Infrastructure / Features

In Equifax data breach, three hard lessons in risk

How much security risk can an organization accept before it’s on very thin ice? The equation is simple: decide how much money it will take to reduce the risk, and how much more money an organization will earn by accepting that risk. Equifax presumably decided that accepting a large amount of risk, in hopes of making a larger amount of money, was a good gamble. In the case of the massive data breach, Equifax lost that gamble badly.

Written by Bil Harmer29 Sept. 17 05:54

Data lakes security could use a life preserver

As big data initiatives gain steam at organizations, many companies are creating “data lakes” to provide a large number of users with access to the data they need. And as with almost every type of new IT initiative, this comes with a variety of security risks that enterprises must address.

Written by Bob Violino25 Aug. 16 20:10

Why a security team embraces shadow IT

A group within Western Union information security team relies on cloud software, including content management, social collaboration and single sign-on tools to let employees to get their work done while protecting corporate data.

Written by Clint Boulton18 Aug. 16 21:00

Cisco uncovers security threat in industrial control system

Cisco’s security intelligence and research group Talos, said that it had reported a serious vulnerability in Rockwell Automation’s industrial control system – the MicroLogix 1400 programmable logic controller (PLC).
The Simple Network Management Protocol exploit could let an attacker take complete remote control of the MicroLogix system and modify the device firmware, letting an invader run his own malicious code on the device.

Written by Michael Cooney16 Aug. 16 02:57

4 laptop security trends you should know about

These new techniques and products are not as widely known, yet they are effective for any laptop-carrying business worker who needs to fend off the latest attacks.

Written by John Brandon03 Aug. 16 20:41

Killing the password: FIDO says long journey will be worth it

The FIDO Alliance, formed just four years ago to find a better way than passwords for online authentication, is promoting a standard that keeps user credentials only on the user device. An attacker would have to steal your device to hack your account, they say.

Written by Taylor Armerding13 July 16 03:15

How to prepare for (and prevent) ransomware attacks

The only sure way to protect yourself or your company from 'ransomware' is with foolproof file backups. These three backup options can all help recover from ransomware attacks.

Written by Paul Mah23 June 16 21:58

‘Vendor overload’ adds to CISO burnout

Security tools are crucial in protecting organizations from online threats. But the glut of tools on the market can lead to information overload for CISOs trying to evaluate them all.

Written by Taylor Armerding02 June 16 20:34

Are IT executives blind to cybersecurity threats?

If IT leaders and IT workers can’t agree that there’s a problem, what are the chances that they’ll actually implement the cybersecurity policy they need?

Written by Jen A. Miller11 April 16 21:00

8 tips for recruiting cybersecurity talent

Finding cybersecurity talent isn't easy, but it's even harder if you use the same methods that work for other IT talent specialties. Here's how to get it right.

Written by Sharon Florentine26 Jan. 16 23:19

Reporting to CEO reduces risks and costs, but change comes slowly

An increasing number of experts are urging companies to stop having the CSOs and CISOs report to the CIO in order to reduce conflict of interest, risk, even downtime and financial losses, but there hasn't yet been much evidence of progress.

Written by Maria Korolov26 Jan. 16 22:53