Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Dear Cyber Criminals: We’re Not Letting Our Guard Down in 2015
Next year, you’ll keep exploiting vulnerabilities, and we’ll make sure our systems are patched, our antivirus is up to date, and our people are too smart to click the links you send them.
4 Infosec Resolutions For The New Year
Don’t look in the crystal ball, look in the mirror to protect data and defend against threats in 2015.
A 2014 Lookback: Predictions vs. Reality
It was a tumultuous year for cyber security, but it drove the adoption of incident response plans and two-factor authentication.
Why Digital Forensics In Incident Response Matters More Now
By understanding what happened, when, how, and why, security teams can prevent similar breaches from occurring in the future.
How PCI DSS 3.0 Can Help Stop Data Breaches
New Payment Card Industry security standards that took effect January 1 aim to replace checkmark mindsets with business as usual processes. Here are three examples.
Security News No One Saw Coming In 2014
John Dickson shares his list (and checks it twice) of five of the most surprising security headlines of the year.
The Internet's Winter Of Discontent
The new great cybersecurity challenge in trying to sum up the most dangerous weaknesses in the world’s connected economy is that the hits just keep on coming.
Time To Rethink Patching Strategies
In 2014, the National Vulnerability Database is expected to log a record-breaking 8,000 vulnerabilities. That's 8,000 reasons to improve software quality at the outset.
5 Pitfalls to Avoid When Running Your SOC
The former head of the US Army Cyber Command SOC shares his wisdom and battle scars about playing offense not defense against attackers.
The New Target for State-Sponsored Cyber Attacks: Applications
Skilled hackers are now using simple web application vulnerabilities like SQL Injection to take over database servers. Are you prepared to defend against this new type of threat actor?
2014: The Year of Privilege Vulnerabilities
Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of "least privilege" could limit the impact of malware and raise the bar of difficulty for attackers.
Dark Reading Radio: How To Become A CISO
Find out what employers are really looking for in a chief information security officer.
Ekoparty Isn’t The Next Defcon (& It Doesn’t Want To Be)
Unlike American security conferences that offer a buffet of merchandise, meals, and drinks, Ekoparty, in Buenos Aires, is every bit as functional -- with a little less fluff.
Shadow IT: Not The Risk You Think
Enterprise cloud services such as Box, Office 365, Salesforce, and Google Apps can make a better case for being called sanctioned than many legacy, on-premises, IT-provisioned applications.
Cyber Security Practices Insurance Underwriters Demand
Insurance underwriters aren’t looking for companies impervious to risk. They want clients that understand the threat landscape and have demonstrated abilities to mitigate attacks.
Smartphones Get Headlines, But Lax USB Security Is Just As Risky
Most companies use no software to detect or secure sensitive data when it is moved to a USB flash drive, or even check USB drives for viruses or malware.
Internet Of Things: 3 Holiday Gifts That Will Keep CISOs Up At Night
If you think BYOD policies will protect your infrastructure from the January influx of mobile hotspots, fitness trackers, and Bluetooth, think again.
Open Source Encryption Must Get Smarter
When it comes to cryptography, there are quite a few myths in the age-old debate about proprietary versus open source application security.
Poll: The Perimeter Has Shattered!
The traditional corporate network perimeter is not dead, but its amorphous shape is something new and indescribable.
Moving Beyond 2-Factor Authentication With ‘Context’
2FA isn’t cheap or infallible -- in more ways than two.
Why ‘Regin’ Malware Changes Threatscape Economics
Never before have attackers been able to deploy a common malware platform and configure it as necessary with low-cost, quick-turnaround business logic apps.
How Startups Can Jumpstart Security Innovation
One of the best places for CISOs to turn for a cutting-edge cyber security strategy is the burgeoning world of startups. Here’s how to find them.
Leveraging The Kill Chain For Awesome
There are good reasons the Kill Chain is being used by some of the most successful information security teams around. Here are three.
Breaking the Code: The Role of Visualization in Security Research
In today’s interconnected, data rich IT environments, passive inspection of information is not enough.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
