Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Digital Distancing with Microsegmentation
Physical distancing has blunted a virus's impact; the same idea can be applied to computers and networks to minimize breaches, attacks, and infections.
3 SMB Cybersecurity Myths Debunked
Small and midsize businesses are better at cyber resilience than you might think.
How Elite Protectors Operationalize Security Protection
There is no silver bullet for cybersecurity. It takes the right people, with the right mindset, applying the right elements of good security from the data center to the SOC.
Standing Privilege: The Attacker's Advantage
The credential is a commodity and will continue to be breached. As a result, focus and spending must shift toward the access that the credentials provide.
What the World's Elite Protectors Teach Us about Cybersecurity
How to protect anyone and anything, from the perspective of a career Secret Service agent and former special operations marine.
Benefits of a Cloud-Based, Automated Cyber Range
A cyber range is an irreplaceable tool that allows cybersecurity professionals to improve their response capabilities as well as their ability to identify risks.
The Problem with Artificial Intelligence in Security
Any notion that AI is going to solve the cyber skills crisis is very wide of the mark. Here's why.
How an Industry Consortium Can Reinvent Security Solution Testing
By committing to independent testing to determine value, vendors will ensure that their products do what they say they do.
The Need for Compliance in a Post-COVID-19 World
With the current upheaval, business leaders may lose focus and push off implementing security measures, managing risk, and keeping up with compliance requirements. That's a big mistake.
Digital Transformation Risks in Front-end Code
Why making every front-end developer a DevSecOps expert will lead to a more holistic approach to web and native application security.
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Enterprises need to recognize that remote access and other pandemic-related security challenges cannot be fixed with buzzwords or silver-bullet security tools.
Long-Term Remote Work: Keeping Workers Productive & Secure
The pandemic has changed how we get work done. Now, data security must catch up.
Cybersecurity Extends Far Beyond Security Teams & Everyone Plays a Part
Security isn't about tools or technology; it's about establishing a broad, fundamental awareness and sense of responsibility among all employees.
The 3 Top Cybersecurity Myths & What You Should Know
With millions of employees now attempting to work from home, it's vital to challenge misconceptions about cybersecurity.
4 Challenges with Existing VPNs
A VPN is a step in the right direction, but it's not the be-all and end-all when it comes to security and falls short in many ways.
Compliance as a Way to Reduce the Risk of Insider Threats
Several key resources and controls can help reduce overall risk by providing guidance on proper control implementation, preventative measures to deploy, and an emphasis on organizationwide training.
Ensuring Business Continuity in Times of Crisis
Three basic but comprehensive steps can help you and your organization get through adversity
The Problem with Automating Data Privacy Technology
Managing complex and nuanced consumer rights requests presents a unique challenge for enterprises in today's regulated world of GDPR and CCPA. Here's why.
More Tips for Staying Safe While Working from Home
While some users are up to speed with the WFH protocol, it's worth adding a few more items to your security checklist.
The Modern SOC Demands New Skills
Automation and other technologies are improving the organizational structure of the security operations center. This is ultimately for the better, but it means that roles will change too.
Coronavirus, Data Privacy & the New Online Social Contract
How governments can protect personal privacy in contact tracing while saving peoples' lives
Rule of Thumb: USB Killers Pose Real Threat
They look just like a USB thumb drive, but instead of storing data, they can be used to destroy it and the device the data is saved on.
Why DevSecOps Is Critical for Containers and Kubernetes
DevSecOps is a big and sometimes difficult shift for organizations. The key to success? Take small steps.
Now More Than Ever? Securing the Software Life Cycle
The more things change, the more they stay the same. That's true for software security, even in these turbulent times.
Threat-Modeling Basics Using MITRE ATT&CK
When risk managers consider the role ATT&CK plays in the classic risk equation, they have to understand the role of threat modeling in building a complete risk scenario.
When Achieving Deadpool Status Is a Good Thing
It means attackers have been met with sufficient resistance that it's no longer worth their trouble and have moved on
Is CVSS the Right Standard for Prioritization?
More than 55% of open source vulnerabilities are rated high or critical. To truly understand a vulnerability and how it might affect an organization or product, we need much more than a number.
Malicious Use of AI Poses a Real Cybersecurity Threat
We should prepare for a future in which artificially intelligent cyberattacks become more common.
Designing Firmware Resilience for 3 Top Attack Vectors
Firmware has become an increasingly prevalent target for hackers. Here's how to stop them.
The Cybersecurity Hiring Conundrum: Youth vs. Experience
How working together across the spectrum of young to old makes our organizations more secure.
Industrial Networks' Newest Threat: Remote Users
We know remote working isn't going away anytime soon, so it's crucial we be extra vigilant about security for industrial networks and critical infrastructure.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
