Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
CyberArk Leads the PAM Omdia Universe
With more staff working remotely, privileged access management (or PAM) has never been more important. Market forecasts, drivers, and trends are explored.
Research Highlights Significant Evolution in Email Security
Email security is in transition, from on-premises to the cloud, from inline to API-based, and from stand-alone to integrated into XDR. New research from Omdia highlights where the market is today, and where it is heading.
UK MoD Data Breach Shows Cybersecurity Must Protect Both People and Data
The UK MoD has failed to protect personally identifiable information (PII) for Afghan interpreters; the incident highlights how avoidable cybersecurity mistakes can have devastating consequences.
Biden Administration Responds to Geopolitical Cyber Threats
In response to growing concerns regarding the recent uptick in large-scale, nation-state-backed ransomware attacks on critical infrastructure, the Biden administration is taking new action to tackle the evolving challenges posed by ransomware attacks.
7 Ways AI and ML Are Helping and Hurting Cybersecurity
In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm.
Breaking Down the Threat of Going All-In With Microsoft Security
Limit risk by dividing responsibility for infrastructure, tools, and security.
4 Future Integrated Circuit Threats to Watch
Threats to the supply chains for ICs and other computer components are poised to wreak even more havoc on organizations.
How to Bridge On-Premises and Cloud Identity
Identity fabric, a cloud-native framework, removes the need for multiple, siloed, proprietary identity systems.
What to Look for in an Effective Threat Hunter
The most important personality traits, skills, and certifications to look for when hiring a threat hunting team.
Did the Cybersecurity Workforce Gap Distract Us From the Leak?
Cyber games can play a critical role in re-engaging our workforce and addressing the employee retention crisis.
4 Integrated Circuit Security Threats and How to Protect Against Them
Little-understood threats involving the IC supply chain are putting organizations around the world at risk.
Why We Need to Raise the Red Flag Against FragAttacks
Proliferation of wireless devices increases the risk that corporate networks will be attacked with this newly discovered breed of Wi-Fi-based cyber assault.
The Trouble With Automated Cybersecurity Defenses
While there's enormous promise in AI-powered tools and machine learning, they are very much a double-edged sword.
AI and Cybersecurity: Making Sense of the Confusion
Artificial intelligence is a maturing area in cybersecurity, but there are different concerns depending on whether you're a defender or an attacker.
It's in the Game (but It Shouldn't Be)
Five ways that game developers (and others) can avoid falling victim to an attack like the one that hit EA.
Cartoon Caption Winner: Sight Unseen
And the winner of Dark Reading's June contest is ...
Kaseya Hacked via Authentication Bypass
The Kaseya ransomware attack is believed to have been down to an authentication bypass. Yes, ransomware needs to be on your radar -- but good authentication practices are also imperative.
What Colonial Pipeline Means for Commercial Building Cybersecurity
Banks and hospitals may be common targets, but now commercial real estate must learn to protect itself against stealthy hackers.
Are Security Attestations a Necessity for SaaS Businesses?
Are security attestations becoming business imperatives, or are they merely token additions on the list of regulatory requirements?
Autonomous Security Is Essential if the Edge Is to Scale Properly
Service demands at the network edge mean customers need to get cost, performance, and security right.
It's High Time for a Security Scoring System for Applications and Open Source Libraries
A benchmarking system would help buyers choose more secure software products and, more importantly, light a fire underneath software producers to make products secure.
8 Ways to Preserve Legal Privilege After a Cybersecurity Incident
Knowing your legal distinctions can make defense easier should you end up in court after a breach, attack, or data loss.
Watch for Cybersecurity Games at the Tokyo Olympics
The cybersecurity professionals guarding the Summer Olympics are facing at least as much competition as the athletes, and their failure could have steeper ramifications.
WFH: A Smart Time to Revisit Employee Use of Social Media
Employers have their hands full when it comes to monitoring online activities that could hurt the brand or violate the organization's core values.
Why Are There Never Enough Logs During an Incident Response?
Most security pros believe their responses could be dramatically quicker were the right logs available, and usually they're not.
Stop Playing Catchup: Move From Reactive to Proactive to Defeat Cyber Threats
One-time reactive measures can't keep up. It's time to be proactive and pick our swords and not just our shields.
3 Things Every CISO Wishes You Understood
Ensuring the CISO's voice is heard by the board will make security top of mind for the business, its employees, and their customers.
Is Compliance-Only Security Giving Cybercriminals Your Security Playbook?
Compliance-only security strategies aren't working. CISOs should squarely focus on being secure while achieving compliance.
Technology's Complexity and Opacity Threaten Critical Infrastructure Security
Addressing the complexity of modern distributed software development is one of the most important things we can do to decrease supply chain risk.
3 Ways Cybercriminals Are Undermining MFA
Using multifactor authentication is an excellent security step, but like everything else, it is not foolproof and will never be 100% effective.
The Role of Encryption in Protecting LGBTQ+ Community Members
The Internet is a vital tool that helps LGBTQ+ community members communicate without fear of persecution -- and strong encryption is a critical part of this equation.
School's Out for Summer, but Don't Close the Book on Cybersecurity Training
Strengthening their security posture should be at the top of school IT departments' summer to-do list.
Boardroom Perspectives on Cybersecurity: What It Means for You
Because board members are paying close attention to security, security leaders must be able to respond to and alleviate their concerns with data.
Storms & Silver Linings: Avoiding the Dangers of Cloud Migration
We hear a lot about the sunlit uplands of cloud-powered business, but what about the risks of making information available across the organization?
When Will Cybersecurity Operations Adopt the Peter Parker Principle?
Having a prevention mindset means setting our prevention capabilities to "prevent" instead of relying on detection and response.
Expecting the Unexpected: Tips for Effectively Mitigating Ransomware Attacks in 2021
Cybercriminals continually innovate to thwart security protocols, but organizations can take steps to prevent and mitigate ransomware attacks.
Identity Eclipses Malware Detection at RSAC Startup Competition
All 10 finalists in the Innovation Sandbox were focused on identity, rather than security's mainstay for the last 20 years: Malware detection.
Does Your Cyberattack Plan Include a Crisis Communications Strategy? 5 Tips to Get Started
Don't overlook crisis communications in your cybersecurity incident response planning.
Are Ransomware Attacks the New Pandemic?
Ransomware has been a problem for decades, so why is government just now beginning to address it?
4 Habits of Highly Effective Security Operators
These good habits can make all the difference in advancing careers for cybersecurity operators who spend their days putting out fires large and small.
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Consider four factors and behaviors that impact a particular employee's risk, and how security training should take them into account.
Mission Critical: What Really Matters in a Cybersecurity Incident
The things you do before and during a cybersecurity incident can make or break the success of your response.
Cars, Medicine, Electric Grids: Future Hackers Will Hit Much More Than Networks in an IT/OT Integrated World
Intelligent systems must include the right cybersecurity protections to prevent physical threats to operational technology.
Keeping Your Organization Secure When Dealing With the Unexpected
There's no way to anticipate every possible scenario, but the right approach to business continuity can help you respond effectively in any situation.
Don't Get Stymied by Security Indecision
You might be increasing cyber-risk by not actively working to reduce it.
What Industrial Control System Vulnerabilities Can Teach Us About Protecting the Supply Chain
Older technologies used in industrial and critical infrastructure leave the sector highly vulnerable to attack, but organizations can take steps to better protect themselves.
How Does the Government Buy Its Cybersecurity?
The federal government is emphasizing cybersecurity regulation, education, and defense strategies this year.
Know Thy Enemy: Fighting Half-Blind Against Ransomware Won't Work
We lack reliable, representative, actionable data about ransomware's actual scope, scale, and impact. The Ransom Incident Response Network could change that.
Name That Toon: Sight Unseen
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
Colonial Pipeline Cyberattack Proves a Single Password Isn't Enough
Since the attack, it's been revealed that it was down to a single password. Yes, ransomware needs to be on your radar -- but a focus on credentials is vital.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
