Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
IDaaS: A New Era of Cloud Identity
As identity-as-a-service becomes the standard for enterprise identity management, upstarts and established competitors are competing to define the market's future. Participate in Omdia's IDaaS research.
COVID-19 Creates Opening for OT Security Reform
Operations technology was once considered low risk, at least until the virus came along and re-arranged the threat landscape.
Attacker Dwell Time: Ransomware's Most Important Metric
How to bolster security defenses by zeroing in on the length of time an interloper remains undetected inside your network.
Shifting Left of Left: Why Secure Code Isn't Always Quality Code
Enabling engineers to share responsibility for security and empowering them to erase common vulnerabilities are good starting points.
The Shared Irresponsibility Model in the Cloud Is Putting You at Risk
Step up, put the architecture and organization in place, and take responsibility. If you don't, who will?
Safeguarding Schools Against RDP-Based Ransomware
How getting online learning right today will protect schools, and the communities they serve, for years to come.
WannaCry Has IoT in Its Crosshairs
The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware.
Solving the Problem With Security Standards
More explicit threat models can make security better and open the door to real and needed innovation.
Since Remote Work Isn't Going Away, Security Should Be the Focus
These three steps will help organizations reduce long-term work-from-home security risks.
My Journey Toward SAP Security
When applications are critical to the business's core functions, the CISO and their staff better get the security right.
7 Non-Technical Skills Threat Analysts Should Master to Keep Their Jobs
It's not just technical expertise and certifications that enable analysts to build long-term careers in cybersecurity.
New Google Search Hacks Push Viruses & Porn
Three incidents demonstrate how cybercriminals leverage the scourge of black-hat search engine optimization to manipulate search results.
Permission Management & the Goldilocks Conundrum
In today's COVID-19 era, managing access has become even more difficult, especially for large organizations. Here's how to get it "just right."
5 Steps to Greater Cyber Resiliency
Work from home isn't going away anytime soon, and the increased vulnerability means cyber resiliency will continue to be critical to business resiliency.
Mitigating Cyber-Risk While We're (Still) Working from Home
One click is all it takes for confidential information to land in the wrong hands. The good news is that there are plenty of ways to teach preventative cybersecurity to remote workers.
Time for CEOs to Stop Enabling China's Blatant IP Theft
Protecting intellectual property in the name of US economic and national security should be part of every company's fiduciary duty.
Struggling to Secure Remote IT? 3 Lessons from the Office
The great remote work experiment has exacerbated existing challenges and exposed new gaps, but there are things to be learned from office challenges.
8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?
Cybersecurity Bounces Back, but Talent Still Absent
While the demand for cybersecurity talent rebounds, organizations will need to focus on cyber-enabled roles to fill immediate skills gaps.
Taking Security With You in the WFH Era: What to Do Next
As many organizations pivot to working from home, here are some considerations for prioritizing the new security protocols.
Encrypted Traffic Inference: An Alternative to Enterprise Network Traffic Decryption
Finding threats in encrypted inbound network traffic is complex and expensive for enterprises, but a fascinating new approach could eliminate the need for decryption.
Simplify Your Privacy Approach to Overcome CCPA Challenges
By building a privacy-forward culture from the ground up and automating processes, organizations can simplify their approach to privacy and be prepared for any upcoming regulations.
Open Source Security's Top Threat and What To Do About It
With open source developers regularly churning out new tools, the risk landscape has become too fragmented to properly monitor.
Fraud Prevention During the Pandemic
When the economy is disrupted, fraud goes up, so let's not ignore the lessons we can learn from previous downturns.
Managed IT Providers: The Cyber-Threat Actors' Gateway to SMBs
Criminals have made MSPs a big target of their attacks. That should concern small and midsize businesses a great deal.
Ripple20 Malware Highlights Industrial Security Challenges
Poor security practices allowed software vulnerabilities to propagate throughout industrial and IoT products for more than 20 years.
7 Cybersecurity Priorities for Government Agencies & Political Campaigns
As election season ramps up, organizations engaged in the process must strengthen security to prevent chaos and disorder from carrying the day. Here's how.
Top 5 Identity-Centric Security Imperatives for Newly Minted Remote Workers
In the wake of COVID-19, today's remote workforce is here to stay, at least for the foreseeable future. And with it, an increase in identity-related security incidents.
VPNs: The Cyber Elephant in the Room
While virtual private networks once boosted security, their current design doesn't fulfill the evolving requirements of today's modern enterprise.
8 Frequently Asked Questions on Organizations' Data Protection Programs
Adherence to data protection regulations requires a multidisciplinary approach that has the commitment of all employees. Expect to be asked questions like these.
The Hidden Security Risks of Business Applications
Today's enterprises depend on mission-critical applications to keep them productive, help better serve customers, and keep up with demand. It's important that they also know the risks.
Fake Data and Fake Information: A Treasure Trove for Defenders
Cybersecurity professionals are using false data to deceive cybercriminals, enabling them to protect networks in new and innovative ways.
5 Ways for Cybersecurity Teams to Work Smarter, Not Harder
Burnout is real and pervasive, but some common sense tools and techniques can help mitigate all that.
Don't Forget Cybersecurity on Your Back-to-School List
School systems don't seem like attractive targets, but they house lots of sensitive data, such as contact information, grades, health records, and more.
Why Kubernetes Clusters Are Intrinsically Insecure (& What to Do About Them)
By following best practices and prioritizing critical issues, you can reduce the chances of a security breach and constrain the blast radius of an attempted attack. Here's how.
ISO 27701 Paves the Way for a Strategic Approach to Privacy
As the first certifiable international privacy management standard, ISO 27701 is a welcome addition to the existing set of common security frameworks.
Why Are There Still So Many Windows 7 Devices?
As the FBI warns, devices become more vulnerable to exploitation as time passes, due to a lack of security updates and new, emerging vulnerabilities.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
