Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
How to Build Cyber Resilience in a Dangerous Atmosphere
Our polarized climate and COVID-19 are putting the nation's cybersecurity in imminent danger, and it's past time to act.
Mobile Endpoint Security: Still the Crack in the Enterprise's Cyber Armor
A combination of best practices and best-in-class technology will help keep your enterprise from falling victim to ever-growing threats.
Reducing the Risk of Third-Party SaaS Apps to Your Organization
Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks.
India: A Growing Cybersecurity Threat
Geopolitical tensions and a dramatic rise in offensive and defensive cyber capabilities lead India to join Iran, Russia, China, and North Korea as a top nation-state adversary.
Defending the COVID-19 Vaccine Supply Chain
We must treat this supply chain like a piece of our nation's critical infrastructure, just like the electrical grid or air traffic control system.
10 Benefits of Running Cybersecurity Exercises
There may be no better way to ascertain your organization's strengths and weaknesses than by running regular security drills.
Quarterbacking Vulnerability Remediation
It's time that security got out of the armchair and out on the field.
Enterprise IoT Security Is a Supply Chain Problem
Organizations that wish to take advantage of the potential benefits of IoT systems in enterprise environments should start evaluating third-party risk during the acquisition process.
Prepare to Fight Upcoming Cyber-Threat Innovations
Cybercriminals are preparing to use computing performance innovations to launch new types of attacks.
Security as Code: How Repeatable Policy-Driven Deployment Improves Security
The SaC approach lets users codify and enforce a secure state of application configuration deployment that limits risk.
We Have a National Cybersecurity Emergency -- Here's How We Can Respond
Let's prioritize bipartisan strategic actions that can ensure our national security and strengthen the economy. Here are five ideas for how to do that.
2021 Cybersecurity Predictions: The Intergalactic Battle Begins
There's much in store for the future of cybersecurity, and the most interesting things aren't happening on Earth.
VPNs, MFA & the Realities of Remote Work
The work-from-home-era is accelerating cloud-native service adoption.
Corporate Credentials for Sale on the Dark Web: How to Protect Employees and Data
It's past time to retire passwords in favor of other methods for authenticating users and securing systems.
Why the Weakest Links Matter
The recent FireEye and SolarWinds compromises reinforce the fact that risks should be understood, controls should be in place, and care should be taken at every opportunity.
SSO and MFA Are Only Half Your Identity Governance Strategy
We need better ways to manage user identities for accessing applications, especially given the strain it places on overworked IT and security teams.
Nowhere to Hide: Don't Let Your Guard Down This Holiday Season
Harden your defenses to ensure that your holiday downtime doesn't become an open door for cyber threats.
The Private Sector Needs a Cybersecurity Transformation
Cybersecurity must get to the point where it's equated with actually stopping an attack by identifying the methods the bad guys use and taking those methods away.
Startups Should Do Things That Don't Scale, but Security Isn't One of Them
Emerging businesses that don't embrace scalable security do so at their own peril.
Penetration Testing: A Road Map for Improving Outcomes
As cybersecurity incidents gain sophistication, to ensure we are assessing security postures effectively, it is critical to copy real-world adversaries' tools, tactics, and procedures during testing activities.
Cloud Identity and Access Management: Understanding the Chain of Access
Here's where enterprises encounter challenges with cloud IAM and the best practices they should follow to correct these mistakes.
The Line Between Physical Security & Cybersecurity Blurs as World Gets More Digital
Security teams are being challenged by the connected nature of IP devices, and preventing them from being compromised by cybercriminals has become an essential part of keeping people and property safe.
The Holiday Shopping Season: A Prime Opportunity for Triangulation Fraud
As e-commerce sales increase, so does the risk of hard-to-detect online fraud.
Navigating the Security Maze in a New Era of Cyberthreats
Multiple, dynamic threats have reshaped the cyber-risk landscape; ignore them at your peril.
Why Compliance Is No Longer King for Financial Services Cybersecurity
Financial services companies' experience in risk management serves them well when it comes to minimizing their cyber-risk.
Attackers Know Microsoft 365 Better Than You Do
Users have taken to Microsoft Office 365's tools, but many are unaware of free features that come with their accounts -- features that would keep them safe.
Avoiding a 1984-Like Future
We must not simply trust technology to be safe. Technology providers and users should agree on severe security practices, and these standards must be implemented wherever data goes.
Flash Dies but Warning Signs Persist: A Eulogy for Tech's Terrible Security Precedent
Flash will be gone by the end of the year, but the ecosystem that allowed it to become a software security serial killer is ready to let it happen again.
Cloud Security Threats for 2021
Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late.
From FUD to Fix: Why the CISO-Vendor Partnership Needs to Change Now
CISOs and their staffs are up against too many systems, screens, and alerts, with too few solutions to effectively address pain points.
Automated Pen Testing: Can It Replace Humans?
These tools have come a long way, but are they far enough along to make human pen testers obsolete?
Why I'd Take Good IT Hygiene Over Security's Latest Silver Bullet
Bells and whistles are great, but you can stay safer by focusing on correct configurations, posture management, visibility, and patching.
The Cybersecurity Skills Gap: It Doesn't Have to Be This Way
Once it becomes clear that off-the-shelf experts aren't realistic at scale, cultivating entry-level talent emerges as the only long-term solution -- not just for a hiring organization but for the field as a whole.
Can't Afford a Full-time CISO? Try the Virtual Version
A vCISO can align a company's information security program to business strategy and budgeting guidance to senior management.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
