Obstacles including budget concerns, time constraints, stubborn company culture, or a lack of cybersecurity best practices can seem overwhelming, especially to a smaller organization with limited resources. Fortunately, there are reasonable solutions to each of these roadblocks that can help all organizations be more secure.
The new NIST standards for IAST and RASP are a testament that outside-in AppSec approaches are antiquated, inefficient, and ineffective. Security instrumentation is more than a paradigm shift of the future—it is an opportunity for today.
Outsourcing has become a vital part of most business strategies. Not only is it a way to save money, but it’s a simple way to take advantage of expertise you might not currently have in house. But outsourcing can also leave companies vulnerable if the third-party doesn’t have proper cybersecurity procedures.
U.S. Senator Ron Wyden has asked Director of National Intelligence John Ratcliffe to explain what steps he is taking to improve the cybersecurity of some of the nation's most most sensitive secrets, held by federal intelligence agencies, after Wyden obtained a "damning" CIA report on cybersecurity failures that led to “the largest data loss in CIA history" after a CIA employee stole "at least 180 gigabytes" of information and then provided that to WikiLeaks.
Recently, data tokenization has proved to be a successful protection method for securing sensitive information and all instances of personal data. This is because it allows information to retain its analytical value, while ensuring that it meets regulatory requirements.
Security awareness training is no longer a “nice-to-have” for organizations. End users have become a critical component of effective security postures. Employees must have a strong understanding of cybersecurity best practices and learn how to detect and defend against targeted attacks. This shift in priority is needed to address an ongoing trend in the larger threat landscape. Cybercriminals have moved away from complicated, time-consuming technical exploits to concentrate on end users, a large and frequently vulnerable attack surface. Small or large, nearly every attack now begins in the same way: by relentlessly targeting people through email, social networks, and/or cloud and mobile applications.
On May 26, the District Court found in the In Re: Capital One Consumer Data Security Breach Litigation that a report prepared by Mandiant concerning the Capital One data breach (Breach Report) was not protected by the work product privilege and must be turned over to Plaintiffs. What are some lessons to be learned from this data breach litigation response?
Nearly 80% of the companies surveyed had experienced at least one cloud data breach in the past 18 months, and nearly half (43%) reported 10 or more breaches, according to a new study from Ermetic and intelligence firm IDC.
It is no secret that finding and recruiting strong Chief Information Security Officer (CISO) candidates is far from easy. Many CISOs typically stay in a role for a few years and subsequently are not able to dedicate adequate time to the development of junior leaders who could become the next wave of security leaders. Most organizations are forced to look externally for the experience they require. However, looking for outside hires also contributes to the shortage of potential internal leaders, as skilled professionals are often overlooked. For the security industry to thrive, this needs to change, and it starts with grooming the next generation of leaders.
According to a report from Cisco, 5G’s faster broadband (10 to 20 times faster than 4G) will enable 12 billion mobile-ready devices and IoT connections by 2022 compared to 9 billion in 2017. While this is great news for the rising number of smart device users globally, the increased connectivity can be taxing for IoT security. The combination of higher bandwidth and lower latency is a double-edged sword. While it enables new, exciting use cases like Vehicle-to-Vehicle and telemedicine, it is critical to not lose sight of the fact that it expands the scope of security threats, such as ransomware and botnets, among others.