7 steps security leaders can take to deal with Spectre and Meltdown
Security and risk management leaders must take a pragmatic and risk-based approach to the ongoing threats posed by an entirely new class of vulnerabilities, according to …
Why do we need a risk-based approach to authentication?
20 years ago, everyone worked at a desktop workstation hardwired into an office building. This made network security simple and organizations felt they could depend on the …
Love letters from a Black Hat to all the fools on the Internet
As an underground, “black hat” hacker, I don’t have time for significant others. I’m too busy earning stacks of cash to improve my Bitcoin mining rigs …
Tackling the insider threat: Where to start?
Many organizations still believe the definition of an insider threat is limited to a rogue employee purposefully leaking embarrassing information, or nuking a couple of …
Why developing an internal cybersecurity culture is essential for organizations
ENISA published a report providing organisations with practical tools and guidance to develop and maintain an internal cybersecurity culture. Understanding the dynamics of …
7 steps for getting your organization GDPR-ready
While the EU has had long established data protection standards and rules, its regulators haven’t truly commanded compliance until now. Under the General Data Protection …
Groundhog Day: Third-party cyber risk edition
Over the past four years, I’ve had countless conversations with hundreds of companies around third-party cyber risk issues. It’s been my personal Groundhog Day, so …
The future of smartphone security: Hardware isolation
Mobile spyware has become increasingly more ubiquitous in corporate networks and devices. In a 2017 study, Check Point has found that out of the 850 organizations that they …
Building a coping mechanism for data breaches
Data breaches may be daily news, but they will always be a significant worry for business stakeholders. It is the IT team, however, that have to deal with the technical side …
Achieving zero false positives with intelligent deception
Cyber attacks are not single events. When attackers compromise an asset, they don’t know which asset is infected. They must determine where they are in the network, the …
What is a security data lake?
The concepts of the data lake and the specialized security data lake are relatively new. While data lakes have a bit of a head start in adoption – largely among data science …
It’s time to get serious about email security
In today’s hyper-connected world, email is the foundation of every organization’s collaboration, productivity, and character. And despite annual rumors of its demise, there’s …
Featured news
Resources
Don't miss
- Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)
- Building a reasonable cyber defense program
- Attackers are probing Palo Alto Networks GlobalProtect portals
- Why global tensions are a cybersecurity problem for every business
- How to build an effective cybersecurity simulation