How IoT Changes Security

Data Breach Today

Steve Rog of ForeScout Technologies on Improving Security Hygiene The growth of IoT means traditional methods of security are inadequate, says Steve Rog of ForeScout Technologies, who calls for improvements in security hygiene

IoT 208

Supply Chain Security 101: An Expert’s View

Krebs on Security

alongside Tony Sager , senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency. Tony Sager, senior vice president and chief evangelist at the Center for Internet Security.

Google: Security Keys Neutralized Employee Phishing

Krebs on Security

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.

HHS Updates Security Risk Assessment Tool

Data Breach Today

The Department of Health and Human Services has updated its HIPAA security risk assessment tool to better assist small and mid-sized healthcare entities and their vendors in performing a comprehensive risk analysis.

Risk 179

Application Security: What Causes Inertia?

Data Breach Today

Joseph Feiman of WhiteHat Security on the Need for Cultural Change Application security is not improving because about 60 percent of vulnerabilities never get fixed, says Joseph Feiman of WhiteHat Security

Securing the News

Data Breach Today

s Deputy CISO on the Challenge of Ensuring Content Security In this era of "fake news," Time Inc. Time Inc.'s Deputy CISO Preeti Palanisamy takes seriously the challenge of maintaining the integrity of journalism from content creation through production and eventual publication

Security Vulnerabilities in Star Wars

Data Breach Today

A fun video describing some of the many Empire security vulnerabilities in the first Star Wars movie. Happy New Year, everyone. humor securityawareness video vulnerabilities

The Need for Security Collaboration

Data Breach Today

Saba Shariff of Symcor discusses techniques for greater collaboration on security Saba Shariff of Symcor on Improving Anti-Fraud Efforts Today's cybercriminals don't operate in silos, so why do companies?

Cloud Security: Beyond CASB

Data Breach Today

Oracle's Amit Zavery on Taking a Comprehensive Approach Cloud access security brokers are not a panacea for all cloud security problems, says Oracle's Amit Zavery, who advocates an end-to-end approach

Cloud 130

Election Security: Building Public Confidence

Data Breach Today

Suzanne Spaulding, former undersecretary for the Department of Homeland Security, says a key way to ensure public confidence in the security of U.S. elections is to rely on paper ballots for voting or as backups for electronic balloting

Paper 117

When Security Researchers Pose as Cybercrooks, Who Can Tell the Difference?

Krebs on Security

But when these screw-ups are unearthed by security professionals seeking to make a name for themselves, the resulting publicity often can leave the breached organization wishing they’d instead been quietly extorted by anonymous crooks.

Securing Software Automation, Orchestration

Data Breach Today

Seeking better operational efficiency and ROI, many enterprises have begun significant software automation and orchestration efforts without accounting for the inherent security risks they may bring, says Jeffery Kok of CyberArk

Facebook Security Bug Affects 90M Users

Krebs on Security

Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles. In a short blog post published this afternoon, Facebook said hackers have been exploiting a vulnerability in Facebook’s site code that impacted a feature called “View As,” which lets users see how their profile appears to other people.

Completely Outsourced Security: A Bad Idea

Data Breach Today

Organizations can effectively rely on managed security services providers to take care of many tasks, but certain strategic security functions must be handled in-house, says Sid Deshpande, research director at Gartner

The Need to Look Beyond Endpoint Security

Data Breach Today

Kaspersky's Bhayani on Evolving to Predictive Analytics and Response With endpoint security, the fundamental concept was always to detect and prevent.

Allure Security: Protecting Data

Data Breach Today

CEO Mark Jaffe on How to Protect What the Adversaries Really Want Mark Jaffe is less concerned about how adversaries breach networks, but more concerned about how to secure their actual target - critical data. His startup company, Allure Security, intends to help secure that data

Sizing Up Today's Security Gaps

Data Breach Today

Jeff Michael of Lastline Discusses the Current Threat Landscape In many organizations, overworked security analysts are trailing the bad guys in technology and knowledge, and this gap leads to increased risk, says Jeff Michael of Lastline

Risk 130

Hanging Up on Mobile in the Name of Security

Krebs on Security

At the time, AT&T suggested Terpin take advantage of the company’s “extra security” feature — a customer-specified six-digit PIN which is required before any account changes can be made. In this view of security, customer service becomes a customer disservice.

NEW TECH: Critical Start applies ‘zero-trust’ security model to managed security services

The Last Watchdog

That’s where managed security services providers, or MSSPs, come in. The global market for managed security services is expected to rise to $48 billion by 2023, up from $24 billion in 2018, according to ReportLinker. Five years ago, Mauriello was working at a large global credit bureau, managing the credit monitoring giant’s in-house Security Operations Center. He went shopping for a MSSP to come in and help to reinforce certain security functions.

Verifying Vendors' Security Programs

Data Breach Today

Organizations need to carefully assess - and then verify - the data security controls their existing - and prospective - vendors have implemented, says privacy and security expert Rebecca Herold, who offers a range of vendor management tips in an in-depth interview

Tips 115

CEO Fraud: Barriers to Entry Falling, Security Firm Warns

Data Breach Today

Securing Elections

Schneier on Security

They're computers -- often ancient computers running operating systems no longer supported by the manufacturers -- and they don't have any magical security technology that the rest of the industry isn't privy to. We can securely bank online, but can't securely vote online.

The Effectiveness of Publicly Shaming Bad Security

Troy Hunt

Here's how it normally plays out: It all begins when a company pops up online and makes some sort of ludicrous statement related to their security posture, often as part of a discussion on a public social media platform such as Twitter. Security

How Website Security Must Evolve

Data Breach Today

Carlos Pero of Zurich Insurance on Protecting the 'Castle' As a result of cloud computing and the internet of things, the approaches to security for websites must change, says Carlos Pero of Zurich Insurance

Supply Chain Security is the Whole Enchilada, But Who’s Willing to Pay for It?

Krebs on Security

From time to time, there emerge cybersecurity stories of such potential impact that they have the effect of making all other security concerns seem minuscule and trifling by comparison. Congress has held multiple hearings about supply chain security challenges, and the U.S.

IT 223

Network vs. Endpoint Security: Striking the Right Balance

Data Breach Today

With so much focus on endpoint security, it's important not to overlook the importance of network-level security controls, says Lawrence Orans, research vice president at Gartner

Facebook's Massive Security Breach: Everything We Know

WIRED Threat Level

SecurityUp to 50 million Facebook users were affected—and possibly 40 million more—when hackers compromised the social network's systems.

Regulator: Don't Neglect Physical Security of 'Workstations'

Data Breach Today

OCR Alert Offers Insights on Keeping Patient Records Secure Are too many healthcare organizations and their business associates skimping on physical security measures for safeguarding patient records?

Why Automation Is Essential to Cloud Security

Data Breach Today

Microsoft's Diana Kelley Shares Insights on Bridging Cloud Security Gaps Because of the lack of specialists with the skills needed to run security operations in the cloud, intelligent automation is essential, says Microsoft's Diana Kelley

Cloud 130

Building an Effective Enterprisewide Security Program

Data Breach Today

Gregory Wilshusen of the GAO Offers Lessons Learned Identifying the right controls to manage specific risks is a vital component of an enterprisewide security program, say Gregory Wilshusen of the U.S.

Risk 134

Securing IoT: Is It Feasible?

Data Breach Today

In an interview, Al Pascual of Javelin Strategy & Research, discusses the challenges involved in securing the exploding IoT landscape consumers now own about 870 million IoT devices.

IoT 100

Securing Borderless Networks

Data Breach Today

In an age when every organization is essentially borderless, how do security leaders approach securing the borderless network? Paul Martini of iboss Cybersecurity offers insights and solutions

The Case for Model-Driven Security

Data Breach Today

Aetna CSO Jim Routh on Why We Need a Whole New Approach to Cybersecurity Security thought leaders have long called for organizations to shift from a conventional "peacetime" view of cybersecurity to more of a "wartime" mindset.

Security Planner

Schneier on Security

Security Planner is a custom security advice tool from Citizen Lab. Answer a few questions, and it gives you a few simple things you can do to improve your security. I don't see it replacing any of the good security guides out there, but instead augmenting them.

Simplifying Vendor Security Risk Management

Data Breach Today

Why did CISOs at a half-dozen leading healthcare organizations launch a new council aimed at standardizing vendor security risk management? One of those CISOs, John Houston of UPMC, explains why the group was launched, how it will work and why managing cloud vendor risks is a top priority

Risk 100

Improving IoT Security

Data Breach Today

Organizations in all sectors need to strive to adopt a standardized approach for ensuring that security is built into internet of things devices at the design phase, says Vinod Kumar, CEO and managing director at Bangalore-based Subex, a telecom analytics solutions provider

IoT 108

Data-Centric Security and Big Data

Thales Data Security

Enter data-centric security… a set of technologies that lower the value of data through encryption, tokenization, data masking and access control methods. Luckily, data-centric security gives enterprises an effective option for protecting data within a big data environment.

Election Security

Schneier on Security

I joined a letter supporting the Secure Elections Act (S. 2261): The Secure Elections Act strikes a careful balance between state and federal action to secure American voting systems.

Aadhaar Getting Additional Security Layer

Data Breach Today

Security Experts Weigh In To address growing concerns about Aadhaar, the Unique Identification Authority of India, which administers the ID program, is taking two key steps to add a layer of security. Will the New Steps Prove Effective?

The Road to Business-Driven Security

Data Breach Today

Tom Field and Ben Smith of RSA Security reflect on key findings from their recent Executive Roundtable on business-driven security

Numerous OpenEMR Security Flaws Found; Most Patched

Data Breach Today

Breaking Down Legacy Silos in Security

Data Breach Today

Abdallah Zabian of DXC Technologies on Taking a Holistic Approach Security silos persist because stakeholders within the enterprise security ecosystem are focused on their own key performance indicators, says Abdallah Zabian of DXC Technology, who suggests a more holistic approach is needed

Philips, BD Yet Again Issue Medical Device Security Alerts

Data Breach Today

Some security experts say the two companies' transparency about cybersecurity issues - including new alerts issued last week - should be emulated by other manufacturers