It's clear that vulnerabilities continue to exist, despite our best efforts to combat them. In fact, we have addressed many of the same problems before.
As new solutions emerge, it's critical for organizations to protect themselves by being informed, aware, and acting whenever possible. Those that don't take action are playing a very dangerous game.
We are now in the fast lane towards a driverless future. Will we have to brake for hackers?
Despite big responsibilities compounded by a string of headline-grabbing data breaches, the skies are looking brighter for CISOs.
It will continue to be a year where companies need to focus on how their employees interact online.
A cyber liability policy covers first-party liability (property and theft) and third-party liability (privacy and data security).
We catch up and learn a bit more about Michael Canavan, senior director, systems engineering, Kaspersky Lab North America.
Chris Weber, co-founder, Casaba Security, and Geoffrey Vaughan, security consultant, Security Compass, go head to head on the use of password managers in the enterprise.
It's possible to safely manage the security risks posed by BYOD, says Anders Lofgren at Acronis Access.
Active security thinking ensures that we don't simply perpetuate security folklore.
Security leaders must create visible value for the organization, says Unisys's Francis Ofungwu.
The Internet of Things promises so much. And so the question arises, how are we going to keep all this 'stuff' safe and secure?
Our networks are our field; no one knows our network better than us, the people who maintain it. We need to use that to our advantage.
The breach shaming trend impedes forward progress in preventing such incidents in the future and leaves consumers worrying without educating them.
This month we get to know Chris Sullivan, vice president of advanced solutions at Courion.
We take a closer look at SVPENG, malware that's capable of launching two different types of attacks.
Experts debate whether data in the cloud is more secure than data that's housed on an organization's premises.
We should be asking if it is worth the cost of constantly switching security assessment companies, says Ken Stasiak CEO, SecureState.
Now is the time for infosec pros to embrace CHAOS and protect organizations from the realities of our always-on world.
Nation-states are flexing their muscles in the cyber realm, says Avatier's Ryan Ward.
When the entire network is down, the smart CIO is already on the phone to the CFO with an explanation, says David Sheidlower, global head of information security, BBDO Worldwide.
This heightened awareness regarding data breach response time has created an interesting dynamic for security professionals.
The relationship between development and security doesn't need to be hostile, and there are ways to engage developers more with security.
Many groups have striven to cultivate a more welcoming workplace, says Alison Gianotto.
Debates about the dearth of women in IT security and, well, a lack of diversity in the field overall, seem to be edging our space closer and closer to some sort of tipping point.
Recent events should serve as wake-up calls for organizations in the retail and hospitality space to evaluate their third-party vendors.
With each job change, the risk that the new hire will bring confidential information or trade secrets with him or her to the new company grows.
Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.
While it isn't realistic for organizations to expect that it will never happen to them, a rapid, professional and continuous response can limit their scope and reputational impact.
Rather than predicting the next lightning strike it is far better to pay attention to the areas we already know are vulnerable.
Whether it is a database of customer information or valuable intellectual property, an organization's "crown jewels" need to be protected with the most robust security possible.
While it's considered a form of anonymous currency, Bitcoin isn't as private as you may think.
Is it time to go back to cash? Or are there other forms of digital payment that are more secure?
With all of the money invested in security solutions, companies are getting breached at increasingly higher rates. It's time that organizations got the most out of their security vendors.
We must prepare for the security considerations when it comes to the looming technological phenomenon that is the Internet of Things.
As we in the loss prevention industry are always looking for a flag indicating there is a potential for fraud, this one looks like it is as good as any for us to display our vigilance.
There are three major foundational areas of security, that if focused on, could go a long way in preventing a security breach.
To fend off cyber attacks, organizations must approach security from all touchpoints, including inventory and asset management, patch management and configuration enforcement.
It was while working with an elite group of cyber forces in the military that Col. (Retired) Barry Hensley realized the severity of security issues facing this nation.
Security professionals should be aware of network deperimeterization, which decreases the usefulness of network edge security devices and increases the potential for device infection and data loss.
While distributed denial-of-service attacks continue to plague organizations around the world, in this month's debate experts discuss whether they should be a top of mind concern for security pros.
Chip technology can prevent criminals from producing counterfeit credit cards.
To provide assurance against counterfeit or tainted ICT products, solutions and services as well as end-to-end security practices should be addressed.
By preparing in advance, acquiring the skill sets needed and developing a communications plan in advance will go a long way in quickly mitigating a Heartbleed-like incident.
To overcome a plethora of challenges, cyber defenders must create innovative new models for protecting their organizations from increasingly advanced threats.
Poorly managed privileged credentials pose a risk, but can be mitigated in a few easy steps.
Challenges exist in areas of technology partner selection, managing employees and corporate role identity.
In this month's debate, experts discuss whether or not companies should be obligated to sign up for cyber insurance.
Having actionable insight into the goings on of your network is tantamount to managing operational variables.
It turns out that using a DDNS service is the easiest and most pervasive method for creating sustainable command-and-control domains.
Exec buy-in and new tech can help fight cyber threats, says BitSight's Stephen Boyer.
Just how vulnerable are we to an assault by the NSA, asks Illena Armstrong, SC's VP, editorial.
You can't run an effective security program without the basics, says Patricia Titus, CISO, Freddie Mac.
Disruption is expected; financial crime should be, too.
James Hill senior security architect, Consolidated Data Services (CDS), discusses his role at his organization.
In this month's debate, experts discuss whether whistleblower Edward Snowden should be granted amnesty.
Growth businesses are always looking for flexible ways of working that reduce capital and running costs, while securely delivering the data users need, when and where they need it.
Many CIOs are still unsure what role governance should play in their data archiving strategy.
Recent breaches prompt a new emphasis on education and corporate culture, says Allegis Capital's Bob Ackerman.
Despite the bullishness around information security planning and budgeting seen in the results of our survey, we're still seeing breaches like those experienced by Target
Watching highly publicized supply-chain disasters unfold, we shake our heads in disbelief - but what supply chain risks are you taking today that would be difficult to defend tomorrow?
It's how you handle yourself during and after a breach that will determine just how detrimental the breach actually is for your organization.
Similar to building a multi-layer security strategy for a business, before deciding what security controls should be implemented to protect Bitcoin transactions, we first need to identify the targets.
The average consumer has 40 or more apps installed on their mobile device, many of which they use to do their jobs, whether IT has sanctioned its use or not. The problem is that creates a "shadow IT" system.
John Gibson discusses the challenges and rewards of his security role at tTech Ltd. as the senior IT security officer.
For March's threat of the month, Secunia's Kasper Lindgaard believes Java vulnerabilities should be at the top of everyone's radar.
In this month's debate, experts discuss the possible issues that the Internet of Things presents for the industry.
Cloud computing is becoming a reality that will need to be addressed by every security department.
Has mobile malware changed through time as dramatically as the headlines might imply?
We've all been breached, but there are steps we can take to evolve the system, says security strategist Dan Srebnick.
It's time to admit that the bad guys can always make a first move, says Damballa's Manos Antonakakis.
In the aftermath of the Target breach, there is a huge need for all the people who are engaging with technology to understand more about cyber threats and ways they can account for these before and after something goes down.
The needs of the organizations we protect are complex and the response required due to the criticality of the services we provide tends to put our multi-faceted operations in a state of flux, says Roland Cloutier, CSO, ADP.
The tools that organizations have relied on to protect their networks are antiquated and no longer work.
Today's targeted attacks use advanced malware designed to defeat IT security controls through a variety of approaches that either confuse or avoid them altogether.
For those of us tasked with managing the security of the digital world for the enterprise, there are serious ramifications to this evolution of identity. Specifically, how we manage identity must evolve.
Two things needed to become widely available for cyber criminals to further expand the threat landscape - a network infrastructure that allows them to operate under the radar, and currency that would let them conduct commerce anonymously.
The best aspect of opportunistic encryption is in the fact that it can be built into our infrastructure and deployed transparently for everyone.
We take a look inside the professional world of Mat Gangwer, security architect at Rook Security.
The continued leak of classified government intelligence documents by Edward Snowden draws into question the balance of offensive and defensive capabilities of governments.
In this month's debate, experts discuss the importance of Big Data analytics in the industry today.
Let's agree on a definition of the term "security" and move forward from there, says AT&T's Chris Mark.
Following revelations of a massive breach during the holidays, Target announced it will be investing some $5 million in a cyber security coalition, researching cyber crimes and then educating us, the masses, about ways we can avoid becoming victims.
There are six security threats all businesses should be aware of for 2014, says ISF's Steve Durbin.
With the advent of nearly omnipotent video surveillance, the age-old saying "a picture is worth a thousand words," scares me more today than it ever has.
Asian nations are producing nurturing communities of security professionals that are more prepared to deal with a rapidly changing environment.
The benefits of cryptocurrency for consumers are well known, but there are also some downsides that must be addressed.
Although some progress has been made in the availability of data, we are far away from having the transparency required for risk management.
We knowingly, and sometimes unknowingly, interact with the Internet of Things on a daily basis in both our professional and personal lives.
The mobile workforce - no longer satisfied with limited access - wants access to all the applications and data needed to perform all job tasks from a multitude of personal mobile devices, anywhere, anytime.
As mobile devices are further integrated into networks, organizations will have a critical need to implement end-to-end security solutions that offer comprehensive security to provide a multi-layered security solution.
The cyber threat landscape has always been in flux and will continue to evolve. However, it seems the pace of change has increased significantly in the past few years alone.
Anyone designing a new system such as this should take security into account from the beginning. The amount of personal information that could be harvested by any breach is truly alarming.
From Adobe to Facebook, security breaches continue to be top-of-mind for both companies and users, and organizations around the globe are all wondering if they are next in line to deal with a breach of their own.
When we think about criminal hackers, we picture a techie who lives and breathes code. But more recently, another picture comes to mind. When you get right down to it, hackers are people, too.
Privacy, as some of us once knew it, is a thing of the past, says Illena Armstrong, VP, editorial, SC Magazine.
This month's "me and my job" focuses on John Dickson, principal at Denim Group.
In this month's debate, experts discuss whether more guidance on security career opportunities for youths will alleviate the skills gap.
Network-connected-and-configured devices can be infected by malware that provides access to patient data, monitoring systems and implanted patient devices.
As more and more organizations fall victim to data leakage, it seems that as long as no financial data is compromised, consumers seemingly don't care.