The 10 POS malware families this holiday season

The 10 POS malware families this holiday season

This holiday shopping season, many retailers have two goals in mind - make record-breaking sales and don't get breached.

Securing the enterprise with the five W's of access

Securing the enterprise with the five W's of access

Burden of proof should grow heavier as request for access grows more sensitive.

Why compliance matters

Why compliance matters

Part of my role requires me to ask questions that an auditor might. This is especially true when it comes to compliance, why it matters, and how it makes a difference.

The cybersecurity skills gap

The cybersecurity skills gap

Cooperation is required to advance the profession, says Towerwall's Candy Alexander.

The proliferation of mandates

The proliferation of mandates

The reality of ubiquitous reliance on ICT has given rise to the criticality of cyber security, says Cisco CSO Edna Conway.

Missing the big picture in the Sony hack

Missing the big picture in the Sony hack

Should we rush out signatures for this latest version of malware, or should we take a step back and figure out how to focus our technology and security operations around identifying attackers before they wreak such havoc?

Expanding security zones, a historical example

Expanding security zones, a historical example

Network security today has similar defensive problems to those posed to American Colonial population centers. Here's why...

The future of security and authentication

The future of security and authentication

As hackers become more advanced, our security methods also have to evolve and become more secure so that we aren't just giving our information away.

PCI 3.0: The good, the changes and why it's not ugly

PCI 3.0: The good, the changes and why it's not ugly

The primary challenge to secure payment card data is that too many involved see the PCI DSS as a panacea for every risk in the marketplace.

The Internet of Things (IoT) will fail if security has no context

The Internet of Things (IoT) will fail if security has no context

The Internet of Things requires a new way of thinking and acting, one that will protect a business and help it grow.

Failing the security test: Target wasn't the first failing grade, or the last

Failing the security test: Target wasn't the first failing grade, or the last

It's easy to get hung up on discussions around chip-and-pin, malware and network segmentation, and in the process lose sight of the broader trends that underlie many breaches.

Four commonly overlooked security gaps

Four commonly overlooked security gaps

If organizations are looking to raise their security profile, they should certainly examine these commonly overlooked areas.

Combating cyber risk in the supply chain

Combating cyber risk in the supply chain

Everyone involved with vendor management should now develop a common, collaborative security strategy.

A silver lining in the JPMorgan breach?

A silver lining in the JPMorgan breach?

This incident gives the industry hope that proactive measures can stop an attacker before a breach drives catastrophic results.

Does an Executive Order make payments more secure in the U.S.?

Does an Executive Order make payments more secure in the U.S.?

This year has been so bad for merchant data breaches that the president felt the need to ensure that the government would offer itself as a more safe and secure place to do business with.

Me and my job: Marisa Fagan, director of crowd operations, Bugcrowd

Me and my job: Marisa Fagan, director of crowd operations, Bugcrowd

This month, we get to know Marisa Faga, Bugcrowd's director of crowd operations.

Will cyber threaten mobile?

Will cyber threaten mobile?

As mobile devices are further integrated into networks, organizations will have a critical need to implement end-to-end security solutions.

Selling Snowden-style access: Inside threat

Selling Snowden-style access: Inside threat

Edward Snowden has the same broad access and privileges that many employees in similar positions have at almost every business.

Privacy and the Internet of Things

Privacy and the Internet of Things

With parameters, new tech can help your business, says McAfee's Jonathan Fox and Tyson Macaulay.

Getting executives on board

Getting executives on board

Successful CISOs need to master more than system security to make their companies competitive and improve their own job security.

Hackers are after your app

Hackers are after your app

Modern mobile hacks are diverse and can be performed by anyone, from an inexperienced amateur to highly skilled teams operating like tech startups.

The elephant in the room

The elephant in the room

Bring the insider issue into the light and focus on culture change, says PSCU's Gene Fredriksen.

Beware of the malware walking dead

Beware of the malware walking dead

This Hallows Eve might be a good time to remind ourselves that zombies can be just as deadly, and I'm referring to recycled tools and techniques from years gone by.

Why the Home Depot attack shouldn't have happened

Why the Home Depot attack shouldn't have happened

Major retailers are falling prey to massive credit card information heists, despite spending millions on cyber security systems.

Next-generation malware: Think like the enemy and avoid the car alarm problem

Next-generation malware: Think like the enemy and avoid the car alarm problem

When it comes to enterprise security, one rule remains constant - attacks will continue to increase in sophistication and attackers will seek to outmaneuver existing defenses.

Heartbleed, Shellshock and POODLE: The sky is not falling

Heartbleed, Shellshock and POODLE: The sky is not falling

While it may seem like 2014 is the year of the vulnerability, in reality, this year has not been much different than years past.

Technology alone isn't going to secure IoT connected devices

Technology alone isn't going to secure IoT connected devices

It's clear that vulnerabilities continue to exist, despite our best efforts to combat them. In fact, we have addressed many of the same problems before.

DDoS is the new spam...and it's everyone's problem now

DDoS is the new spam...and it's everyone's problem now

As new solutions emerge, it's critical for organizations to protect themselves by being informed, aware, and acting whenever possible. Those that don't take action are playing a very dangerous game.

Securing the autonomous vehicle

Securing the autonomous vehicle

We are now in the fast lane towards a driverless future. Will we have to brake for hackers?

CISO: same title, new opportunities

CISO: same title, new opportunities

Despite big responsibilities compounded by a string of headline-grabbing data breaches, the skies are looking brighter for CISOs.

Assurance 101: Lessons learned

Assurance 101: Lessons learned

It will continue to be a year where companies need to focus on how their employees interact online.

Cyber espionage insurance

Cyber espionage insurance

A cyber liability policy covers first-party liability (property and theft) and third-party liability (privacy and data security).

Me and my job: Michael Canavan, Kaspersky Lab North America

Me and my job: Michael Canavan, Kaspersky Lab North America

We catch up and learn a bit more about Michael Canavan, senior director, systems engineering, Kaspersky Lab North America.

Embracing BYOD...with safeguards

Embracing BYOD...with safeguards

It's possible to safely manage the security risks posed by BYOD, says Anders Lofgren at Acronis Access.

Becoming a "security thinker"

Becoming a "security thinker"

Active security thinking ensures that we don't simply perpetuate security folklore.

Board-level planning: Tangible metrics can persuade

Board-level planning: Tangible metrics can persuade

Security leaders must create visible value for the organization, says Unisys's Francis Ofungwu.

Falling off the 'Wagon of Things'

Falling off the 'Wagon of Things'

The Internet of Things promises so much. And so the question arises, how are we going to keep all this 'stuff' safe and secure?

Know your traffic: The case for egress monitoring and filtering

Know your traffic: The case for egress monitoring and filtering

Our networks are our field; no one knows our network better than us, the people who maintain it. We need to use that to our advantage.

Breach shaming and the need for a new model to discuss data breaches

Breach shaming and the need for a new model to discuss data breaches

The breach shaming trend impedes forward progress in preventing such incidents in the future and leaves consumers worrying without educating them.

Me and my job: Chris Sullivan, vice president of advanced solutions, Courion

Me and my job: Chris Sullivan, vice president of advanced solutions, Courion

This month we get to know Chris Sullivan, vice president of advanced solutions at Courion.

Threat of the month: SVPENG

Threat of the month: SVPENG

We take a closer look at SVPENG, malware that's capable of launching two different types of attacks.

Security assessment stability

Security assessment stability

We should be asking if it is worth the cost of constantly switching security assessment companies, says Ken Stasiak CEO, SecureState.

Let CHAOS rein

Let CHAOS rein

Now is the time for infosec pros to embrace CHAOS and protect organizations from the realities of our always-on world.

Cloud in an information world

Cloud in an information world

Nation-states are flexing their muscles in the cyber realm, says Avatier's Ryan Ward.

When is a control not a control?

When is a control not a control?

When the entire network is down, the smart CIO is already on the phone to the CFO with an explanation, says David Sheidlower, global head of information security, BBDO Worldwide.

An IT lens on data breach response

An IT lens on data breach response

This heightened awareness regarding data breach response time has created an interesting dynamic for security professionals.

Ensuring your developers love - or at least don't hate - security

Ensuring your developers love - or at least don't hate - security

The relationship between development and security doesn't need to be hostile, and there are ways to engage developers more with security.

Backing diversity lowers the bar?

Backing diversity lowers the bar?

Many groups have striven to cultivate a more welcoming workplace, says Alison Gianotto.

A wake-up call for retailers

A wake-up call for retailers

Recent events should serve as wake-up calls for organizations in the retail and hospitality space to evaluate their third-party vendors.

Unfair competition: Proactive preemption can save you from litigation

Unfair competition: Proactive preemption can save you from litigation

With each job change, the risk that the new hire will bring confidential information or trade secrets with him or her to the new company grows.

Hackers only need to get it right once, we need to get it right every time

Hackers only need to get it right once, we need to get it right every time

Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.

Successful strategies for continuous response

Successful strategies for continuous response

While it isn't realistic for organizations to expect that it will never happen to them, a rapid, professional and continuous response can limit their scope and reputational impact.

When it comes to cyber attacks, predictions are pointless but preparation is key

When it comes to cyber attacks, predictions are pointless but preparation is key

Rather than predicting the next lightning strike it is far better to pay attention to the areas we already know are vulnerable.

Protecting what matters

Protecting what matters

Whether it is a database of customer information or valuable intellectual property, an organization's "crown jewels" need to be protected with the most robust security possible.

Buying something illegal? Bitcoin is not the currency for you.

Buying something illegal? Bitcoin is not the currency for you.

While it's considered a form of anonymous currency, Bitcoin isn't as private as you may think.

P.F. Chang's incident calls for updating payments tech

P.F. Chang's incident calls for updating payments tech

Is it time to go back to cash? Or are there other forms of digital payment that are more secure?

Converting your vendors into your vendor partners

Converting your vendors into your vendor partners

With all of the money invested in security solutions, companies are getting breached at increasingly higher rates. It's time that organizations got the most out of their security vendors.

The compromise of things: Security considerations in a connected world

The compromise of things: Security considerations in a connected world

We must prepare for the security considerations when it comes to the looming technological phenomenon that is the Internet of Things.

Winning at the World Cup: A zonal defensive strategy

Winning at the World Cup: A zonal defensive strategy

As we in the loss prevention industry are always looking for a flag indicating there is a potential for fraud, this one looks like it is as good as any for us to display our vigilance.

Cyber security tasks that could have saved eBay and Target

Cyber security tasks that could have saved eBay and Target

There are three major foundational areas of security, that if focused on, could go a long way in preventing a security breach.

The systems management imperative: Achieving more effective perimeter security from the inside out

The systems management imperative: Achieving more effective perimeter security from the inside out

To fend off cyber attacks, organizations must approach security from all touchpoints, including inventory and asset management, patch management and configuration enforcement.

Me and my job: Col. (Retired) Barry Hensley, Dell SecureWorks

Me and my job: Col. (Retired) Barry Hensley, Dell SecureWorks

It was while working with an elite group of cyber forces in the military that Col. (Retired) Barry Hensley realized the severity of security issues facing this nation.

New tech can better protect

New tech can better protect

Chip technology can prevent criminals from producing counterfeit credit cards.

Supply chain: The new surety frontier

Supply chain: The new surety frontier

To provide assurance against counterfeit or tainted ICT products, solutions and services as well as end-to-end security practices should be addressed.

Preparation key to warding off disaster

Preparation key to warding off disaster

By preparing in advance, acquiring the skill sets needed and developing a communications plan in advance will go a long way in quickly mitigating a Heartbleed-like incident.

Leveraging threat intelligence to stay one step ahead

Leveraging threat intelligence to stay one step ahead

To overcome a plethora of challenges, cyber defenders must create innovative new models for protecting their organizations from increasingly advanced threats.

Prevent your organization from becoming the next victim

Prevent your organization from becoming the next victim

Poorly managed privileged credentials pose a risk, but can be mitigated in a few easy steps.

Me and my job: Sean Doherty, head of R&D, SpamTitan Technologies

Me and my job: Sean Doherty, head of R&D, SpamTitan Technologies

Challenges exist in areas of technology partner selection, managing employees and corporate role identity.

Build in visibility with trust

Build in visibility with trust

Having actionable insight into the goings on of your network is tantamount to managing operational variables.

The DDNS dagger

The DDNS dagger

It turns out that using a DDNS service is the easiest and most pervasive method for creating sustainable command-and-control domains.

Target is not alone: Risk indicators

Target is not alone: Risk indicators

Exec buy-in and new tech can help fight cyber threats, says BitSight's Stephen Boyer.

Adopt a framework, lower risk

Adopt a framework, lower risk

You can't run an effective security program without the basics, says Patricia Titus, CISO, Freddie Mac.

The cool factor: New tech in banking has an edge

The cool factor: New tech in banking has an edge

Disruption is expected; financial crime should be, too.

Me and my job: James Hill senior security architect, Consolidated Data Services

Me and my job: James Hill senior security architect, Consolidated Data Services

James Hill senior security architect, Consolidated Data Services (CDS), discusses his role at his organization.

Ahead in the cloud

Ahead in the cloud

Growth businesses are always looking for flexible ways of working that reduce capital and running costs, while securely delivering the data users need, when and where they need it.

Data archiving benefits

Data archiving benefits

Many CIOs are still unsure what role governance should play in their data archiving strategy.

Changing the business culture

Changing the business culture

Recent breaches prompt a new emphasis on education and corporate culture, says Allegis Capital's Bob Ackerman.

Strengthen links in the supply chain

Strengthen links in the supply chain

Watching highly publicized supply-chain disasters unfold, we shake our heads in disbelief - but what supply chain risks are you taking today that would be difficult to defend tomorrow?

It's not the breach that kills you, it's the cover-up

It's not the breach that kills you, it's the cover-up

It's how you handle yourself during and after a breach that will determine just how detrimental the breach actually is for your organization.

Building security around Bitcoin

Building security around Bitcoin

Similar to building a multi-layer security strategy for a business, before deciding what security controls should be implemented to protect Bitcoin transactions, we first need to identify the targets.

The great IT and mobile user peace treaty

The great IT and mobile user peace treaty

The average consumer has 40 or more apps installed on their mobile device, many of which they use to do their jobs, whether IT has sanctioned its use or not. The problem is that creates a "shadow IT" system.

Me and my job: John Gibson, senior IT security officer, tTech Ltd.

Me and my job: John Gibson, senior IT security officer, tTech Ltd.

John Gibson discusses the challenges and rewards of his security role at tTech Ltd. as the senior IT security officer.

Beyond the hype of industry trends

Beyond the hype of industry trends

Cloud computing is becoming a reality that will need to be addressed by every security department.

Mobile: Behind the headlines

Mobile: Behind the headlines

Has mobile malware changed through time as dramatically as the headlines might imply?

Time for a charge card overhaul

Time for a charge card overhaul

We've all been breached, but there are steps we can take to evolve the system, says security strategist Dan Srebnick.

The fallacy of targeted attacks

The fallacy of targeted attacks

It's time to admit that the bad guys can always make a first move, says Damballa's Manos Antonakakis.

Driving the mission forward

Driving the mission forward

The needs of the organizations we protect are complex and the response required due to the criticality of the services we provide tends to put our multi-faceted operations in a state of flux, says Roland Cloutier, CSO, ADP.

A perfect time for cyber crime

A perfect time for cyber crime

Two things needed to become widely available for cyber criminals to further expand the threat landscape - a network infrastructure that allows them to operate under the radar, and currency that would let them conduct commerce anonymously.

A case for opportunistic encryption on the web

A case for opportunistic encryption on the web

The best aspect of opportunistic encryption is in the fact that it can be built into our infrastructure and deployed transparently for everyone.

Me and my job: Mat Gangwer, security architect, Rook Security

Me and my job: Mat Gangwer, security architect, Rook Security

We take a look inside the professional world of Mat Gangwer, security architect at Rook Security.

The need and the challenge

The need and the challenge

Let's agree on a definition of the term "security" and move forward from there, says AT&T's Chris Mark.

Getting ahead of new threats

Getting ahead of new threats

There are six security threats all businesses should be aware of for 2014, says ISF's Steve Durbin.

Surveillance data: All eyes on you

Surveillance data: All eyes on you

With the advent of nearly omnipotent video surveillance, the age-old saying "a picture is worth a thousand words," scares me more today than it ever has.

Security, Gangnam style

Security, Gangnam style

Asian nations are producing nurturing communities of security professionals that are more prepared to deal with a rapidly changing environment.

Bitcoin payments pose security challenges for brick and mortar merchants

The benefits of cryptocurrency for consumers are well known, but there are also some downsides that must be addressed.

Fuzzy math: The need for a national cyber breach notification standard

Fuzzy math: The need for a national cyber breach notification standard

Although some progress has been made in the availability of data, we are far away from having the transparency required for risk management.

Ethical challenges of the Internet of Things

We knowingly, and sometimes unknowingly, interact with the Internet of Things on a daily basis in both our professional and personal lives.

Mobile access: It's not just about calendar and email anymore

Mobile access: It's not just about calendar and email anymore

The mobile workforce - no longer satisfied with limited access - wants access to all the applications and data needed to perform all job tasks from a multitude of personal mobile devices, anywhere, anytime.

Prepare for mobile threats in 2014

Prepare for mobile threats in 2014

As mobile devices are further integrated into networks, organizations will have a critical need to implement end-to-end security solutions that offer comprehensive security to provide a multi-layered security solution.

The lessons of Bletchley Park

The lessons of Bletchley Park

The cyber threat landscape has always been in flux and will continue to evolve. However, it seems the pace of change has increased significantly in the past few years alone.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US