This holiday shopping season, many retailers have two goals in mind - make record-breaking sales and don't get breached.
Burden of proof should grow heavier as request for access grows more sensitive.
2015 is setup to be one of the most dangerous years for not only your PC but also your mobile devices and cloud storage.
Based on the course of events that we've seen over the last year, and how the market is responding, here are some of the security trends that we will see over the coming 12 months.
From Heartbleed to WireLurker, we certainly had our hands full. Here are some other trends from 2014 and predictions for the coming year.
As we approach the time of year when all the security gurus bring out their crystal balls, we should also focus on the improvements made in 2014.
Part of my role requires me to ask questions that an auditor might. This is especially true when it comes to compliance, why it matters, and how it makes a difference.
Cooperation is required to advance the profession, says Towerwall's Candy Alexander.
Experts debate whether or not organizations should consider hiring hackers with a criminal past.
For this year's annual Reboot edition, we took the opportunity to look back not just on the last 12 months, but the last 25 years SC has been entrenched in the information security space.
The reality of ubiquitous reliance on ICT has given rise to the criticality of cyber security, says Cisco CSO Edna Conway.
Should we rush out signatures for this latest version of malware, or should we take a step back and figure out how to focus our technology and security operations around identifying attackers before they wreak such havoc?
Network security today has similar defensive problems to those posed to American Colonial population centers. Here's why...
As hackers become more advanced, our security methods also have to evolve and become more secure so that we aren't just giving our information away.
The primary challenge to secure payment card data is that too many involved see the PCI DSS as a panacea for every risk in the marketplace.
The Internet of Things requires a new way of thinking and acting, one that will protect a business and help it grow.
It's easy to get hung up on discussions around chip-and-pin, malware and network segmentation, and in the process lose sight of the broader trends that underlie many breaches.
If organizations are looking to raise their security profile, they should certainly examine these commonly overlooked areas.
A Canadian federal bill that would force companies to notify individuals of breaches moved a step closer to being law in October.
British Columbia's provincial government is notifying 15,000 individuals after a privacy breach in its Wildfire Management Branch.
Canada's RCMP cannot tell whether it complies with federal privacy law when gathering information about citizens without a warrant, according to a report.
Everyone involved with vendor management should now develop a common, collaborative security strategy.
This incident gives the industry hope that proactive measures can stop an attacker before a breach drives catastrophic results.
This year has been so bad for merchant data breaches that the president felt the need to ensure that the government would offer itself as a more safe and secure place to do business with.
Threat of the month: Bash bug/Shellshock
Good news for those industry pros that specialize in biometric security...you're in demand.
This month, we get to know Marisa Faga, Bugcrowd's director of crowd operations.
Industry experts debate whether organizations should or should not pay a cyber ransom to miscreants.
As mobile devices are further integrated into networks, organizations will have a critical need to implement end-to-end security solutions.
Edward Snowden has the same broad access and privileges that many employees in similar positions have at almost every business.
With parameters, new tech can help your business, says McAfee's Jonathan Fox and Tyson Macaulay.
Some experts contend that a reason for the seeming decline in IT security spend is that it is now becoming a pervasive part of everyday corporate operations.
Successful CISOs need to master more than system security to make their companies competitive and improve their own job security.
Modern mobile hacks are diverse and can be performed by anyone, from an inexperienced amateur to highly skilled teams operating like tech startups.
Bring the insider issue into the light and focus on culture change, says PSCU's Gene Fredriksen.
This Hallows Eve might be a good time to remind ourselves that zombies can be just as deadly, and I'm referring to recycled tools and techniques from years gone by.
Major retailers are falling prey to massive credit card information heists, despite spending millions on cyber security systems.
When it comes to enterprise security, one rule remains constant - attacks will continue to increase in sophistication and attackers will seek to outmaneuver existing defenses.
While it may seem like 2014 is the year of the vulnerability, in reality, this year has not been much different than years past.
It's clear that vulnerabilities continue to exist, despite our best efforts to combat them. In fact, we have addressed many of the same problems before.
As new solutions emerge, it's critical for organizations to protect themselves by being informed, aware, and acting whenever possible. Those that don't take action are playing a very dangerous game.
We are now in the fast lane towards a driverless future. Will we have to brake for hackers?
Alberta Health Services is apologizing following a data breach at Alberta Children's Hospital.
A Canadian is leading a $500 million class-action lawsuit against Home Depot following its data breach in which up to 56 million US and Canadian credit cards were stolen.
Students at the University of British Columbia have been warned that their personal information may have been exposed thanks to a software bug.
Despite big responsibilities compounded by a string of headline-grabbing data breaches, the skies are looking brighter for CISOs.
It will continue to be a year where companies need to focus on how their employees interact online.
A cyber liability policy covers first-party liability (property and theft) and third-party liability (privacy and data security).
We catch up and learn a bit more about Michael Canavan, senior director, systems engineering, Kaspersky Lab North America.
Chris Weber, co-founder, Casaba Security, and Geoffrey Vaughan, security consultant, Security Compass, go head to head on the use of password managers in the enterprise.
It's possible to safely manage the security risks posed by BYOD, says Anders Lofgren at Acronis Access.
Active security thinking ensures that we don't simply perpetuate security folklore.
Security leaders must create visible value for the organization, says Unisys's Francis Ofungwu.
The Internet of Things promises so much. And so the question arises, how are we going to keep all this 'stuff' safe and secure?
Our networks are our field; no one knows our network better than us, the people who maintain it. We need to use that to our advantage.
The breach shaming trend impedes forward progress in preventing such incidents in the future and leaves consumers worrying without educating them.
Canada's foreign spy agency mishandled information on private communications that it had collected by mistake, according to the most recent report by a government watchdog.
Canada's National Research Council has written to partner companies informing them of a breach of its cybersecurity systems.
A Canadian ISP has been identified as the source of a cryptocurrency hack that stole $83,000 over four months.
This month we get to know Chris Sullivan, vice president of advanced solutions at Courion.
We take a closer look at SVPENG, malware that's capable of launching two different types of attacks.
Experts debate whether data in the cloud is more secure than data that's housed on an organization's premises.
We should be asking if it is worth the cost of constantly switching security assessment companies, says Ken Stasiak CEO, SecureState.
Now is the time for infosec pros to embrace CHAOS and protect organizations from the realities of our always-on world.
Nation-states are flexing their muscles in the cyber realm, says Avatier's Ryan Ward.
When the entire network is down, the smart CIO is already on the phone to the CFO with an explanation, says David Sheidlower, global head of information security, BBDO Worldwide.
This heightened awareness regarding data breach response time has created an interesting dynamic for security professionals.
The relationship between development and security doesn't need to be hostile, and there are ways to engage developers more with security.
Many groups have striven to cultivate a more welcoming workplace, says Alison Gianotto.
Debates about the dearth of women in IT security and, well, a lack of diversity in the field overall, seem to be edging our space closer and closer to some sort of tipping point.
Recent events should serve as wake-up calls for organizations in the retail and hospitality space to evaluate their third-party vendors.
With each job change, the risk that the new hire will bring confidential information or trade secrets with him or her to the new company grows.
Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.
While it isn't realistic for organizations to expect that it will never happen to them, a rapid, professional and continuous response can limit their scope and reputational impact.
Almost one in four employees at Canada's Justice Department fell prey to internet phishing in an exercise last December.
Microsoft has reconsidered a move to cease security emails in Canada, following the introduction of an anti-spam law north of the border.
Canadian cybersecurity is languishing due to poor communication and disappointing security investments, according to research from the Ponemon Institute.
Rather than predicting the next lightning strike it is far better to pay attention to the areas we already know are vulnerable.
Whether it is a database of customer information or valuable intellectual property, an organization's "crown jewels" need to be protected with the most robust security possible.
While it's considered a form of anonymous currency, Bitcoin isn't as private as you may think.
Is it time to go back to cash? Or are there other forms of digital payment that are more secure?
With all of the money invested in security solutions, companies are getting breached at increasingly higher rates. It's time that organizations got the most out of their security vendors.
We must prepare for the security considerations when it comes to the looming technological phenomenon that is the Internet of Things.
As we in the loss prevention industry are always looking for a flag indicating there is a potential for fraud, this one looks like it is as good as any for us to display our vigilance.
There are three major foundational areas of security, that if focused on, could go a long way in preventing a security breach.
Canada's federal privacy commissioner has been replaced in a move that has sparked criticism from activists, academics and political leaders.
Up to 8,300 patients had their personal information stolen and given to financial companies by staff at Ontario's Rouge Valley Centenary Hospital.
Audit committees in Canada are falling behind the rest of the world by not spending enough time assessing cyber security, warned a KPMG report this month.
To fend off cyber attacks, organizations must approach security from all touchpoints, including inventory and asset management, patch management and configuration enforcement.
It was while working with an elite group of cyber forces in the military that Col. (Retired) Barry Hensley realized the severity of security issues facing this nation.
Security professionals should be aware of network deperimeterization, which decreases the usefulness of network edge security devices and increases the potential for device infection and data loss.
While distributed denial-of-service attacks continue to plague organizations around the world, in this month's debate experts discuss whether they should be a top of mind concern for security pros.
Chip technology can prevent criminals from producing counterfeit credit cards.
To provide assurance against counterfeit or tainted ICT products, solutions and services as well as end-to-end security practices should be addressed.
By preparing in advance, acquiring the skill sets needed and developing a communications plan in advance will go a long way in quickly mitigating a Heartbleed-like incident.
To overcome a plethora of challenges, cyber defenders must create innovative new models for protecting their organizations from increasingly advanced threats.
Poorly managed privileged credentials pose a risk, but can be mitigated in a few easy steps.
A Romanian website is publishing public Canadian records for profit.
The Data Privacy Act has been greeted with great protest from privacy advocates.
The Heartbleed bug cost the Canada Revenue Agency (CRA) 900 social insurance numbers, which were stolen by a hacker exploiting the OpenSSL flaw.
Sign up to our newsletters
SC Magazine Articles
- Impact of Linux bug 'grinch' spans servers, workstations, Android devices and more
- More than 100K WordPress sites compromised by malware due to plugin vulnerability
- Phishing email contains Word doc, enabling macros leads to malware infection
- Critical 'Misfortune Cookie' bug puts millions of internet-connected routers at risk
- White House calls Sony hack a "serious national security matter," gov't mulls proper response
- Neverquest botnet furthers crimeware-as-a-service biz for fraudsters
- Solo attacker likely responsible for phishing campaign, delivering Zeus variant
- Telecommunications companies on the line with FTC, FCC for cramming schemes
- The 10 POS malware families this holiday season
- White House calls Sony hack a "serious national security matter," gov't mulls proper response