TRITON Attacker Disrupts ICS Operations, While Botching Attempt to Cause Physical Damage

Cyberattacks that cause physical damage to critical infrastructure—like the Stuxnet campaign that destroyed nearly 1,000 centrifuges at an Iranian uranium enrichment facility in 2010—have been relatively rare because of how difficult they are to carry out. That may be changing. A threat actor with possible nation-state backing recently disrupted operations at a critical infrastructure facility […]

BlueBorne Attack Highlights Flaws in Linux, IoT Security

Popular consumer “smart” products, including Amazon Echo, Google Home, and Samsung’s Gear S3, are dangerously exposed to airborne cyberattacks conducted via Bluetooth. Researchers at IoT security firm Armis earlier this year discovered Blueborne, a new group of airborne attacks. The vulnerabilities let attackers take full control of any device running Linux, or OS derived from Linux, putting […]

Why Hackers Are in Such High Demand, and How They’re Affecting Business Culture

News headlines often focus on the hackers who launch cyber attacks and leak confidential data such as National Security Agency exploits, sensitive political emails, and unreleased HBO programming, but hackers can also affect organizations in positive ways. White hat hackers (as opposed to black hats) increasingly are finding employment in companies as security researchers. From conducting penetration […]

Cybersecurity market slowdown? Not anytime soon

A recent story on CSO highlights the disparity between “information security” (a.k.a. IT security) and “cybersecurity” — namely total spending and market growth. Gartner, the leading IT analyst firm, puts the global “information security” market at $86.4 billion in 2017 and growing by 7 percent to $93 billion in 2018. The Gartner figures, a subset of “cybersecurity,” […]

Examining attitudes towards confidential data

Industry analyst firm Quocirca surveyed 500 IT decision makers in the United States, Canada, United Kingdom, Australia and Japan, examining attitudes towards the value of confidential data including: personally identifiable information (PII), payment card data, intellectual property (IP) and email. Read about the findings of the Quocirca survey on Help Net Security.

Is a Good Offense the Best Defense Against Hackers?

Destruction, loss of data, intellectual property theft, fraud, embezzlement, disruption to business, restoration—globally, the costs of dealing with hacking are staggering. Yet under US law, it’s illegal to attack the hackers back. In February, a Georgia Republican introduced a bill to Congress to give legal protection to hacking victims who “hack back” at attackers. The […]

A few cybersecurity predictions for 2018

Over the past few weeks, dozens of people have reached out to Jon Oltsik, an ESG senior principal analyst and the founder of the firm’s cybersecurity service, with their cybersecurity predictions for 2018. Some prophecies are fairly obvious (ransomware will continue in 2018), while at the other extreme, some people are pushing doomsday forecasts aimed […]

An Effective Cyber Hygiene Program Can Save A Business

According to the 2016 Verizon Data Breach Incident Report, the vast majority of cyberattacks were successful due to individual error. For example, 63 percent of breaches leveraged weak, default, or stolen passwords, and 12 percent of breaches involved clicking on a malicious link or attachment. Left uninhibited, employees will behave how they choose when they are […]

What is identity management? IAM definition, uses, and solutions

Identity and access management, or IAM, in enterprise IT is about defining and managing the roles and access privileges of individual network users and the circumstances in which users are granted (or denied) those privileges. The core objective of IAM systems is one identity per individual. Once that digital identity has been established, it must be […]

8 Steps for Building an IT Security Career Path Program

Cybersecurity professionals are in steep demand, given the projected shortfall of 1.8 million workers by 2022. But organizations can both retain their coveted cybersecurity team members so they don’t get hired away, as well as attract new talent amid competing job offers – by creating a career path program. A majority of companies don’t provide such a […]