Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
The Good News about Cross-Domain Identity Management
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours
The situation Facebook is in should be prompting all security teams to evaluate just how defenseless or protected the people in their organizations are.
Machine Learning, Artificial Intelligence & the Future of Cybersecurity
The ability to learn gives security-focused AI and ML apps unrivaled speed and accuracy over their more basic, automated predecessors. But they are not a silver bullet. Yet.
Getting Revolutionary (Not Evolutionary) about Cybersecurity
Being a security revolutionary isn't purely about new, ground-breaking ideas. It's about anticipating, outpacing, and influencing your world, both internally and externally. Here are five keys to success.
How to Empower Today's 'cISOs'
Although many security leaders have a C in their title, not all are true capital-C "Chiefs." Here are three ways to live up to the job description.
New Threats, Old Threats: Everywhere a Threat
First-quarter data shows cryptojacking on the rise -- but don't count out some "classic" threats just yet.
Bridging the Cybersecurity Talent Gap
There's no one surefire way of fixing the problem, which endangers everyone's security. There are, however, several options we should try.
GDPR, WHOIS & the Impact on Merchant Risk Security Monitoring
The EU's General Data Protection Regulation will make it harder for law enforcement, forensic investigators, and others to track down everything from credit card fraud to child porn rings.
A Data Protection Officer's Guide to the Post-GDPR Deadline Reality
The EU's General Data Protection Regulation deadline is here -- now what? These four tips can help guide your next steps.
The Good & Bad News about Blockchain Security
Blockchain technology promises many things. But to succeed, it must offer users a better plan against hackers.
Is Threat Intelligence Garbage?
Most security professionals in a recent survey said that threat intelligence doesn't work. So why all the hype?
GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'
There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.
The State of Information Sharing 20 Years after the First White House Mandate
Finally! Actionable guidance for ISACs and enterprises on what threat intel to share, how to share it, and which key technologies will automate redaction and protect privacy.
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Unit 8200 doesn't follow a conventional recruiting model. Technical knowledge isn't a requirement. The unit values traits that emphasize problem-solving and interpersonal skills, and it uses hiring processes that build female leaders.
How to Hang Up on Fraud
Three reasons why the phone channel is uniquely vulnerable to spoofing and what call centers are doing about it.
The Risks of Remote Desktop Access Are Far from Remote
RDP is used by fraudsters to steal and monetize data more often than you might think. But there are ways to stay safe.
Why Isn't Integrity Getting the Attention It Deserves?
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
Want Your Daughter to Succeed in Cyber? Call Her John
It's time to "do the right thing" when it comes to gender in the hiring and promotion of women in cybersecurity. Four women (and a man named John) offer practical solutions for shifting the balance.
Taming the Chaos of Application Security: 'We Built an App for That'
Want to improve the state of secure software coding? Hide the complexity from developers.
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
There's a major disconnect between Internet of Things governance and risk management, according to a new report. Follow these five steps to address the risks.
The New Security Playbook: Get the Whole Team Involved
Smart cybersecurity teams are harnessing the power of human intelligence so employees take the right actions.
Risky Business: Deconstructing Ray Ozzie's Encryption Backdoor
With the addition of secure enclaves, secure boot, and related features of "Clear," the only ones that will be able to test this code are Apple, well-resourced nations, and vendors who sell jailbreaks.
Ready or Not: Transport Layer Security 1.3 Is Coming
Better encryption could mean weaker security if you're not careful.
20 Signs You Are Heading for a Retention Problem
If you don't invest in your best security talent, they will look to burnish their resumes elsewhere. Here's why.
Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules
Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.
Properly Framing the Cost of a Data Breach
The expenses and actions typically associated with a cyberattack are not all created equal. Here's how to explain what's important to the C-suite and board.
Breakout Time: A Critical Key Cyber Metric
Why organizations need to detect an intrusion in under a minute, understand it in under 10 minutes, and eject the adversary in under an hour.
Defending Against an Automated Attack Chain: Are You Ready?
Recent threats like AutoSploit bring malware-as-a-service to a whole new level. Here are four ways to be prepared.
We're Doing Security Wrong!
When you simply heap technology onto a system, you limit your hiring pool and spread your employees too thin. Focus on your people instead.
GDPR Requirements Prompt New Approach to Protecting Data in Motion
The EU's General Data Protection Regulation means that organizations must look at new ways to keep data secure as it moves.
Spring Clean Your Security Systems: 6 Places to Start
The sun is shining and you have an extra kick in your step. Why not use that newfound energy to take care of those bothersome security tasks you've put off all winter?
A Data Protection Officer's Guide to GDPR 'Privacy by Design'
These five steps can show you how to start building your foundational privacy program for the EU's General Data Protection Regulation.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
