The need for experienced incident response professionals is outstripping the available supply of talent.
Mikel Draghici, principal mobile security specialist, Usher
After 30-plus years as an official in the National Security Agency (NSA), William Binney has been speaking out about what he sees as the "very ugly path" his former employer, along with the FBI and CIA, are currently following.
Threat of the Month: Cryptolocker
Debate: The Pentagon's strategy to use cyberwarfare in conflicts with enemies is necessary.
Congress took significant action in April to address cybersecurity information-sharing efforts.
You can't hire quality information security talent the same way you hire customer service reps.
There's been quite a bit of lip service paid to the ages-old concept of information sharing, says Illena Armstrong, VP, editorial, SC Magazine..
Cisco Systems CSO Edna Conway calls for action to stop the risks of counterfeit or tainted information.
Debate: Congress should mandate that the payment card industry adopt safer technology.
Much needs to be done to convince boardrooms of the importance of information security.
It's time for a dramatic reimagining of how companies approach security.
A single solution won't stop data theft, says ADP's Roland Cloutier.
Trust directly correlates to our expectations of privacy, says Illena Armstrong, VP, editorial.
It is important for everybody to stay vigilant when online, says Lena Smart, CIO, New York Power Authority.
You likely have a list of criteria to check through during the hiring process of a vendor, but if you haven't added cybersecurity standards to that list, you should.
To extend the ERM approach to information and IP, companies need to create a comprehensive inventory of sensitive data and intellectual property that are key to their competitiveness.
Today's CISO must play a strategic and forceful role in mandating the transition to a more secure enterprise infrastructure.
Target. Home Depot. Morgan Stanley. Sony. Anthem. Jennifer Lawrence. You?
IT pros, beware: The phenomenon of "data breach fatigue" isn't just an issue of consumer complacency.
In this month's "Me and my job" feature, we get to know Johannes Ullrich of the SANS Technology Institute.
Given the recent headline-grabbing breaches, in this month's debate information security professionals discuss whether or not money is safe online.
The security community is abuzz about the risks of reverse engineering code.
It is an assumption for many enterprises operating today that they may already have been compromised.
The rise of IoT will require a completely new approach to network security, says vArmour CEO Timothy Eades.
Threats loom heavily on the minds of those charged with keeping critical data safe from bad actors, says Illena Armstrong, VP editorial, SC Magazine.
A CSO with a budget must be in want of a thousand dedicated point solutions, says Alex Stamos, CISO, Yahoo.
Passing the annual compliance assessment is just the start of a vigilant security program, says Stephen Orfei of the PCI SSC.
With every new data leak end users are looking for ways to better protect themselves and keep their personal financial identity safe from hackers.
The saying "better safe than sorry" rings true when it comes to data security.
As end users bring their own devices, applications, and even networks into their employer's fray, hallowed IT security concepts like visibility, control and peace of mind are jettisoned out the window.
Cybercriminals often are specifically looking for credit card numbers that can be reused on other e-commerce sites or sold to the highest bidder on the digital black market.
Sophisticated bad guys are likely to assume that high-value targets have deployed the latest security technologies - this has been the case going back over a decade.
How did we arrive at this approach to network security and, more importantly, what's happening today that's causing us to seriously rethink this approach?
Whose responsibility is it to lead the fight against cybercrime and protect valuable health care data? The answer: it's not just one person.
The "It won't happen to me" mentality combined with communication gaps between the IT and security teams greatly increases enterprises' risk of being breached.
The truth is simply that none of us, including the FTC and Ofcom, fully know or understand the extent for which the unintended consequences of IoT will show its ugly head.
One crucial step will ensure that you do not fall haphazardly down the rabbit hole on your way there.
A misstep by an IT employee of Canadian communications conglomerate Rogers Communications allowed the contractual information of 50-70 of the company's business customers to be exposed via Twitter.
If we can learn anything from the Carbanak malware, it is to use stealthy and evasive maneuvers in the security technology and education we deploy within enterprises to fight fire with fire.
Canada deported self-proclaimed Anonymous member Matt DeHart.
As much as I applaud the FTC for making security a priority, its recommendations are light years away from where the current IoT security bar is.
Perimeter security has only brought us so far. It's time to embrace a user-centric model instead.
In order to show risk is being properly managed, security teams are often regarded as gatekeepers who slow the pace of software development due to what is perceived as their authoritative behavior.
Shared Services Canada plans to spend $55 million to upgrade IT infrastructure.
Technological innovation is now increasingly consumer led forcing organizations to adopt faster to serve them or it diffuses into the work environment leaving the traditional IT to play catch-up.
Here's a closer look at CipherCloud's Chief Trust Officer Bob West.
Experts debate whether the financial industry has a leg up in terms of their cybersecurity strategy when compared to other industries.
Even the most sophisticated, well-intentioned perimeter-focused cybersecurity strategy cannot possibly be 100 percent effective, says Oliver Tavakoli, CTO, Vectra.
Identity management has evolved rapidly over the past decade, says Jim Robell, president and COO, Eid Passport.
An ill-informed worker is a weak link that leaves a giant gap in your defenses, says SOHO Solutions VP Scott Aurnou.
Despite ongoing attacks against major corporations, not much is changing at the executive level, says Illena Armstrong, VP, editiorial, SC Magazine.
Hackers are finding new attack vectors to exploit and it is becoming harder for us "security professionals" to defend our organizations, says Zouhair Guelzim, CISO, L'Oréal Americas.
Aside from the many benefits native apps provide, enterprises face challenges they need to deal with to make sure they aren't exposed to the new security risks native apps introduce.
When it comes to healthcare security, if you think compliance is the only thing you need to worry about, think again.
On the whole, the recent steps taken by government are thoughtful and meaningful - and the attention to cybersecurity is overdue. But will they be enough?
One of Canada's intelligence agencies has been secretly monitoring file downloads across the world for years.
Canada's companies are ill-prepared to meet modern cybersecurity challenges, according to a survey by the Ponemon Institute.
If we can't stop breaches, then let's remove the incentive for hacking by devaluing the data, especially Social Security Numbers.
The Canadian government has introduced Bill C-51, an 'anti-terror' bill that will broaden the surveillance powers of government agencies.
How can security pros adapt and automate their own processes to support DevOps without the business being eaten alive from non-compliance, hacks and exposures?
The amount of information stored in our medical records creates a ripe environment for security breaches. The health care sector is in search of information security analysts.
In this month's issue we get to know more about Kristi Carrier and her role as the Quality Auditor at Nuspire Networks.
The increasing prevalence of mobile applications is exposing new security holes for businesses.
Enterprises are finding new ways to solve problems and extract value from data.
Every enterprise is susceptible to a breach, unless something changes, says Craig Shumard, principal of Shumard and Associates.
It's important to look at a few other practical takeaways from the headline-grabbing Sony attack.
Streamline your incident plan with clear IT security operational definitions and develop a detailed inventory of every asset within your network, says ViJay Viswanathan, CISO, HD Supply.
Psychological acceptability may not sound like a term that'll hold much significance for the future of secure file sharing, but don't sell it short.
Consider the main learning points from this event and count yourself lucky that you can learn at Sony Picture Entertainment's massive expense.
These two areas of the security space are sure to bring in some interesting changes in the new year.
Many states have laws today that require corporations and government agencies to notify consumers in the event of a breach - but it is not enough.
The wolf isn't at your door, it's inside. Ignorance is definitely not bliss. Just ask any of the regulatory agencies.
While most agree that corporate security needs to improve, a question still remains: Even with best practices in place, could the Sony debacle have been prevented?
With the growing connectedness of all things great and small, the need for trusted identities will take center stage in 2015.
It is now up to banks to self-regulate themselves or continue to deal with the pressing questions of concerned officials like Benjamin Lawsky.
2014 taught us that organizations cannot rest on their laurels. Security team needs to be in a state of hypervigilance. This is precisely why developing and implementing a proactive security plan will be a critical component of 2015 IT priorities.
As we predicted around this time last year, 2014 has seen more high-profile targeted attacks with motivations of stealing information. Here's what could be in store this year.
It was a tumultuous year with several interesting developments in computer security and the lack thereof.
Attackers are moving away from a "smash and grab" theft of credit card numbers towards the benefits accessible by waiting for "interesting" data.
In 2015, we will see the rise of targeted defensive security solutions that are accurate, scalable and lack the need for the coddling hand of security experts.
While we can expect to see the return of some of the issues we faced in 2014, there are still a number of new threats that we need to be aware of in the year to come.
We still need more education in place, especially when it comes to building awareness of cyber hygiene among the general public.
Security teams must spend 2015 preparing for a world of wearable, portable, smart tech that is as promiscuous in its data sharing as it is varied in its form factor.
A year of continuousl breach and surveillance headlines shook both enterprise and consumer confidences and is driving more urgent security discussions.
Big Data just keeps on getting bigger and bigger. It's almost like Moore's Law. And...it has a domino effect.
This holiday shopping season, many retailers have two goals in mind - make record-breaking sales and don't get breached.
Burden of proof should grow heavier as request for access grows more sensitive.
2015 is setup to be one of the most dangerous years for not only your PC but also your mobile devices and cloud storage.
Based on the course of events that we've seen over the last year, and how the market is responding, here are some of the security trends that we will see over the coming 12 months.
From Heartbleed to WireLurker, we certainly had our hands full. Here are some other trends from 2014 and predictions for the coming year.
As we approach the time of year when all the security gurus bring out their crystal balls, we should also focus on the improvements made in 2014.
Part of my role requires me to ask questions that an auditor might. This is especially true when it comes to compliance, why it matters, and how it makes a difference.
Cooperation is required to advance the profession, says Towerwall's Candy Alexander.
Experts debate whether or not organizations should consider hiring hackers with a criminal past.
For this year's annual Reboot edition, we took the opportunity to look back not just on the last 12 months, but the last 25 years SC has been entrenched in the information security space.
The reality of ubiquitous reliance on ICT has given rise to the criticality of cyber security, says Cisco CSO Edna Conway.
Should we rush out signatures for this latest version of malware, or should we take a step back and figure out how to focus our technology and security operations around identifying attackers before they wreak such havoc?
Network security today has similar defensive problems to those posed to American Colonial population centers. Here's why...
As hackers become more advanced, our security methods also have to evolve and become more secure so that we aren't just giving our information away.
Sign up to our newsletters
SC Magazine Articles
- U.S., China agree to cybersecurity code of conduct
- APT group exploits Adobe Flash Player zero-day in phishing operation
- Dridex banking malware spreading through new spam campaign
- Targeted attacks rise, cyber attackers spreading through networks, report says
- COA Network breached, all customer data treated as potentially compromised
- 'MEDJACK' tactic allows cyber criminals to enter healthcare networks undetected
- Samsung devices, including Galaxy S6, vulnerable to remote code execution
- Study: Organizations taking months to remediate vulnerabilities
- U.S., China agree to cybersecurity code of conduct
- Suspicious activity on LastPass network, data compromised