Building security and privacy into product development is more critical today than ever before. First introduced through the Microsoft Trustworthy Computing initiative in the early 2000s, the well-known security development lifecycle (SDL) is a framework designed to do just that. It was originally devised to enhance software security, but an SDL process can and should be applied to all types of products to help root out security and privacy vulnerabilities, while establishing long-term resilience in the rapidly evolving threat landscape.
Social engineering is a term that refers to efforts by hackers and cybercriminals to use people — rather than technology — to gain access to sensitive systems and information. It’s a problem that information security experts have been wrestling with for years and one that, in the midst of COVID-19, has become both more prevalent and more challenging.
Following the COVID-19 pandemic, business and government executives have been considering the best options and strategies to repair disrupted operations and return to work without putting employees and citizens at risk. Here’s some advice: take a multilayered approach.
Meet Stephanie Benoit-Kurtz, lead of cybersecurity faculty at the University of Phoenix – Las Vegas. She is also director of cybersecurity for Station Casinos in Las Vegas. She has spent three decades in the IT industry, working for a variety of large and small organizations and as a consultant. In the early days of her career, despite being part of the team responsible for implementing decisions at the IT company where she was employed, she “was routinely left out of the decision-making process. Here, we talk to Benoit-Kurtz about how the cybersecurity space has changed over time, and how the industry can embrace more individuals to meet demand and close the cybersecurity gap.
Building a cyber-resilient enterprise informed by threat intelligence is not an easy task. Risks and requirements are often as unique and diverse as organizations themselves. Determining factors like industry, size, and market contribute to one simple truth: a one-size-fits-all approach to incorporating threat intelligence does not exist. Some invariants, however, do remain; successful threat intelligence programs must staff the right people in the right positions. Below, I’ll introduce four core threat intelligence focuses to consider as businesses plan and allocate budgets for 2021:
Only with the widespread adoption of new technologies and systems will the country see long-term public safety success. With this fast-moving dynamic, not every new technology is ready for the challenges presented by a pandemic, and for many organizations it’s now about balancing effectiveness with timeliness, and diligence without panic.
Deepfakes, either as videos or audio recordings, are the next iteration of advanced impersonation techniques that bad actors can use to abuse trust and manipulate people into complying with their requests.
Organizations' migration to the cloud is a broad term that encompasses many different trends: (1) Moving existing applications from private data centers to AWS, Azure, or the Google Cloud Platform as cloud service providers (CSPs), often referred to as lift-and-shift or infrastructure-as-a-service (IaaS); (2) Completely restructuring how applications are built to make heavier use of prepackaged services available on these cloud service platforms – often referred to as lift-and-reshape, serverless, or platform-as-a-service (PaaS); (3) Choosing to forgo running copies of standard applications instead of having the application vendor host them is sometimes referred to as drop-and-shop or software-as-a-service (SaaS).
Today, securing large venues is a topic enterprise security professionals are grappling with in real-time. Securing these facilities, requires managing occupancy, implementing contact tracing and other solutions, including managing privacy, for the safety of future visitors and fans, but also for the safety and security of venue teams, players and staff.
Spoofed websites are a common avenue for cyberattacks. To better understand the scope of this phenomenon, it’s important for security professionals and organizations to know just how widespread the problem is.
RSS
