cyber risk
Where is attack surface management headed?
Reactive cyber defense is a losing strategy. It’s something that’s been tolerated for many decades, but isn’t it more cost-effective, better for the brand, and more optimal to …
Why cyber security can’t just say “no“
There was a time, not long ago, when there were only so many ways of accomplishing an information technology task. Whether you were building a website, setting up a new …
The SaaS-to-SaaS supply chain is a wild, wild mess
Cloud migration and IT democratization have created a continuously growing network of interconnected business applications, integrated to digitize and automate business …
Why are DDoS attacks so easy to launch and so hard to defend against?
DDoS attacks are an underappreciated residual risk for most organizations today. While most people are concerned about ransomware, it typically takes a ransomware attacks …
Ransomware works fast, you need to be faster to counter it
Since the pandemic hit and organizations had to quickly adjust to widespread remote work and stand up hybrid environments, ransomware gangs have been having a field day. In …
Password reuse is rampant among Fortune 1000 employees
SpyCloud published an annual analysis of identity exposure among employees of Fortune 1000 companies in key sectors such as technology, finance, retail and telecommunications. …
How to set up a powerful insider threat program
Security spend continues to focus on external threats despite threats often coming from within the organization. A recent Imperva report (by Forrester Research) found only 18 …
Data centers on steel wheels: Can we trust the safety of the railway infrastructure?
In this interview for Help Net Security, Dimitri van Zantvliet Rozemeijer, CISO at Nederlandse Spoorwegen (Dutch Railways), talks about railway cybersecurity and the …
NIST updates guidance for cybersecurity supply chain risk management
The National Institute of Standards and Technology (NIST) has updated its guidance document for helping organizations identify, assess and respond to cybersecurity risks …
Nothing personal: Training employees to identify a spear phishing attack
Phishing attacks began years ago as simple spam, designed to trick recipients into visiting sites and becoming customers. In the meantime, they have morphed into a worldwide …
Tackling the threats posed by shadow IT
While remote technologies have allowed businesses to shift their workforces online, this flexibility has created a swathe of challenges for IT teams who must provide a robust …
How to avoid security blind spots when logging and monitoring
Cybersecurity involves a balancing act between risk aversion and risk tolerance. Going too far to either extreme may increase cost and complexity, or worse: cause the …
Featured news
Resources
Don't miss
- Mastering the cybersecurity tightrope of protection, detection, and response
- PRevent: Open-source tool to detect malicious code in pull requests
- Darcula allows tech-illiterate crooks to create, deploy DIY phishing kits targeting any brand
- Hackers pose as employers to steal crypto, login credentials
- Unknown and unsecured: The risks of poor asset visibility