While enterprises rebuild or upgrade their security programs, they must guard against over emphasizing technology investments while neglecting staffing issues, says Ben Johnson, chief security strategist at Carbon Black.
There's often a dangerous trade-off made between convenience and security. That's illustrated no better than by a recent issue patched by Microsoft. It's an attack so devilishly smooth that it's a wonder hackers had not figured it out before.
The Obama administration has unveiled a federal cybersecurity workforce strategy that calls for identifying, recruiting, developing, retaining and expanding "the best, brightest and most diverse cybersecurity talent" for federal service. But are those goals realistic?
The release this week by the PCI Security Standards Council of a new PCI compliance resource for small merchants is being lauded by the banking and payments community. But how effective will the resource be at actually convincing merchants to move forward with PCI compliance?
Interbank messaging service SWIFT will begin collecting and sharing anonymized attack information and offering incident-response services - backed by Fox-IT and BAE Systems - to help hacked banks. But will financial institutions buy in?
As many as 250,000 credentials for Remote Desktop Protocol servers around the world may have been offered for sale on the now-shuttered xDedic cybercrime marketplace. So what can organizations do to mitigate related risks and avoid a major network intrusion?
While PCI compliance is a priority for many U.S. retailers, some major companies in Australia say they'd rather forego the cost of compliance and risk the possibility of steep fines if a card breach occurs.
The section chief of the FBI's Cyber Division says "the FBI does not condone payment of ransom," in part because it enables criminals to victimize others. Instead, the bureau continues to urge all potential victims to get their IT house in order.
Revelation of 321 attempts to place ransomware on federal government computers in the second half of last year raises a number of questions about the effectiveness of the Einstein intrusion detection and prevention system as well as how the government responds to such attacks.
Advanced attacks are out, while persistent, relatively simple attacks are in. Despite all of the APT hype in recent years, cybercriminals, and especially nation-state attackers, prefer to keep things simple. Information security experts explain why.
It's springtime in San Francisco: cue the annual RSA Conference. Here are some notable trends that have already emerged from the event, ranging from ransomware and phishing attacks to hacker self-promotion and Facebook fakery.
The trend across industries is that automation results in a drastic reduction of operational job roles, even as it brings in economies of efficiency. What then does automation in security mean for the profession?
It's the ultimate challenge for government agencies: How can they be both secure and compliant - especially when operating in a hybrid cloud environment? Trend Micro's Ed Cabrera offers insight into the unique challenges and emerging solutions.
Mobility and IoT are acknowledged by security practitioners to be a whole different beast when it comes to management. MetricStream's French Caldwell says that GRC likewise needs to change its paradigm to accommodate this disruption.
How many networking vendors - like Juniper - have been selling devices with backdoors attackers could use to intercept and decrypt communications? Some networking giants say they've launched code reviews. But why are eight vendors staying silent?