May 9, 2018
View our on-demand webinar to learn why you need to devote resources to threat hunting and compromise assessments, whether it’s through dedicated teams or third-party services.
Lynn Shiang, deltarisk.com, May 3, 2018
A new Chief Information Security Officer (CISO) starting the first day on the job has many challenges to juggle – navigating infrastructure complexity, keeping up with ever-changing compliance and regulatory requirements, working through team skills shortages, and overcoming inadequate funding. In April, the Ponemon Institute surveyed more than 500 CISOs to assess their level of preparedness for a data breach.
Help Net Security Staff, helpnetsecurity.com, May 2, 2018
Data shows that over 90% of enterprises are concerned about data and application security in public clouds, while nearly 60% of respondents reported that public cloud environments make it more difficult to obtain visibility into data traffic. 87% of enterprises had also suffered downtime of an hour or more during their last network outage, which according to Gartner, can cost a company as much as $5,600 per minute, as well as impact customer satisfaction.
Dan Patterson, techrepublic.com, May 9, 2018
Karen Schuler, head of data and information governance for BDO USA, talked with TechRepublic about her recent report detailing how the GDPR will change the way companies approach data.
Anshu Sharma, techcrunch.com, May 8, 2018
We are spending a lot of time discussing what happens to data when you explicitly or implicitly share it. But what about data that you have never ever shared? We all share DNA — after all, it seems we are all descendants of a few tribes. But the more closely related you are, the closer the DNA match. While we all know we share 50 percent DNA with siblings, and 25 percent with first cousins — there is still some meaningful match even between distant relatives (depending on the family tree distance).
Ryan Stolte, csoonline.com, April 12, 2018
The National Institute of Standards If you ask a Security Operations Center (SOC) analyst, “What’s your biggest challenge when hunting threats?” The majority will give a response like this, “We have a lot of disparate tools that we need to correlate together to identify what are actual threats vs. false positives and noise.” The problem has plagued SOC analysts for years and is only getting worse as the proliferation of data, and lucrativeness of stealing it continues. Buried in alerts, SOC analysts scramble to manually decipher which ones need immediate attention.
Javvad Malik, infosecurity-magazine.com, May 8, 2018
The Infosec CIA triad of Confidentiality, Integrity, and Availability are just as applicable today as they were many years ago. In recent years, confidentiality has gone out the window as celebrities’ personal photos from their own devices are leaked with reckless abandon; ransomware, or IoT-powered DDoS attacks render information and websites unavailable; and fake ads, news, or trending topics leave you questioning whether anything online has any ounce of integrity. The trifecta effect of bring your own device (BYOD), cloud adoption, and the Internet of Things have forced security teams and security vendors to re-think and re-architect how security is implemented.
Jonathan Greig, fortune.com, May 7, 2018
When the news emerged that Equifax had succumbed to a colossal data breach from mid-May through July of last year, consumers were livid—in part because the ransacking was entirely preventable. Hackers stole 148 million people’s names, Social Security numbers, birthdates, home addresses, and more sensitive information, as of the major credit bureau’s last count in March, and worse yet, it happened two months after software fixes for the vulnerabilities at fault had been made available.
Eduard Kovacs, securityweek.com, May 8, 2018
Cybercriminals have been using a new method to ensure that the URLs included in their phishing emails bypass the Safe Links security feature in Office 365, cloud security company Avanan revealed on Tuesday. Safe Links, offered as part of Microsoft’s Office 365 Advanced Threat Protection (ATP) solution, is designed to protect organizations against malicious links delivered through emails and documents.
Jeremy Wittkop, darkreading.com, May 8, 2018
The expenses and actions typically associated with a cyberattack are not all created equal. Here’s how to explain what’s important to the C-suite and board. There is a lot of research, including Ponemon’s annual Cost of a Data Breach study, which does a good job of quantifying the average cost of each record lost across a large sample of records. Ponemon reasearch also provides some really interesting information related to the difference between direct and indirect costs of a breach across multiple countries. It is a must-read for me every year as soon as it is released.