To detect and contain breaches faster, it’s become increasingly important to go beyond the typical malware detection capabilities and invest in the ability to detect and react to lateral movement within the environment. Lateral movement is a core piece of an attacker’s strategy once he’s gained a foothold within the environment. What three steps can you take to help stop lateral movement focus on security measures that minimize dwell time?
Ransomware. It may be the most feared word of security and risk managers. After countless headlines and costs of over 11.5 billion dollars in 2019 alone, organizations around the world are understandably terrified of being hit by a ransomware attack. What are four steps you can take to protect against ransomware?
On April 21, the Small Business Administration (SBA) revealed that around 8,000 small business loan applicants had their potentially sensitive information exposed in a data leak affecting the website being used to host the online application.
Last year, ASIS International released the Enterprise Security Risk Management (ESRM) Guideline, which takes a different approach to traditional security. The ESRM Guideline was released at the 2019 Global Security Exchange (GSX) in September, and the Maturity Model is now available on the ASIS website.
According to Verizon's 2019 Mobile Security Index report, two-thirds of organizations said they are less confident about the security of their mobile assets than other devices. Many of these breaches occur due to vulnerable devices, servers and applications that allow bad actors to gain access. Security breaches and the threat of compromise are a serious issue for organizations of all sizes.
After a seven-year tenure as Chief Security Scientist at Bank of America, Sounil Yu joined YL Ventures as Chief Information Security Officer-in-Residence. What is his main focus in his new role and what are his initial priorities over the next six months?
Risk remains the top concern for organizations adopting software-as-a-service (SaaS) models and this is an issue that is only getting worse. What is needed today is the ability to remove the dependency on human behavior and human error, bringing control back to the security team.
Even if a Chief Information Security Officer (CISO) performs 99 percent of their tasks perfectly, there is still plenty of opportunity to make mistakes. When companies have unpatched vulnerabilities, or incorrect configurations, or other holes in their security tactics (not to mention the "set it and forget it” mentality after deployment)—security management can quickly become a CISO’s nightmare. This is why it's so important for leaders to consider the following when developing the right security approach for their organizations.