Fighting ransomware with network segmentation as a path to resiliency

Recent cybersecurity events involving the use of ransomware (WannaCry and similar variants) represent the latest examples highlighting the need for organizations to not only take an initial hit, but survive, adapt, and endure. In other words, be resilient. All too often, our community is a witness to any number of similar events where an initial breach […]

Hardcoded admin passwords in Cisco DNA Center could put your enterprise network at risk

Cisco released a list of 16 security advisories on May 16, including three critical flaws in the Cisco Digital Network Architecture (DNA) Center that rated a 10/10 on the CVSS (Common Vulnerability Scoring System) scale. The three critical flaws all give attackers elevated privileges that can compromise the entirety of the DNA Center but go about it in very different ways. […]

Relying on legacy security technologies leaves you blind to IoT threats

As shadow IoT infiltrate organizations, the variety of risks and threats stemming from these devices put networks and data at risk, according to 802 Secure. IoT and IIoT (Industrial IoT) introduce new IoT networks autonomous from the enterprise network. Organizations are blind to these IoT networks and devices across a plethora of new protocols and frequencies. “While most organizations prepare […]

Insider threat blind spot enables employee revenge attacks

Based on threat assessments from global organizations in public and private sector industries, Dtex Systems determined there are active insider threats in all assessed organizations. This is clear proof that none have been able to eliminate the insider threat blind spot. Failure to gain visibility is allowing malicious and negligent employees to engage in undetected high-risk activities […]

Enterprise vulnerability management as effective as ‘random chance’

The enterprise is not up to speed when it comes to cybersecurity remediation strategies, it seems. According to a new report by Kenna Security and the Cyentia Institute, a lack of planning and structure in patch management, vulnerability fixes, and cybersecurity risk management has led to cybersecurity strategies which are based on chance and luck, rather […]

Hackers can jump from passenger Wi-Fi to train control networks

Setting up a Wi-Fi network for passengers to use is practically a must for railway companies these days. Unfortunately, that welcome add-on for travelers can become a means for attackers to gain access to other networks and systems. To those skeptical about these possibility, Pen Test Partners researcher Ken Munro shared the results of his colleagues’ most recent […]

Exposing the threat of shadow devices

Infoblox announced new research that exposes the significant threat posed by shadow devices on enterprise networks. Researchers found that enterprise networks across the US, UK and Germany have thousands of shadow personal devices – such as laptops, kindles and mobile phones – and IoT devices – such as digital assistants and smart kitchen appliances – connecting to their network. […]

Security governance framework: How to facilitate management involvement

Boards of directors and management are increasingly involved in the oversight and governance of information security. The time when security was the prerogative of a technical team and the security officer reported only inside IT seems definitively over. Regulations, new business models and digital transformation have put information security at the heart of strategic decisions. […]

Too many IT pros ignore critical security issues

A recent Outpost24 survey of 155 IT professionals, which revealed that 42 percent ignore critical security issues when they don’t know how to fix them (16 percent) or don’t have the time to address them (26 percent). The survey, which was carried out at the RSA Conference in April 2018, also asked respondents what area of their […]

Are SMBs driving the adoption of security automation by enterprises?

If you tracked the lifecycle of new security technologies, you’d likely see that most start as enterprise solutions and eventually trickle down to small and medium-sized businesses (SMBs). You could probably guess why new security technology flows in this direction. For one thing, enterprises typically have more financial and human resources, and can afford to develop […]