Opinions The 10 POS malware families this holiday season

The 10 POS malware families this holiday season

This holiday shopping season, many retailers have two goals in mind - make record-breaking sales and don't get breached.

Opinions Securing the enterprise with the five W's of access

Securing the enterprise with the five W's of access

Burden of proof should grow heavier as request for access grows more sensitive.

2015 Predictions Exploits, mobile and cloud storage threats will plague users in 2015

Exploits, mobile and cloud storage threats will plague users in 2015

2015 is setup to be one of the most dangerous years for not only your PC but also your mobile devices and cloud storage.

2015 Predictions 2015 trends to watch: Data destruction, endpoint intelligence and user behavior analytics

2015 trends to watch: Data destruction, endpoint intelligence and user behavior analytics

Based on the course of events that we've seen over the last year, and how the market is responding, here are some of the security trends that we will see over the coming 12 months.

2015 Predictions A forecast of the cyberthreat landscape in 2015

A forecast of the cyberthreat landscape in 2015

From Heartbleed to WireLurker, we certainly had our hands full. Here are some other trends from 2014 and predictions for the coming year.

2015 Predictions What we can be thankful for in '14, and what we might expect in '15

What we can be thankful for in '14, and what we might expect in '15

As we approach the time of year when all the security gurus bring out their crystal balls, we should also focus on the improvements made in 2014.

Opinions Why compliance matters

Why compliance matters

Part of my role requires me to ask questions that an auditor might. This is especially true when it comes to compliance, why it matters, and how it makes a difference.

Opinions The cybersecurity skills gap

The cybersecurity skills gap

Cooperation is required to advance the profession, says Towerwall's Candy Alexander.

Debate

Debate: If the good guys don't hire the "unhireable," the bad guys will.

Experts debate whether or not organizations should consider hiring hackers with a criminal past.

Editorial Take the ride: 25 years of covering IT security

Take the ride: 25 years of covering IT security

For this year's annual Reboot edition, we took the opportunity to look back not just on the last 12 months, but the last 25 years SC has been entrenched in the information security space.

Opinions The proliferation of mandates

The proliferation of mandates

The reality of ubiquitous reliance on ICT has given rise to the criticality of cyber security, says Cisco CSO Edna Conway.

Opinions Missing the big picture in the Sony hack

Missing the big picture in the Sony hack

Should we rush out signatures for this latest version of malware, or should we take a step back and figure out how to focus our technology and security operations around identifying attackers before they wreak such havoc?

Opinions Expanding security zones, a historical example

Expanding security zones, a historical example

Network security today has similar defensive problems to those posed to American Colonial population centers. Here's why...

Opinions The future of security and authentication

The future of security and authentication

As hackers become more advanced, our security methods also have to evolve and become more secure so that we aren't just giving our information away.

Opinions PCI 3.0: The good, the changes and why it's not ugly

PCI 3.0: The good, the changes and why it's not ugly

The primary challenge to secure payment card data is that too many involved see the PCI DSS as a panacea for every risk in the marketplace.

Opinions The Internet of Things (IoT) will fail if security has no context

The Internet of Things (IoT) will fail if security has no context

The Internet of Things requires a new way of thinking and acting, one that will protect a business and help it grow.

Opinions Failing the security test: Target wasn't the first failing grade, or the last

Failing the security test: Target wasn't the first failing grade, or the last

It's easy to get hung up on discussions around chip-and-pin, malware and network segmentation, and in the process lose sight of the broader trends that underlie many breaches.

Opinions Four commonly overlooked security gaps

Four commonly overlooked security gaps

If organizations are looking to raise their security profile, they should certainly examine these commonly overlooked areas.

SC Canada

Federal data breach legislation advances as provincial lapse nears

A Canadian federal bill that would force companies to notify individuals of breaches moved a step closer to being law in October.

SC Canada

Wildfire breach affects 15,000

British Columbia's provincial government is notifying 15,000 individuals after a privacy breach in its Wildfire Management Branch.

SC Canada

RCMP record keeping needs work, says Privacy Commissioner

Canada's RCMP cannot tell whether it complies with federal privacy law when gathering information about citizens without a warrant, according to a report.

Opinions Combating cyber risk in the supply chain

Combating cyber risk in the supply chain

Everyone involved with vendor management should now develop a common, collaborative security strategy.

Opinions A silver lining in the JPMorgan breach?

A silver lining in the JPMorgan breach?

This incident gives the industry hope that proactive measures can stop an attacker before a breach drives catastrophic results.

Opinions Does an Executive Order make payments more secure in the U.S.?

Does an Executive Order make payments more secure in the U.S.?

This year has been so bad for merchant data breaches that the president felt the need to ensure that the government would offer itself as a more safe and secure place to do business with.

Threat of the Month

Threat of the month: Bash bug/Shellshock

Threat of the month: Bash bug/Shellshock

Skills in Demand Skills in demand: Biometric security, account executive

Skills in demand: Biometric security, account executive

Good news for those industry pros that specialize in biometric security...you're in demand.

Opinions Me and my job: Marisa Fagan, director of crowd operations, Bugcrowd

Me and my job: Marisa Fagan, director of crowd operations, Bugcrowd

This month, we get to know Marisa Faga, Bugcrowd's director of crowd operations.

Debate

Debate: Should you pay a cyber ransom?

Industry experts debate whether organizations should or should not pay a cyber ransom to miscreants.

Opinions Will cyber threaten mobile?

Will cyber threaten mobile?

As mobile devices are further integrated into networks, organizations will have a critical need to implement end-to-end security solutions.

Opinions Selling Snowden-style access: Inside threat

Selling Snowden-style access: Inside threat

Edward Snowden has the same broad access and privileges that many employees in similar positions have at almost every business.

Opinions Privacy and the Internet of Things

Privacy and the Internet of Things

With parameters, new tech can help your business, says McAfee's Jonathan Fox and Tyson Macaulay.

Editorial Finding the right structure

Finding the right structure

Some experts contend that a reason for the seeming decline in IT security spend is that it is now becoming a pervasive part of everyday corporate operations.

Opinions Getting executives on board

Getting executives on board

Successful CISOs need to master more than system security to make their companies competitive and improve their own job security.

Opinions Hackers are after your app

Hackers are after your app

Modern mobile hacks are diverse and can be performed by anyone, from an inexperienced amateur to highly skilled teams operating like tech startups.

Opinions The elephant in the room

The elephant in the room

Bring the insider issue into the light and focus on culture change, says PSCU's Gene Fredriksen.

Opinions Beware of the malware walking dead

Beware of the malware walking dead

This Hallows Eve might be a good time to remind ourselves that zombies can be just as deadly, and I'm referring to recycled tools and techniques from years gone by.

Opinions Why the Home Depot attack shouldn't have happened

Why the Home Depot attack shouldn't have happened

Major retailers are falling prey to massive credit card information heists, despite spending millions on cyber security systems.

Opinions Next-generation malware: Think like the enemy and avoid the car alarm problem

Next-generation malware: Think like the enemy and avoid the car alarm problem

When it comes to enterprise security, one rule remains constant - attacks will continue to increase in sophistication and attackers will seek to outmaneuver existing defenses.

Opinions Heartbleed, Shellshock and POODLE: The sky is not falling

Heartbleed, Shellshock and POODLE: The sky is not falling

While it may seem like 2014 is the year of the vulnerability, in reality, this year has not been much different than years past.

Opinions Technology alone isn't going to secure IoT connected devices

Technology alone isn't going to secure IoT connected devices

It's clear that vulnerabilities continue to exist, despite our best efforts to combat them. In fact, we have addressed many of the same problems before.

Opinions DDoS is the new spam...and it's everyone's problem now

DDoS is the new spam...and it's everyone's problem now

As new solutions emerge, it's critical for organizations to protect themselves by being informed, aware, and acting whenever possible. Those that don't take action are playing a very dangerous game.

Opinions Securing the autonomous vehicle

Securing the autonomous vehicle

We are now in the fast lane towards a driverless future. Will we have to brake for hackers?

SC Canada

Childrens' Hospital apologizes for rogue employee breach

Alberta Health Services is apologizing following a data breach at Alberta Children's Hospital.

SC Canada

Canadian launches $500m class action against Home Depot

A Canadian is leading a $500 million class-action lawsuit against Home Depot following its data breach in which up to 56 million US and Canadian credit cards were stolen.

SC Canada

Faulty UBC software exposed student financial information

Students at the University of British Columbia have been warned that their personal information may have been exposed thanks to a software bug.

Opinions CISO: same title, new opportunities

CISO: same title, new opportunities

Despite big responsibilities compounded by a string of headline-grabbing data breaches, the skies are looking brighter for CISOs.

Opinions Assurance 101: Lessons learned

Assurance 101: Lessons learned

It will continue to be a year where companies need to focus on how their employees interact online.

Opinions Cyber espionage insurance

Cyber espionage insurance

A cyber liability policy covers first-party liability (property and theft) and third-party liability (privacy and data security).

Opinions Me and my job: Michael Canavan, Kaspersky Lab North America

Me and my job: Michael Canavan, Kaspersky Lab North America

We catch up and learn a bit more about Michael Canavan, senior director, systems engineering, Kaspersky Lab North America.

Debate

Debate: Password managers are secure enough for enterprise users.

Chris Weber, co-founder, Casaba Security, and Geoffrey Vaughan, security consultant, Security Compass, go head to head on the use of password managers in the enterprise.

Opinions Embracing BYOD...with safeguards

Embracing BYOD...with safeguards

It's possible to safely manage the security risks posed by BYOD, says Anders Lofgren at Acronis Access.

Opinions Becoming a "security thinker"

Becoming a "security thinker"

Active security thinking ensures that we don't simply perpetuate security folklore.

Opinions Board-level planning: Tangible metrics can persuade

Board-level planning: Tangible metrics can persuade

Security leaders must create visible value for the organization, says Unisys's Francis Ofungwu.

Opinions Falling off the 'Wagon of Things'

Falling off the 'Wagon of Things'

The Internet of Things promises so much. And so the question arises, how are we going to keep all this 'stuff' safe and secure?

Opinions Know your traffic: The case for egress monitoring and filtering

Know your traffic: The case for egress monitoring and filtering

Our networks are our field; no one knows our network better than us, the people who maintain it. We need to use that to our advantage.

Opinions Breach shaming and the need for a new model to discuss data breaches

Breach shaming and the need for a new model to discuss data breaches

The breach shaming trend impedes forward progress in preventing such incidents in the future and leaves consumers worrying without educating them.

SC Canada

CSEC mishandled private communications, says watchdog

Canada's foreign spy agency mishandled information on private communications that it had collected by mistake, according to the most recent report by a government watchdog.

SC Canada

National Research Council breached

Canada's National Research Council has written to partner companies informing them of a breach of its cybersecurity systems.

SC Canada

Canadian ISP used In $83,000 cryptocurrency heist

A Canadian ISP has been identified as the source of a cryptocurrency hack that stole $83,000 over four months.

Opinions Me and my job: Chris Sullivan, vice president of advanced solutions, Courion

Me and my job: Chris Sullivan, vice president of advanced solutions, Courion

This month we get to know Chris Sullivan, vice president of advanced solutions at Courion.

Opinions Threat of the month: SVPENG

Threat of the month: SVPENG

We take a closer look at SVPENG, malware that's capable of launching two different types of attacks.

Debate

Debate: Data in the cloud is more secure than on premises.

Experts debate whether data in the cloud is more secure than data that's housed on an organization's premises.

Opinions Security assessment stability

Security assessment stability

We should be asking if it is worth the cost of constantly switching security assessment companies, says Ken Stasiak CEO, SecureState.

Opinions Let CHAOS rein

Let CHAOS rein

Now is the time for infosec pros to embrace CHAOS and protect organizations from the realities of our always-on world.

Opinions Cloud in an information world

Cloud in an information world

Nation-states are flexing their muscles in the cyber realm, says Avatier's Ryan Ward.

Opinions When is a control not a control?

When is a control not a control?

When the entire network is down, the smart CIO is already on the phone to the CFO with an explanation, says David Sheidlower, global head of information security, BBDO Worldwide.

Opinions An IT lens on data breach response

An IT lens on data breach response

This heightened awareness regarding data breach response time has created an interesting dynamic for security professionals.

Opinions Ensuring your developers love - or at least don't hate - security

Ensuring your developers love - or at least don't hate - security

The relationship between development and security doesn't need to be hostile, and there are ways to engage developers more with security.

Opinions Backing diversity lowers the bar?

Backing diversity lowers the bar?

Many groups have striven to cultivate a more welcoming workplace, says Alison Gianotto.

Editorial A long-overdue change

A long-overdue change

Debates about the dearth of women in IT security and, well, a lack of diversity in the field overall, seem to be edging our space closer and closer to some sort of tipping point.

Opinions A wake-up call for retailers

A wake-up call for retailers

Recent events should serve as wake-up calls for organizations in the retail and hospitality space to evaluate their third-party vendors.

Opinions Unfair competition: Proactive preemption can save you from litigation

Unfair competition: Proactive preemption can save you from litigation

With each job change, the risk that the new hire will bring confidential information or trade secrets with him or her to the new company grows.

Opinions Hackers only need to get it right once, we need to get it right every time

Hackers only need to get it right once, we need to get it right every time

Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.

Opinions Successful strategies for continuous response

Successful strategies for continuous response

While it isn't realistic for organizations to expect that it will never happen to them, a rapid, professional and continuous response can limit their scope and reputational impact.

SC Canada

Almost 40 percent of Canada's Justice Department duped by phishing

Almost one in four employees at Canada's Justice Department fell prey to internet phishing in an exercise last December.

SC Canada

Microsoft wavers on Canadian spam fears

Microsoft has reconsidered a move to cease security emails in Canada, following the introduction of an anti-spam law north of the border.

SC Canada

Underinvestment, poor communication plague Canadian cybersecurity

Canadian cybersecurity is languishing due to poor communication and disappointing security investments, according to research from the Ponemon Institute.

Opinions When it comes to cyber attacks, predictions are pointless but preparation is key

When it comes to cyber attacks, predictions are pointless but preparation is key

Rather than predicting the next lightning strike it is far better to pay attention to the areas we already know are vulnerable.

Opinions Protecting what matters

Protecting what matters

Whether it is a database of customer information or valuable intellectual property, an organization's "crown jewels" need to be protected with the most robust security possible.

Opinions Buying something illegal? Bitcoin is not the currency for you.

Buying something illegal? Bitcoin is not the currency for you.

While it's considered a form of anonymous currency, Bitcoin isn't as private as you may think.

Opinions P.F. Chang's incident calls for updating payments tech

P.F. Chang's incident calls for updating payments tech

Is it time to go back to cash? Or are there other forms of digital payment that are more secure?

Opinions Converting your vendors into your vendor partners

Converting your vendors into your vendor partners

With all of the money invested in security solutions, companies are getting breached at increasingly higher rates. It's time that organizations got the most out of their security vendors.

Opinions The compromise of things: Security considerations in a connected world

The compromise of things: Security considerations in a connected world

We must prepare for the security considerations when it comes to the looming technological phenomenon that is the Internet of Things.

Opinions Winning at the World Cup: A zonal defensive strategy

Winning at the World Cup: A zonal defensive strategy

As we in the loss prevention industry are always looking for a flag indicating there is a potential for fraud, this one looks like it is as good as any for us to display our vigilance.

Opinions Cyber security tasks that could have saved eBay and Target

Cyber security tasks that could have saved eBay and Target

There are three major foundational areas of security, that if focused on, could go a long way in preventing a security breach.

SC Canada

New Canadian privacy commissioner comes under fire

Canada's federal privacy commissioner has been replaced in a move that has sparked criticism from activists, academics and political leaders.

SC Canada

Canadian hospital employees leaked personal details to financial firms

Up to 8,300 patients had their personal information stolen and given to financial companies by staff at Ontario's Rouge Valley Centenary Hospital.

SC Canada

Canadian auditors failing on cyber security

Audit committees in Canada are falling behind the rest of the world by not spending enough time assessing cyber security, warned a KPMG report this month.

Opinions The systems management imperative: Achieving more effective perimeter security from the inside out

The systems management imperative: Achieving more effective perimeter security from the inside out

To fend off cyber attacks, organizations must approach security from all touchpoints, including inventory and asset management, patch management and configuration enforcement.

Opinions Me and my job: Col. (Retired) Barry Hensley, Dell SecureWorks

Me and my job: Col. (Retired) Barry Hensley, Dell SecureWorks

It was while working with an elite group of cyber forces in the military that Col. (Retired) Barry Hensley realized the severity of security issues facing this nation.

Threat of the Month Threat of the month: Network deperimeterization

Threat of the month: Network deperimeterization

Security professionals should be aware of network deperimeterization, which decreases the usefulness of network edge security devices and increases the potential for device infection and data loss.

Debate

Debate: DDoS is becoming a more serious threat to enterprises.

While distributed denial-of-service attacks continue to plague organizations around the world, in this month's debate experts discuss whether they should be a top of mind concern for security pros.

Opinions New tech can better protect

New tech can better protect

Chip technology can prevent criminals from producing counterfeit credit cards.

Opinions Supply chain: The new surety frontier

Supply chain: The new surety frontier

To provide assurance against counterfeit or tainted ICT products, solutions and services as well as end-to-end security practices should be addressed.

Opinions Preparation key to warding off disaster

Preparation key to warding off disaster

By preparing in advance, acquiring the skill sets needed and developing a communications plan in advance will go a long way in quickly mitigating a Heartbleed-like incident.

Opinions Leveraging threat intelligence to stay one step ahead

Leveraging threat intelligence to stay one step ahead

To overcome a plethora of challenges, cyber defenders must create innovative new models for protecting their organizations from increasingly advanced threats.

Opinions Prevent your organization from becoming the next victim

Prevent your organization from becoming the next victim

Poorly managed privileged credentials pose a risk, but can be mitigated in a few easy steps.

SC Canada

Canadian court records getting published on Romanian site

A Romanian website is publishing public Canadian records for profit.

SC Canada

Canada privacy bill faces opposition

The Data Privacy Act has been greeted with great protest from privacy advocates.

SC Canada

Heartbleed bug helps hackers steal data from Canada Revenue Agency

The Heartbleed bug cost the Canada Revenue Agency (CRA) 900 social insurance numbers, which were stolen by a hacker exploiting the OpenSSL flaw.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US