Why Enterprise Security Is A Matter Of Policy

Ever since the first firewalls were deployed on business networks in the early 1990s, enterprise security goals haven’t really changed:  keep the bad guys out, and ensure that only authorized users and software are allowed to communicate over approved network paths.  Sounds simple enough, right?  And in those early days, those goals were relatively easy […]

Security Leaders Must Adjust Cybersecurity Budgets to Effectively Address 2018 Cyber Threats

The natural trend in the cybersecurity industry is that spending money means you’re more secure; however, this isn’t always the case. While cybersecurity budgets will continue to increase in 2018, they will be increasingly focused on areas that will be most effective. We have observed over recent years most exploits lead back to unpatched or […]

Why Third-Party Security is your Security

Depending on third parties is inescapable. Every organization needs software, hardware, Internet connectivity, power, and buildings. It’s unlikely they’re going to do all those things themselves. That means that organizations must be dependent on others outside themselves. With that dependence comes risk. Managing third-party risk isn’t just a good idea, in many cases, it’s the […]

Most Retailers Haven’t Fully Tested Their Breach Response Plans

Nearly 75% of IT security professionals from the retail industry say their companies do not have a fully tested plan to address a security breach, according to a Tripwire report today. Some 28% of survey respondents do have a fully tested breach plan, while 21% lack a plan altogether, the report notes. Read more about […]

Cyberattack: It Can’t Happen to Us (Until It Does)

When well-known organizations are hit by a cybersecurity breach, it becomes front-page and top-of-the-hour news, because these cases affect tens of millions of consumers. But just because your small or medium-sized business doesn’t have tens of millions of customers, or the name recognition of a Target or a Yahoo, doesn’t mean you’re immune to becoming […]

What’s on the horizon for security and risk management leaders?

By 2022, cybersecurity ratings will become as important as credit ratings when assessing the risk of business relationships, Gartner analysts believe. They also predict that, by 2020, 60% of organizations engaging in M&A (mergers and acquisitions) activity will consider cybersecurity posture as a critical factor in their due diligence process. Read more about the Gartner predictions for […]

What is a supply chain attack? Why you should be wary of third-party providers

A supply chain attack, also called a value-chain or third-party attack, occurs when someone infiltrates your system through an outside partner or provider with access to your systems and data. This has dramatically changes the attack surface of the typical enterprise in the past few years, with more suppliers and service providers touching sensitive data […]

5 computer security facts that surprise most people

In an insightful opinion article, CSO columnist Roger A. Grimes identifies 5 computer security facts as the causes behind a lot of computer security risk and exploits. Read what these 5 facts are and why Roger A. Grimes thinks that if you understand them well enough today, you will be ahead of your peers on CSO.

Security: Making yourself a hard target for hackers is easier than you think

We seem to be in the grip of a data breach epidemic. Whether it’s big businesses falling victim to cyber espionage campaigns, workers foolishly handing over their credentials in reply to phishing emails from fraudsters or just consumers getting their PCs infected with malware there are security threats everywhere. But the reality is that it […]

To protect your network, you must first know your network

A sobering statistic regarding commonly used security controls was highlighted in a recent report. “Software and hardware inventory and valuation” was the least cited control, with only 16% of CISOs leveraging it. Some may consider inventory an IT responsibility, not a security responsibility, but this is a serious oversight according to Ray Pompon, Principal Threat Researcher […]