Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Is the Web Supply Chain Next in Line for State-Sponsored Attacks?
Attackers go after the weak links first, and the Web supply chain provides an abundance of weak links to target.
Digital Identity Is the New Security Control Plane
Simplifying the management of security systems helps provide consistent protection for the new normal.
Data Privacy Day 2021: Pandemic Response Data Must Align with Data Privacy Rules
Amid a pandemic, Data Privacy Day this year brings forth expanded responsibilities for organizations in the response to COVID-19.
4 Clues to Spot a Bot Network
Protect against misinformation and disinformation campaigns by learning how to identify the bot networks spreading falsehoods.
Security's Inevitable Shift to the Edge
As the edge becomes the place for DDoS mitigation, Web app security, and other controls, SASE is the management platform to handle them all.
Fighting the Rapid Rise of Cyber Warfare in a Changing World
Global cyber warfare is a grim reality, but strong public-private relationships and security frameworks can safeguard people, institutions, and businesses.
Mainframe Security Automation Is Not a Luxury
As cyber threats grow, even the most securable platform is vulnerable and requires adaptive autonomous protection.
2020's COVID Accelerated Digitalization Demands Stronger Cybersecurity in 2021
As critical infrastructure faces increasing and sophisticated attacks, these trends will enable the energy sector to shore up its cybersecurity defenses.
Why North Korea Excels in Cybercrime
North Korea is laser-focused on boosting its cyber capabilities, and it's doing a remarkable job of it.
Cloud Jacking: The Bold New World of Enterprise Cybersecurity
Increased reliance on cloud computing puts more weight on robust authentication systems to protect data against hijackers.
Rethinking IoT Security: It's Not About the Devices
Keeping IoT safe in the future will require securing the networks themselves. Focusing on the devices is a never-ending battle that will only become more burdensome.
Tips for a Bulletproof War Room Strategy
The techniques used in real-world combat apply in cybersecurity operations, except that instead of bullets flying downrange, it's packets.
The Most Pressing Concerns Facing CISOs Today
Building security into the software development life cycle creates more visibility, but CISOs still need stay on top of any serious threats on the horizon, even if they are largely unknown.
A Security Practitioner's Guide to Encrypted DNS
Best practices for a shifting visibility landscape.
How to Achieve Collaboration Tool Compliance
Organizations must fully understand the regulatory guidance on collaboration security and privacy so they can continue to implement and expand their use of tools such as Zoom and Teams.
Vulnerability Management Has a Data Problem
Security teams have an abundance of data, but most of it lacks the context necessary to improve remediation outcomes.
The Data-Centric Path to Zero Trust
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.
How to Boost Executive Buy-In for Security Investments
Linking security budgets to breach-protection outcomes helps executives balance spending against risk and earns CISOs greater respect in the C-suite.
Bringing Zero Trust to Secure Remote Access
Demand for secure remote access has skyrocketed during the pandemic. Here Omdia profiles more secure alternatives to virtual private network (VPN) technology.
Over-Sharer or Troublemaker? How to Identify Insider-Risk Personas
It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks.
SolarWinds Hack Lessons Learned: Finding the Next Supply Chain Attack
The SolarWinds supply chain compromise won't be the last of its kind. Vendors and enterprises alike must learn and refine their detection efforts to find the next such attack.
When It Comes To Security Tools, More Isn't More
Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success.
Top 5 'Need to Know' Coding Defects for DevSecOps
Integrating static analysis into the development cycle can prevent coding defects and deliver secure software faster.
The 3 Most Common Types of BEC Attacks (And What You Can Do About Them)
Always be skeptical and double check credentials.
How to Protect Your Organization's Digital Footprint
As the digital risk landscape evolves and grows, organizations must stay vigilant against online threats.
What You Need to Know About California's New Privacy Rules
Proposition 24 will change Californians' rights and business's responsibilities regarding consumer data protection.
COVID-19's Acceleration of Cloud Migration & Identity-Centric Security
Here are some tips for updating access control methods that accommodate new remote working norms without sacrificing security.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
