The best way to take a holistic approach to the current threat landscape is to define security issues as business problems and then put the problem before the solution - not the other way around, contends RSA CTO Zulfikar Ramzan.
Although cybersecurity plans sometimes clash with business goals, the role of security should be to enable the business and not necessarily lock everything down, says Andrew Woodward of Australia's Edith Cowan University.
The FIN7 cybercrime gang regularly phoned victims, posing as buyers, to trick victims into opening phishing emails and attachments with malware, federal prosecutors allege. The group's success - 15 million stolen payment cards and counting - is one measure of how difficult these types of attacks are to block.
Web application security is much more than an IT problem. It can become a significant business problem if not handled properly. Attacks on web applications can by-pass your security and harm your business by creating unwanted downtime, reducing availability and responsiveness and shattering trust with your customers...
Cyberattacks should be top of mind more than ever before. These attacks have never been limited to an individual endpoint, an individual system, or an individual company. Threat actors can now spread malicious content and execute attacks all over the world, crossing borders and industries, in a matter of seconds....
One measure of why it's so difficult for organizations to keep their software patched and better secured: Of the nearly 20,000 unique vulnerabilities in 2,000 products cataloged last year, only half involved Microsoft, Adobe, Java, Chrome or Firefox software, says Flexera's Alejandro Lavie.
What advice does the world's first CISO have for the current generation of CISOs? Stephen Katz emphasizes, first and foremost, that cybersecurity must be treated as a business risk management issue rather than a technology issue. He'll be a featured speaker at ISMG's Security Summit in New York Aug. 14-15.
The fundamentals of governance, risk and compliance are sorely lacking in too many organizations that are striving to improve cybersecurity, says Malcolm Palmore, an assistant special agent at the FBI.
Finding threats in your big data can be like finding a needle in a haystack. Splunk Enterprise Security streamlines the process by extracting indicators of compromise (IOCs) in your threat intelligence data to help you pinpoint potential attack activity in your enterprise.
Download this whitepaper to learn about a...
"Our risk landscape has changed from protecting the things that we operate to protecting the things that we buy, and that's why third party risk management is the place where people are really focusing," says Joel de la Garza of the venture capital firm Andreessen Horowitz.
Better, stronger fraud-detection intelligence - that's the promise of the new 3-D Secure 2.0 protocol for digital merchants, networks and financial institutions. But what should organizations do to prepare? James Jenkins of CA Technologies weighs in.
Spear phishing attacks are in the news again following the Justice Department's indictment of Russian military intelligence officers for alleged attacks against U.S. politicians and county and state election boards. Here's how to play better phishing defense.
When executives take an active role in understanding cyber security risks (industry-specific and global) and collaborating with their C-level peers, the organisation becomes considerably better positioned to protect its critical assets.
"Executives need to figure out what really matters to them. What are the...
RoboCent, a company that specializes in robocalling voters, left nearly 3,000 files containing detailed data about Virginia voters online by mistake. The data has been secured, but the incident points again to ongoing problems of security misconfigurations in repositories and lack of end-to-end encryption.
The National Cybersecurity Center of Excellence (NCCoE) at NIST has created a series of free resources touting best industry practices that utilize the latest technology, automation and system controls to guide industry professionals through minimizing their cyber risks and identifying threats. These practices go a...