SC Canada

CSEC mishandled private communications, says watchdog

Canada's foreign spy agency mishandled information on private communications that it had collected by mistake, according to the most recent report by a government watchdog.

SC Canada

National Research Council breached

Canada's National Research Council has written to partner companies informing them of a breach of its cybersecurity systems.

SC Canada

Canadian ISP used In $83,000 cryptocurrency heist

A Canadian ISP has been identified as the source of a cryptocurrency hack that stole $83,000 over four months.

Opinions Me and my job: Chris Sullivan, vice president of advanced solutions, Courion

Me and my job: Chris Sullivan, vice president of advanced solutions, Courion

This month we get to know Chris Sullivan, vice president of advanced solutions at Courion.

Opinions Threat of the month: SVPENG

Threat of the month: SVPENG

We take a closer look at SVPENG, malware that's capable of launching two different types of attacks.

Debate

Debate: Data in the cloud is more secure than on premises.

Experts debate whether data in the cloud is more secure than data that's housed on an organization's premises.

Opinions Security assessment stability

Security assessment stability

We should be asking if it is worth the cost of constantly switching security assessment companies, says Ken Stasiak CEO, SecureState.

Opinions Let CHAOS rein

Let CHAOS rein

Now is the time for infosec pros to embrace CHAOS and protect organizations from the realities of our always-on world.

Opinions Cloud in an information world

Cloud in an information world

Nation-states are flexing their muscles in the cyber realm, says Avatier's Ryan Ward.

Opinions When is a control not a control?

When is a control not a control?

When the entire network is down, the smart CIO is already on the phone to the CFO with an explanation, says David Sheidlower, global head of information security, BBDO Worldwide.

Opinions An IT lens on data breach response

An IT lens on data breach response

This heightened awareness regarding data breach response time has created an interesting dynamic for security professionals.

Opinions Ensuring your developers love - or at least don't hate - security

Ensuring your developers love - or at least don't hate - security

The relationship between development and security doesn't need to be hostile, and there are ways to engage developers more with security.

Opinions Backing diversity lowers the bar?

Backing diversity lowers the bar?

Many groups have striven to cultivate a more welcoming workplace, says Alison Gianotto.

Editorial A long-overdue change

A long-overdue change

Debates about the dearth of women in IT security and, well, a lack of diversity in the field overall, seem to be edging our space closer and closer to some sort of tipping point.

Opinions A wake-up call for retailers

A wake-up call for retailers

Recent events should serve as wake-up calls for organizations in the retail and hospitality space to evaluate their third-party vendors.

Opinions Unfair competition: Proactive preemption can save you from litigation

Unfair competition: Proactive preemption can save you from litigation

With each job change, the risk that the new hire will bring confidential information or trade secrets with him or her to the new company grows.

Opinions Hackers only need to get it right once, we need to get it right every time

Hackers only need to get it right once, we need to get it right every time

Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.

Opinions Successful strategies for continuous response

Successful strategies for continuous response

While it isn't realistic for organizations to expect that it will never happen to them, a rapid, professional and continuous response can limit their scope and reputational impact.

SC Canada

Almost 40 percent of Canada's Justice Department duped by phishing

Almost one in four employees at Canada's Justice Department fell prey to internet phishing in an exercise last December.

SC Canada

Microsoft wavers on Canadian spam fears

Microsoft has reconsidered a move to cease security emails in Canada, following the introduction of an anti-spam law north of the border.

SC Canada

Underinvestment, poor communication plague Canadian cybersecurity

Canadian cybersecurity is languishing due to poor communication and disappointing security investments, according to research from the Ponemon Institute.

Opinions When it comes to cyber attacks, predictions are pointless but preparation is key

When it comes to cyber attacks, predictions are pointless but preparation is key

Rather than predicting the next lightning strike it is far better to pay attention to the areas we already know are vulnerable.

Opinions Protecting what matters

Protecting what matters

Whether it is a database of customer information or valuable intellectual property, an organization's "crown jewels" need to be protected with the most robust security possible.

Opinions Buying something illegal? Bitcoin is not the currency for you.

Buying something illegal? Bitcoin is not the currency for you.

While it's considered a form of anonymous currency, Bitcoin isn't as private as you may think.

Opinions P.F. Chang's incident calls for updating payments tech

P.F. Chang's incident calls for updating payments tech

Is it time to go back to cash? Or are there other forms of digital payment that are more secure?

Opinions Converting your vendors into your vendor partners

Converting your vendors into your vendor partners

With all of the money invested in security solutions, companies are getting breached at increasingly higher rates. It's time that organizations got the most out of their security vendors.

Opinions The compromise of things: Security considerations in a connected world

The compromise of things: Security considerations in a connected world

We must prepare for the security considerations when it comes to the looming technological phenomenon that is the Internet of Things.

Opinions Winning at the World Cup: A zonal defensive strategy

Winning at the World Cup: A zonal defensive strategy

As we in the loss prevention industry are always looking for a flag indicating there is a potential for fraud, this one looks like it is as good as any for us to display our vigilance.

Opinions Cyber security tasks that could have saved eBay and Target

Cyber security tasks that could have saved eBay and Target

There are three major foundational areas of security, that if focused on, could go a long way in preventing a security breach.

SC Canada

New Canadian privacy commissioner comes under fire

Canada's federal privacy commissioner has been replaced in a move that has sparked criticism from activists, academics and political leaders.

SC Canada

Canadian hospital employees leaked personal details to financial firms

Up to 8,300 patients had their personal information stolen and given to financial companies by staff at Ontario's Rouge Valley Centenary Hospital.

SC Canada

Canadian auditors failing on cyber security

Audit committees in Canada are falling behind the rest of the world by not spending enough time assessing cyber security, warned a KPMG report this month.

Opinions The systems management imperative: Achieving more effective perimeter security from the inside out

The systems management imperative: Achieving more effective perimeter security from the inside out

To fend off cyber attacks, organizations must approach security from all touchpoints, including inventory and asset management, patch management and configuration enforcement.

Opinions Me and my job: Col. (Retired) Barry Hensley, Dell SecureWorks

Me and my job: Col. (Retired) Barry Hensley, Dell SecureWorks

It was while working with an elite group of cyber forces in the military that Col. (Retired) Barry Hensley realized the severity of security issues facing this nation.

Threat of the Month Threat of the month: Network deperimeterization

Threat of the month: Network deperimeterization

Security professionals should be aware of network deperimeterization, which decreases the usefulness of network edge security devices and increases the potential for device infection and data loss.

Debate

Debate: DDoS is becoming a more serious threat to enterprises.

While distributed denial-of-service attacks continue to plague organizations around the world, in this month's debate experts discuss whether they should be a top of mind concern for security pros.

Opinions New tech can better protect

New tech can better protect

Chip technology can prevent criminals from producing counterfeit credit cards.

Opinions Supply chain: The new surety frontier

Supply chain: The new surety frontier

To provide assurance against counterfeit or tainted ICT products, solutions and services as well as end-to-end security practices should be addressed.

Opinions Preparation key to warding off disaster

Preparation key to warding off disaster

By preparing in advance, acquiring the skill sets needed and developing a communications plan in advance will go a long way in quickly mitigating a Heartbleed-like incident.

Opinions Leveraging threat intelligence to stay one step ahead

Leveraging threat intelligence to stay one step ahead

To overcome a plethora of challenges, cyber defenders must create innovative new models for protecting their organizations from increasingly advanced threats.

Opinions Prevent your organization from becoming the next victim

Prevent your organization from becoming the next victim

Poorly managed privileged credentials pose a risk, but can be mitigated in a few easy steps.

SC Canada

Canadian court records getting published on Romanian site

A Romanian website is publishing public Canadian records for profit.

SC Canada

Canada privacy bill faces opposition

The Data Privacy Act has been greeted with great protest from privacy advocates.

SC Canada

Heartbleed bug helps hackers steal data from Canada Revenue Agency

The Heartbleed bug cost the Canada Revenue Agency (CRA) 900 social insurance numbers, which were stolen by a hacker exploiting the OpenSSL flaw.

SC Canada

Canada government requested subscriber data from telecommunications firms

The government of Canada requested subscriber data from Canadian telecommunications firms once every 27 seconds, says a researcher.

Opinions Me and my job: Sean Doherty, head of R&D, SpamTitan Technologies

Me and my job: Sean Doherty, head of R&D, SpamTitan Technologies

Challenges exist in areas of technology partner selection, managing employees and corporate role identity.

Debate

Debate: Cyber insurance should be mandatory for companies.

In this month's debate, experts discuss whether or not companies should be obligated to sign up for cyber insurance.

Opinions Build in visibility with trust

Build in visibility with trust

Having actionable insight into the goings on of your network is tantamount to managing operational variables.

Opinions The DDNS dagger

The DDNS dagger

It turns out that using a DDNS service is the easiest and most pervasive method for creating sustainable command-and-control domains.

Opinions Target is not alone: Risk indicators

Target is not alone: Risk indicators

Exec buy-in and new tech can help fight cyber threats, says BitSight's Stephen Boyer.

Editorial Heart of darkness

Heart of darkness

Just how vulnerable are we to an assault by the NSA, asks Illena Armstrong, SC's VP, editorial.

Opinions Adopt a framework, lower risk

Adopt a framework, lower risk

You can't run an effective security program without the basics, says Patricia Titus, CISO, Freddie Mac.

Opinions The cool factor: New tech in banking has an edge

The cool factor: New tech in banking has an edge

Disruption is expected; financial crime should be, too.

Opinions Me and my job: James Hill senior security architect, Consolidated Data Services

Me and my job: James Hill senior security architect, Consolidated Data Services

James Hill senior security architect, Consolidated Data Services (CDS), discusses his role at his organization.

Debate

Debate: Should Edward Snowden be granted amnesty?

In this month's debate, experts discuss whether whistleblower Edward Snowden should be granted amnesty.

Opinions Ahead in the cloud

Ahead in the cloud

Growth businesses are always looking for flexible ways of working that reduce capital and running costs, while securely delivering the data users need, when and where they need it.

Opinions Data archiving benefits

Data archiving benefits

Many CIOs are still unsure what role governance should play in their data archiving strategy.

Opinions Changing the business culture

Changing the business culture

Recent breaches prompt a new emphasis on education and corporate culture, says Allegis Capital's Bob Ackerman.

Editorial Can good come from bad news?

Can good come from bad news?

Despite the bullishness around information security planning and budgeting seen in the results of our survey, we're still seeing breaches like those experienced by Target

Opinions Strengthen links in the supply chain

Strengthen links in the supply chain

Watching highly publicized supply-chain disasters unfold, we shake our heads in disbelief - but what supply chain risks are you taking today that would be difficult to defend tomorrow?

Opinions It's not the breach that kills you, it's the cover-up

It's not the breach that kills you, it's the cover-up

It's how you handle yourself during and after a breach that will determine just how detrimental the breach actually is for your organization.

Opinions Building security around Bitcoin

Building security around Bitcoin

Similar to building a multi-layer security strategy for a business, before deciding what security controls should be implemented to protect Bitcoin transactions, we first need to identify the targets.

Opinions The great IT and mobile user peace treaty

The great IT and mobile user peace treaty

The average consumer has 40 or more apps installed on their mobile device, many of which they use to do their jobs, whether IT has sanctioned its use or not. The problem is that creates a "shadow IT" system.

SC Canada

Health law needs reform, says provincial privacy watchdog

The Albertan Information and Privacy Commissioner has formally asked the government to amend the province's Health Information Act with mandatory breach reporting and notification measures.

SC Canada

Well.ca security not that well, letter reveals

Well.ca, an online store selling health and beauty products, exposed names, addresses and credit card details for some of its customers in December, it admitted last month.

SC Canada

Canada signs Wedge Networks to secure government data centers

The Canadian government has hired Wedge Networks, a provider of cloud-based security services, to secure its computing infrastructure.

Opinions Me and my job: John Gibson, senior IT security officer, tTech Ltd.

Me and my job: John Gibson, senior IT security officer, tTech Ltd.

John Gibson discusses the challenges and rewards of his security role at tTech Ltd. as the senior IT security officer.

Threat of the Month Threat of the month: Java vulnerabilities

Threat of the month: Java vulnerabilities

For March's threat of the month, Secunia's Kasper Lindgaard believes Java vulnerabilities should be at the top of everyone's radar.

Debate

Debate: The Internet of Things is an enterprise problem

In this month's debate, experts discuss the possible issues that the Internet of Things presents for the industry.

Opinions Beyond the hype of industry trends

Beyond the hype of industry trends

Cloud computing is becoming a reality that will need to be addressed by every security department.

Opinions Mobile: Behind the headlines

Mobile: Behind the headlines

Has mobile malware changed through time as dramatically as the headlines might imply?

Opinions Time for a charge card overhaul

Time for a charge card overhaul

We've all been breached, but there are steps we can take to evolve the system, says security strategist Dan Srebnick.

Opinions The fallacy of targeted attacks

The fallacy of targeted attacks

It's time to admit that the bad guys can always make a first move, says Damballa's Manos Antonakakis.

Editorial Online safety for kids of all ages

Online safety for kids of all ages

In the aftermath of the Target breach, there is a huge need for all the people who are engaging with technology to understand more about cyber threats and ways they can account for these before and after something goes down.

Opinions Driving the mission forward

Driving the mission forward

The needs of the organizations we protect are complex and the response required due to the criticality of the services we provide tends to put our multi-faceted operations in a state of flux, says Roland Cloutier, CSO, ADP.

Opinions A perfect time for cyber crime

A perfect time for cyber crime

Two things needed to become widely available for cyber criminals to further expand the threat landscape - a network infrastructure that allows them to operate under the radar, and currency that would let them conduct commerce anonymously.

SC Canada

Canadian spies defend airport data collection

Canadian intelligence agency officials defended themselves at a Senate hearing early in February, after it was revealed that they had collected data on passengers travelling through Canadian airports via Wi-Fi access points.

SC Canada

Canadian Commissioner calls for privacy overhaul

The Canadian government should overhaul privacy legislation and reign in intelligence agencies to reflect a changing security landscape, its Privacy Commissioner told parliamentarians in late January.

Opinions A case for opportunistic encryption on the web

A case for opportunistic encryption on the web

The best aspect of opportunistic encryption is in the fact that it can be built into our infrastructure and deployed transparently for everyone.

Opinions Me and my job: Mat Gangwer, security architect, Rook Security

Me and my job: Mat Gangwer, security architect, Rook Security

We take a look inside the professional world of Mat Gangwer, security architect at Rook Security.

Threat of the Month Threat of the month: Government agencies

Threat of the month: Government agencies

The continued leak of classified government intelligence documents by Edward Snowden draws into question the balance of offensive and defensive capabilities of governments.

Debate

Debate: Big Data for security analytics is ready for prime time.

In this month's debate, experts discuss the importance of Big Data analytics in the industry today.

Opinions The need and the challenge

The need and the challenge

Let's agree on a definition of the term "security" and move forward from there, says AT&T's Chris Mark.

Editorial All apologies as they drain you again

All apologies as they drain you again

Following revelations of a massive breach during the holidays, Target announced it will be investing some $5 million in a cyber security coalition, researching cyber crimes and then educating us, the masses, about ways we can avoid becoming victims.

Opinions Getting ahead of new threats

Getting ahead of new threats

There are six security threats all businesses should be aware of for 2014, says ISF's Steve Durbin.

Opinions Surveillance data: All eyes on you

Surveillance data: All eyes on you

With the advent of nearly omnipotent video surveillance, the age-old saying "a picture is worth a thousand words," scares me more today than it ever has.

Opinions Security, Gangnam style

Security, Gangnam style

Asian nations are producing nurturing communities of security professionals that are more prepared to deal with a rapidly changing environment.

Opinions

Bitcoin payments pose security challenges for brick and mortar merchants

The benefits of cryptocurrency for consumers are well known, but there are also some downsides that must be addressed.

Opinions Fuzzy math: The need for a national cyber breach notification standard

Fuzzy math: The need for a national cyber breach notification standard

Although some progress has been made in the availability of data, we are far away from having the transparency required for risk management.

Opinions

Ethical challenges of the Internet of Things

We knowingly, and sometimes unknowingly, interact with the Internet of Things on a daily basis in both our professional and personal lives.

Opinions Mobile access: It's not just about calendar and email anymore

Mobile access: It's not just about calendar and email anymore

The mobile workforce - no longer satisfied with limited access - wants access to all the applications and data needed to perform all job tasks from a multitude of personal mobile devices, anywhere, anytime.

Opinions Prepare for mobile threats in 2014

Prepare for mobile threats in 2014

As mobile devices are further integrated into networks, organizations will have a critical need to implement end-to-end security solutions that offer comprehensive security to provide a multi-layered security solution.

Opinions The lessons of Bletchley Park

The lessons of Bletchley Park

The cyber threat landscape has always been in flux and will continue to evolve. However, it seems the pace of change has increased significantly in the past few years alone.

Opinions Why wasn't healthcare.gov security properly tested?

Why wasn't healthcare.gov security properly tested?

Anyone designing a new system such as this should take security into account from the beginning. The amount of personal information that could be harvested by any breach is truly alarming.

Opinions Ways to avoid a multi-million dollar security disaster

Ways to avoid a multi-million dollar security disaster

From Adobe to Facebook, security breaches continue to be top-of-mind for both companies and users, and organizations around the globe are all wondering if they are next in line to deal with a breach of their own.

SC Canada

BlackBerry founder steps back from takeover

A regulatory filing indicated that BlackBerry founder Mike Lazaridis sold more than $26 million of stock in his former company.

SC Canada

Spy agency admits "incidental" interception of Canadians' information

The Communications Security Establishment Canada (CSE) has admitted that it "may incidentally intercept Canadian communications or information."

SC Canada

Authors unite against electronic surveillance

Some of Canada's best-known authors - including Margaret Atwood, Yann Martel and John Ralston Saul - added their names to an online petition condemning mass surveillance by governments and corporations.

SC Canada

Federal Court judge denounces spy agency's methods

Federal Court of Canada Judge Richard Mosley has slammed the Canadian Security Intelligence Service (CSIS).

Opinions Hacker economics: Opportunity costs and attacker attention spans

Hacker economics: Opportunity costs and attacker attention spans

When we think about criminal hackers, we picture a techie who lives and breathes code. But more recently, another picture comes to mind. When you get right down to it, hackers are people, too.

Sign up to our newsletters

POLL