CSO–The weak link in your enterprise security might lie with partners and suppliers. Here’s how to understand and mitigate that risk.
Supply chain attacks show why you should be wary of third-party providers Read More »
As an infosec professional, you’ve likely heard about using a cyber kill chain, also known as a cyber attack lifecycle, to help identify and prevent intrusions. Attackers are evolving their methods, which might require that you look at the cyber kill chain differently. What follows is a recap of what the cyber kill chain approach
What is the cyber kill chain? Why it’s not always the right approach to cyber attacks Read More »
Late last month, global distributed denial of service (DDoS) protection provider Cloudflare announced that it would no longer charge customers extra when they were under attack. The company claims to have nearly 10 million customers and a presence in 117 cities around the world, with enough capacity to handle more than 15 terabits of traffic
Unlimited DDoS protection the new norm after Cloudflare announcement Read More »
It happens in every company. Employees find a cool new online service that makes them more productive. They create free or low-cost accounts on devices they use for work, and get all their friends and colleagues to join up. The new cloud service is great. The interface is a joy to use, it comes with
Shadow cloud apps pose unseen risks Read More »
“We see it every day,” says Steven Lentz, CSO at Samsung Research America. “Something coming through, some exploit type, unknown ransomware. We’ve stopped several things with our defenses, either network-wise or at the end point.” The attacks that Lentz is worried about are fileless attacks, also known as zero-footprint attacks, macro, or non-malware attacks. These
What is a fileless attack? How hackers invade systems without installing software Read More »
People expect their email to be private between them and the recipient, but in reality, the contents of your email are exposed during transmission. Full end-to-end encryption would mean that only the receiver of the email can decrypt their messages, but sharing public keys and agreeing on a common encryption standard can be tricky for
Is universal end-to-end encrypted email possible (or even desirable)? Read More »
In June, South Korean hosting company Internet Nayana, Inc., was hit by a ransomware attack that took down its 153 Linux web servers — home to more than 5,000 customer websites. “I know that negotiations with hackers should not be done,” company CEO Hwang Chilghong said in a statement. “I would not negotiate with a
What’s new in ransomware? Read More »
The cybersecurity talent shortage keeps getting worse. According to Cybersecurity Ventures, the cost of cybercrime will double from $3 trillion globally in 2015 to $6 trillion by 2021. Meanwhile, the number of open cybersecurity jobs will increase from 1 million in 2016 to 1.5 million by 2019. Meanwhile, the scale and damage of the attacks
Look beyond job boards to fill cybersecurity jobs Read More »
The Office of Personnel Management breach in June 2015 was a big wake up call to our federal government, and, in its wake, a number of initiatives were launched to improve the government’s cybersecurity posture. Despite several concrete improvements, progress has stalled in some areas, as demonstrated by a series of assessments conducted since the
Two years after the OPM data breach: What government agencies must do now Read More »
Everybody knows and hates whitelisting. Employees are only allowed to install approved software on their desktops and laptops, so they’re always complaining and asking for exceptions. Management eventually gets fed up with it and stops the experiment. For mobile devices, enterprises have a number of tools at their disposal, including mobile device management. In addition,
With new dynamic capabilities, will whitelisting finally catch on? Read More »
The new European General Data Protection Regulation goes into effect next May, with onerous notification requirements and high penalties, but a year might not be enough for firms to get ready.Recent surveys show that most companies are not prepared for the regulations. According to a recent SailPoint survey, 80 percent see GDPR as a priority,
Few firms will be ready for new European breach disclosure rules, fines Read More »
The APT3 hacker group, which has been attacking government and defense industry targets since 2010, has been linked to the Chinese Ministry of State Security, according to a report by Recorded Future.Other attackers have been linked to the Chinese military, but this is the first time a group has been connected to Chinese intelligence, said
APT3 hackers linked to Chinese intelligence Read More »
Long Island’s Suffolk County is improving its emergency communications for National Hurricane Preparedness Week
Suffolk County greets hurricane season with updated alerting system Read More »
The massive scale of the recent WannaCry ransomware attack has exposed some significant weaknesses in global IT systems
WannaCry fallout — the worst is yet to come, experts say Read More »
As more groups get into the denial-of-service attack business they’re starting to get in each other’s way
Cybercrooks fight over DDoS attack resources Read More »
