Expert analysis
Are we chasing the wrong zero days?
Zero days became part of mainstream security after the world found out that Stuxnet malware was used to inflict physical damage on an Iranian nuclear facility. After the …
For recent big data software vulnerabilities, botnets and coin mining are just the beginning
The phrase “with great power comes great responsibility” was excellent advice when Ben Parker said it to his nephew Peter, aka Spiderman. It is even more …
Don’t accept risk with a pocket veto
We who live risk management know there are four responses when confronted with a credible risk to our organizations. We can treat the risk to reduce it. We can avoid the risk …
Conficker: A 10-year retrospective on a legendary worm
This November marked the 10-year anniversary of Conficker, a fast-spreading worm targeting Microsoft systems that went on to claim one of the highest levels of infection in …
The holiday season and cybercrime: 8 ways to protect yourself
The holiday season has become an unbridled online spending extravaganza, and threat actors have taken notice. For shoppers, what starts out as an attempt to fulfill their …
Privacy laws do not understand human error
In a world of increasingly punitive regulations like GDPR, the combination of unstructured data and human error represents one of the greatest risks an organization faces. …
What mid-market security budgets will look like in 2019
As 2018 draws to a close, IT and security pros around the country will greet the arrival of budget season with a collective sigh. Negotiating for IT budgets at small or …
Implications of the NIS Directive for the industrial sector
On July 6, 2018 the NIS (Network and Information System) Directive was enacted as the first EU-wide legislation that provides measures to boost security across the region. …
Round two: Microsoft prepares to release Windows 10 October 2018 Update… again!
Thanksgiving comes early this year, but the Microsoft Windows 10 October 2018 Update is coming late. Should we be thankful? Let’s revisit the short history of this release, …
Five key considerations when developing a Security Operations Center
Ensuring access to a reliable feed of threat intelligence through a security operations center (SOC) is an essential element of many organization’s security strategy today. …
DevOps and security: How to make disjointed security and DevOps teams work effectively
As organizations build their “software factories”, leveraging the latest DevOps organizational models and CD/CI techniques to get applications out quickly, they still find …
Countering threats: Steps to take when developing APIs
High profile data breaches resulting from faulty APIs continue to make headlines. In the last few months alone, T-Mobile’s data breach resulted in hackers stealing personal …