Home > RSS Feeds > Security
  • The meteoric growth of cyber-extortion as a prominent threat faced by enterprises has raised a new ethical conundrum for information security executives: to negotiate or not to negotiate? As extortionists have become more creative and precise in their theft and ransoming of valuable business data, what was once unthinkable—negotiating with criminals—has increasingly become standard practice. In fact, it's so standard that nearly one-third of security professionals surveyed are willing to play ball with cyber-criminals in order to get valuable data back. Such is the stand-out finding of a recent survey conducted by threat prevention software vendor ThreatTrack Security. "A surprising number of security pros would concede to cyber-criminal demands to avoid the consequences of data compromise, loss or misappropriation," said Stuart Itkin, ThreatTrack senior vice president. By re-evaluating their security strategies to ensure rapid detection and elimination of threats, as well as the ability to restore encrypted data, Itkin said that enterprises "will neutralize the incentives that are driving cyber-crime extortion and help ensure security professionals will not have to face this difficult choice."

  • Legal and cyber-security issues are increasingly intersecting. A study shines a light on evolving trends and what business must to do combat threats effectively.

  • One of the biggest challenges organizations face is keeping up with the dizzying array of security risks. Not surprisingly, the mobile environment is increasingly at the epicenter of enterprise concerns. The sheer volume of malware is growing, and mobile attack methods and vectors are becoming more sophisticated. A recent report, "The State of Mobile Application Insecurity," conducted by Ponemon Institute in conjunction with IBM, sheds light on the hazards. It notes that hackers are waking up to opportunities in the mobility arena, and, at any given moment, more than 11.6 million mobile devices are infected with malware. Moreover, organizations are not keeping up with threats. Many professionals are not scanning their networks and outside mobile apps, and they're typically not even checking their own apps for security flaws. "Building security into mobile apps is not top of mind for companies, giving hackers the opportunity to easily reverse-engineer apps, jailbreak mobile devices and tap into confidential data," said Caleb Barlow, vice president of Mobile Management and Security at IBM. "Industries need to think about security at the same level on which highly efficient, collaborative cyber-criminals are planning attacks."

  • A growing array of digital processes and technologies are ratcheting up the risks for organizations. No longer are threats limited to basic malware, hacking and network intrusions. Increasingly sophisticated attacks—along with newer and more insidious social engineering methods—are challenging many CIOs, CSOs, CISOs and other executives. "Trends in IT Security," a new survey and report from industry association CompTIA, sheds light on how complex the security space has become, and how organizations and business leaders are responding to these challenges. Among other things, the survey of 400 companies in the United States found that perceptions and actual risks are sometimes out of sync; there's a need to shift priorities to new and different vectors and threats; and training methods need to change. Ultimately, organizations must employ newer and better methods for understanding and defending against security risks. This includes data loss prevention (DLP), identity and access management (IAM), and security information and event management (SIEM).

  • Greater connectivity and more powerful digital technologies represent a double-edged sword for organizations across every sector. While they introduce remarkable opportunities, these technologies also create new and sometimes great risks. A recently released research report from the Information Security Forum (ISF), "Threat Horizon 2017: Dangers Accelerate," offers insights into the changing threat landscape and how organizations can manage this dynamic environment. The organization, a leading authority on cyber-threats and cyber-security, found that the dangers revolve around nine areas that represent big challenges for senior business and IT managers, information security professionals and other key organizational stakeholders. In fact, these emerging threats could reshape and reframe the business environment over the next few years. "The pace and scale of information security threats continues to accelerate," warns ISF Managing Director Steve Durbin. "The nine threats highlighted in the 'Threat Horizon 2017' report expose the imminent dangers that the ISF considers the most prominent. They have the capacity to transmit their impact through cyber-space at breakneck speeds, particularly as the use of the Internet spreads. Organizations that are informed and prepared for change will go a long way to securing their future."

  • To increase the efficacy of your security operations center, you need solutions that can do the heavy lifting by automating event investigation and remediation.

  • A growing number of companies are experiencing attacks and breaches. As a result, some are responding with larger security budgets and a more focused defense.

  • As the digital age unfolds, there's a growing need to focus security efforts on application vulnerabilities. Identifying and understanding the risks—as well as the potential repercussions—of different software vulnerabilities is critical. The recently released annual "Secunia Vulnerability Review 2015" offers a glimpse into emerging issues and trends, including the prevalence of vulnerabilities, the availability of patches, how organizations map security threats to IT infrastructures, and existing vulnerabilities in the 50 most popular applications on PCs. The security firm analyzed anonymous data from scans of millions of private computers using its Personal Software Inspector (PSI). In 2014, the firm found that application vulnerabilities increased by about 18 percent. "IT teams need to have complete visibility of the applications that are in use," advises Kasper Lindgaard, director of research and security at Secunia. "And they need firm policies and procedures in place in order to deal with vulnerabilities as they are disclosed."