Third-party security vetting: Do it before you sign a contract

If you’re talking about stopping security risks from an outside vendor already on-board, Jerry Archer says, “You’ve already failed.” Chief security officer for Fannie Mae, Archer contends that risk mitigation should begin before your company closes the deal. That’s why his team has a go or no-go vote for any vendor Fannie Mae brings on. […]

What is a virtual CISO? When and how to hire one

Chief information security officers (CISOs) are highly sought after, to the point where good ones are expensive and hard to come by. So this is a challenge when more and more organizations, reeling in the wake of CISO-less breaches like Target and the UK’s TalkTalk, recognize the value in having one in place. Could an on-demand virtual […]

What Is Strategic Threat Intelligence?

Threat intelligence is a category of intelligence that focuses on information security. As defined by Gartner, it is “evidence-based knowledge…about an existing or emerging menace or hazard…to inform decisions regarding the subject’s response to that menace or hazard.” Essentially, threat intelligence provides you with curated information to inform you about potential malicious activity and helps […]

Beyond Talking the Talk: Building Cybersecurity into a Company’s DNA

Security is constant. It’s fast-paced with a high burnout rate, and many companies continue to struggle with implementing basic security controls. Given the overwhelming reality of resources and time that are already being dedicated to a company’s security strategy, how can organizations begin to build security into a company’s DNA in a realistic way? While […]

Source Defense says it has a fix for the one vulnerability that can compromise almost any website

While most of today’s banks and e-commerce sites have their front doors locked, there’s a side door that many still leave open: connections to third party scripts. ZDNet caught up with Hadar Blutrich, CEO of Israeli startup Source Defense, to hear about the solution that his team has cooked up to take control of these […]

Not all who pay a ransom successfully recover their compromised data

A new report by the CyberEdge Group found that 55 percent of responding organizations were compromised by ransomware in 2017, down from 61 percent in 2016. Respondents who were victimized by ransomware and who elected to pay the ransoms were asked if they successfully recovered their compromised data. Surprisingly, only half confirmed successful data recovery, […]

Privilege Abuse Attacks: 4 Common Scenarios

Privileged account abuse is one of the most dangerous threats because it is relatively easy to execute and takes a long time to detect. The 2017 IBM Cost of Data Breach Study disclosed that organizations lost at least $3.62 million on forensic and investigative activities, remediation and legal expenditures associated with security incidents in 2016. But the […]

Intelligence sharing is crucial in the fight against cybercrime

Malware variants previously focused on the financial sector are now successfully attacking non-banking targets, according to Blueliv. A higher level of collaboration and intelligence-sharing between industries is ever-more crucial in the fight against cybercrime. As the ‘public profile’ of cybercrime continues to increase, enterprises are encouraged to look at how they keep their businesses and […]

Is your defensive security data-driven?

In a nutshell, a data-driven computer security defense is about using a company’s local data from its own experiences to create a more efficient and effective computer security defense. The quickest way to describe it is to compare it to the insurance industry. Every insurance product makes a financial bet that what people are paying […]

How can IoT stakeholders mitigate the risk of life-threatening cyberattacks?

With an estimated 20 billion Internet-connected devices set to appear in our homes and offices by the end of the decade, future cyberattacks will dwarf what we’ve seen to date. These connected devices will feed into fundamental infrastructure we rely on every day: transportation, power plants, medical devices, and supply chains, for example. As cyberattacks move from […]