationwide Responsibility
C-suite execs must set an example of good practices while also supporting the IT department with enough budget to protect the organization from next-generation cyberattacks.
Breaches Are Inevitable, So Embrace the Chaos
Avoid sinking security with principles of shipbuilding known since the 15th century.
Unreasonable Security Best Practices vs. Good Risk Management
Perfection is impossible, and pretending otherwise just makes things worse. Instead, make risk-based decisions.
The Myths of Multifactor Authentication
Organizations without MFA are wide open to attack when employees fall for phishing scams or share passwords. What's holding them back?
SHAKEN/STIR: Finally! A Solution to Caller ID Spoofing?
The ubiquitous Caller ID hasn't changed much over the years, but the technology to exploit it has exploded. That may be about to change.
Why Cyber-Risk Is a C-Suite Issue
Organizations realize the scale of cyber-risk but lack counter-actions to build resilience.
5 Security Processes You Shouldn't Overlook During M&A
Security needs to be a central element of due diligence if a merger or acquisition is to succeed
9 Principles to Simplify Security
This isn't a one-size-fits-all situation. Simplify as much as you can, as the saying goes, but no more than that.
To Prove Cybersecurity's Worth, Create a Cyber Balance Sheet
How tying and measuring security investments to business impacts can elevate executives' understanding and commitment to cyber-risk reduction.
The Cold Truth about Cyber Insurance
There is no premium that will recover the millions of dollars your company spends on R&D if your intellectual property is hacked and stolen.
Social Media: Corporate Cyber Espionage's Channel of Choice
Proactive defense and automation can help your company deal with scale and prioritize risks in order to more efficiently fight cyber espionage.
The Uphill Battle of Triaging Alerts
Prioritizing alerts is foundational to security, but almost every organization struggles to manage this process efficiently. Here's what you can do about it.
The State of Email Security and Protection
Phishing and ransomware top the list of security risks that organizations are not fully prepared to deal with.
Enterprise Web Security: Risky Business
Web development is at much more risk than commonly perceived. As attackers eye the enterprise, third-party code provides an easy way in.
To Secure Multicloud Environments, First Acknowledge You Have a Problem
Multicloud environments change rapidly. Organizations need a security framework that is purpose-built for the cloud and that aligns with their digital transformation strategy.
Raising Security Awareness: Why Tools Can't Replace People
Training your people and building relationships outside of the security organization is the most significant investment a CISO can make.
Quantifying Security Results to Justify Costs
The CISO job isn't to protect the entire business from all threats for any budget. It's to spell out what level of protection executives can expect for a given budget.
9 Ways Data Vampires Are Bleeding Your Sensitive Information
Pull a Van Helsing on those sucking the lifeblood from your data and intellectual property.
Email Threats Poised to Haunt Security Pros into Next Decade
Decentralized threat intel sharing, more public-private collaboration, and greater use of automated incident response are what's needed to combat phishing
Hacking Phones: How Law Enforcement Is Saving Privacy
It's no longer true that society must choose to either weaken everybody's privacy or let criminals run rampant.
Why Cloud-Native Applications Need Cloud-Native Security
Today's developers and the enterprises they work for must prioritize security in order to reap the speed and feature benefits these applications and new architectures provide.
Why It's Imperative to Bridge the IT & OT Cultural Divide
As industrial enterprises face the disruptive forces of an increasingly connected world, these two cultures must learn to coexist.
5 Things the Hoodie & the Hard Hat Need to Know About Each Other
Traditionally, the worlds of IT (the hoodie) and OT (the hard hat) have been separate. That must change.
4 Security Lessons Federal IT Pros Can Teach the Private Sector
With a little research and basic planning, small companies can make big strides against the cybersecurity threats they face. Here's how.
It's Time to Improve Website Identity Indicators, Not Remove Them
Why Google and Mozilla are wrong about the benefits of Extended Validation certificates that aim to prevent fraud and protect user privacy.
Why Organizations Must Quantify Cyber-Risk in Business Terms
The rising costs of breaches and regulatory fines are driving demand for better measurement and articulation of business impacts.
Planning a Zero-Trust Initiative? Here's How to Prioritize
If you start by focusing on users, data, access, and managed devices, you will make major strides toward achieving better security.
Report: 2020 Presidential Campaigns Still Vulnerable to Web Attacks
Nine out of 12 Democratic candidates have yet to enable DNSSEC, a simple set of extensions that stops most targeted domain-based attacks.
The AI (R)evolution: Why Humans Will Always Have a Place in the SOC
In cybersecurity, the combination of men, women and machines can do what neither can do alone -- form a complementary team capable of upholding order and fighting the forces of evil.
Keeping Too Many Cooks out of the Security Kitchen
A good security team helps the business help itself operate more securely -- soliciting input while adhering to a unified strategy, vision, goals, and priorities.
SOC Operations: 6 Vital Lessons & Pitfalls
There is no one road to security operations success, but these guidelines will smooth your path.
SOC Puppet: Dark Reading Caption Contest Winners
Social engineering, SOC analysts, and Sock puns. And the winners are:
Smart Prevention: How Every Enterprise Can Create Human Firewalls
Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets.
Data Privacy Protections for the Most Vulnerable — Children
The business case for why companies that respect the privacy of individuals, and especially minors, will have a strong competitive advantage.
Schadenfreude Is a Bad Look & Other Observations About Recent Disclosures
The debate about whether Android or iOS is the more inherently secure platform misses the larger issues that both platforms are valuable targets and security today is no guarantee of security tomorrow.
Federal CIOs Zero In on Zero Trust
Here's how federal CIOs can begin utilizing the security concept and avoid predictable obstacles.
5 Steps to Protect Against Ransomware Attacks
Paying a ransom is strongly discouraged by experts. So, how do you protect your organization?
Why Bricking Vulnerable IoT Devices Comes with Unintended Consequences
Infosec vigilantism can cause serious harm in the era of industrial IoT and connected medical devices.
The Connected Cybercrime Ecosystem & the Impact of the Capital One Breach
A company's security battle is not between that company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem.
Close the Gap Between Cyber-Risk and Business Risk
Four steps outlining how security teams can better understand their company's cyber-risk and demonstrate to company leadership what's being done to mitigate the resulting business risk.
How to Think Like a Hacker
In the arms race of computer security, it's never been more important to develop an adversarial mindset that can identify assumptions and determine if and how they can be violated.
Network Security Must Transition into the Cloud Era
An integrated approach is the best way to provide organizations with the tools they need to decrease the attack surface and use strong security controls.
A Realistic Threat Model for the Masses
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
How the Software-Defined Perimeter Is Redefining Access Control
In a world where traditional network boundaries no longer exist, VPNs are showing their age.
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
As in any battle, understanding and exploiting the terrain often dictates the outcome.
Beyond the Horde: The Uptick in Targeted Attacks (And How to Fight Back)
We're seeing a dramatic rise in targeted attacks, but following these guidelines can help your enterprise stay safe.
|
Latest Comment: "Looks like the Trojans are evolving into a more focused attack mode."
Navigating the Deluge of Security DataIn this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industry’s conventional wisdom. Here’s a look at what they’re thinking about.
Tweet This
1 Comments
