On a global scale, cybersecurity is suffering from a severe shortage of experts. What is to be done? Organizations, government, academia and professional associations need to work together to develop a sustainable cyber skills strategy. To date, strategic thinking has largely focused on what to defend and how to defend, but less on who is …
While there is much discussion about the data security and privacy risks created by third parties, another source of risk can be significant but overlooked: that from fourth parties – those vendors that your vendors use – who may be integral players in your mission fulfillment but who are beyond your direct contractual oversight. Because third …
In this podcast recorded at Black Hat USA 2019, Jimmy Graham, Senior Director of Product Management at Qualys, discusses the importance of a tailored patch management process. Security obviously will have some say in a patch management process because a lot of patching is security driven, but patching is beyond just security, there’s …
Despite more than a few decades’ worth of technological advancement and millions of dollars’ worth of research, cyber threats continue to flourish. The situation has been wreaking havoc—and creating financial nightmares—in virtually every industry around the world. In fact, the average cost of a data breach has risen 12% over the past 5 years …
While there is much discussion about the data security and privacy risks created by third …
David and Goliath. The Invasion of Normandy. No matter the generation, we all know some of the …
A newly disclosed vulnerability (CVE-2019-9506) in the Bluetooth Core Specification can be exploited by attackers to intercept and manipulate Bluetooth communications/traffic between two vulnerable devices. Researchers Daniele Antonioli, Nils …
BitSight Enterprise Analytics enables more effective risk management BitSight Enterprise Analytics helps security and risk leaders gain insight into the impact of risk introduced at the organizational group level – from subsidiaries to business …
Emails coming from legitimate, compromised accounts are difficult to spot, both for existing email protection systems and the recipients themselves. Lateral phishing tactics Researchers from Barracuda, UC Berkeley and UC San Diego have studied …
The number of reported breaches has gone up by 54% and the number of exposed records by 52% compared to the first six months of 2018 according to the 2019 MidYear QuickView Data Breach Report, released by Risk Based Security. The research shows …
Cybercrime campaigns and high-profile advanced persistent threat groups are shifting how they target victims and focusing more on intricate relationships with “secure syndicate” partnerships to disguise activity, according to the latest 2019 …
On a global scale, cybersecurity is suffering from a severe shortage of experts. What is to be done? Organizations, government, academia and professional associations need to work together to develop a sustainable cyber skills strategy. To date, …
While digital transformation helps companies work smarter, there is a risk that the ongoing digitization may unlock a host of security vulnerabilities that can cost companies money, time, intellectual property, and customer trust, according to a …
Despite a significantly increased focus on application security testing, remediation rates for vulnerabilities continue to shrink, according to WhiteHat Security. Setu Kulkarni, WhiteHat’s VP of Strategy and Business Development, said, “It is …
Today’s threat environment is complex and dynamic. The internet was built for connectivity, not security, and approaches such as intrusion detection systems, anti-virus programs, and traditional incident response methodologies by themselves are …
ZeroFOX, the leading provider of advanced artificial intelligence-powered digital risk protection, announced the availability of a groundbreaking new Election Protection offering to safeguard political candidates, campaigns, and organizations …
Today’s threat environment is complex and dynamic. The internet was built for connectivity, not security, and approaches such as intrusion detection systems, anti-virus programs, and traditional incident response methodologies by themselves are …
