Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
DevOps Security & the Culture of 'Yes'
Communication, collaboration, and the use of production data to drive decisions are essential for security work in a DevOps world.
Throw Out the Playbooks to Win at Incident Response
Four reasons why enterprises that rely on playbooks give hackers an advantage.
Dark Reading News Desk Live at Black Hat USA 2017
Over 40 interviews streaming live right from Black Hat USA, July 26-27, from 2 p.m. - 7 p.m. Eastern Time (11 - 4 P.T.).
The Right to Be Forgotten & the New Era of Personal Data Rights
Because of the European Union's GDPR and other pending legislation, companies must become more transparent in how they protect their customers' data.
10 Critical Steps to Create a Culture of Cybersecurity
Businesses are more vulnerable than they need to be. Here's what you should do about it.
How Women Can Raise Their Profile within the Cybersecurity Industry
Closing the cybersecurity gender gap won't happen overnight, but women can take can take steps to begin leveling the playing field.
Bots Make Lousy Dates, But Not Cheap Ones
The danger of dating sites: If a beautiful woman asks men to click on malware, they'll probably click.
20 Questions for Improving SMB Security
Security leaders in small and medium-sized business who want to up their game need to first identify where they are now, then, where they want to go.
DevOps & Security: Butting Heads for Years but Integration is Happening
A combination of culture change, automation, tools and processes can bring security into the modern world where it can be as agile as other parts of IT.
4 Steps to Securing Citizen-Developed Apps
Low- and no-code applications can be enormously helpful to businesses, but they pose some security problems.
SIEM Training Needs a Better Focus on the Human Factor
The problem with security information and event management systems isn't the solutions themselves but the training that people receive.
AWS S3 Breaches: What to Do & Why
Although basic operations in Amazon's Simple Storage Services are (as the name implies) - simple - things can get complicated with access control and permissions.
7 Deadly Sins to Avoid When Mitigating Cyberthreats
How digitally savvy organizations can take cyber resilience to a whole new dimension.
Black Hat to Host Discussion on Diversity
Panel of diversity pioneers will share their views and firsthand experience on how to make inclusion a priority in security.
How Security Pros Can Help Protect Patients from Medical Data Theft
The healthcare industry has been slow to address the dangers of hacking, and breaches are on the rise. Security pros must be more proactive in keeping people safe.
Dealing with Due Diligence
Companies will find themselves evaluating third-party cybersecurity more than ever -- and being subject to scrutiny themselves. Here's how to handle it.
The High Costs of GDPR Compliance
Looming, increasingly strict EU privacy regulations are pushing privacy spending to the top of IT priorities and budgets.
How Code Vulnerabilities Can Lead to Bad Accidents
The software supply chain is broken. To prevent hackers from exploiting vulnerabilities, organizations need to know where their applications are, and whether they are built using trustworthy components.
The SOC Is Dead…Long Live the SOC
The traditional security operations center can't deal with present reality. We must rethink the concept in a way that prepares for the future.
The Growing Danger of IP Theft and Cyber Extortion
The recent hacks of Disney and Netflix show the jeopardy that intellectual property and company secrets are in, fueled by cheap hacking tools and cryptocurrencies.
Avoiding the Dark Side of AI-Driven Security Awareness
Can artificial intelligence bring an end to countless hours of boring, largely ineffective user training? Or will it lead to a surveillance state within our information infrastructures?
The Problem with Data
The sheer amount of data that organizations collect makes it both extremely valuable and dangerous. Business leaders must do everything possible to keep it safe.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
