Latest

►

Cybersecurity

API-Centric Automated Attacks on the Rise

Varun Haran  •  March 25, 2019

CloudEntity CEO Nathaniel Coffing shares insight on building foundational API security in a zero-trust world.

►

Cybersecurity

CrowdStrike's 2019 Global Threat Report

Tom Field  •  March 25, 2019

CrowdStrike is out with its 2019 Global Threat Report, which includes a ranking of the most dangerous nation-state adversaries. The company's CTO, Dmitri Alperovitch, discusses the report's key findings about threats and threat actors.

►

DevSecOps

Why Security for DevOps Is Lagging

Mathew J. Schwartz  •  March 25, 2019

Many large organizations are app developers, and individuals are increasingly using apps to access computing resources. But the age-old problem of code not being reviewed for flaws at every stage of testing and production continues, warns Joseph Feiman of WhiteHat Security.

Cybercrime

LockerGoga Ransomware Suspected in Two More Attacks

Scott Ferguson  •  March 25, 2019

A pair of U.S. chemical manufacturing companies have reportedly been struck by the LockerGoga ransomware over the past month and continue to recover from the same cyberattack that took down part of Aluminum giant Norsk Hydro last week.

►

Cybersecurity

Technology's Role in Digital Risk Management

Tom Field  •  March 25, 2019

As enterprises embrace strategies built around digital risk management, it isn't that technology becomes a less important conversation. Instead, it's more strategic. Zulfikar Ramzan, CTO of RSA, outline's technology's role in the business path forward.

►

Cybersecurity

The Dark Side of Cybersecurity: Burnout

Mathew J. Schwartz  •  March 25, 2019

Call to action: Information security teams should "include mental health topics in their team meetings, their management reports and metrics, as well as face to face meetings," says to Thom Langford, head of security consultancy (TL)2, speaking from experience.

►

Authentication

Gaining Visibility and Control Over Passwords

Nick Holland  •  March 25, 2019

Passwords are still a persistent security threat, given their ubiquity as a form of authentication and the inability of users to create strong, unique passwords. John Bennet of LogMeIn discusses the issue and solutions.

►

Cybersecurity

Threat Watch: Phishing, Social Engineering Continue

Mathew J. Schwartz  •  March 25, 2019

Reviewing 2018 attacks, Jon Clay of Trend Micro, says social engineering persists, including phishing attacks, while criminals also continue to steal credentials, lob ransomware at targets and push cryptomining malware.

►

Application Security

Application Security and the Focus on Software Integrity

Tom Field  •  March 25, 2019

As trends such as DevSecOps and agile application development spread, enterprises increasingly are focused on software integrity. Andreas Kuehlmann of Synopsys discusses how to address this shift.

Data Breach

FEMA Exposed 2.3 Million Disaster Victims' Private Data

Jeremy Kirk  •  March 25, 2019

Victims of hurricanes, wildfires and other disasters now face a second hit: The U.S. Federal Emergency Management Agency inadvertently shared 2.3 million disaster survivors' personal data of with an agency contractor, leaving victims at increased risk from fraud and identity theft.

►

Cybersecurity

3 Hot Legal Topics at RSA Conference 2019

Mathew J. Schwartz  •  March 25, 2019

What's hot on the cybersecurity legal front? For starters, in 2018, the U.S. Department of Justice indicted twice as many alleged state-sponsored attackers than it had ever indicted, says Kimberly Peretti of Alston & Bird.

►

Education

Stepping Up to the Board

Tom Field  •  March 25, 2019

Cybersecurity leaders hear a lot about speaking to the board. But increasingly, these leaders are also tapped to serve on boards of directors. What business skills are most needed and often lacking? Executive recruiter Joyce Brocaglia of Alta Associates and the Executive Women's Forum explains.