How security theater misses critical gaps in attack surface and what to do about it
Bruce Schneier coined the phrase security theater to describe “security measures that make people feel more secure without doing anything to actually improve their security.” …
How to enforce real-time controls based on behavior risk scoring
For decades, the traditional approach to securing digital assets has been based on using a primary set of credentials, namely a username and password. This binary model …
In uncertain times, CISOs have a golden opportunity
Hackers are targeting everyone and taking advantage of fear, uncertainty, and a 24/7 news cycle that can dwell on a single theme for weeks on end. The victim pool includes …
How does XDR improve enterprise security in the face of evolving threats?
Cybercriminals will never run out of ways to breach the security protocols enterprises put in place. As security systems upgrade their defenses, attackers also level up their …
How can the C-suite support CISOs in improving cybersecurity?
Among the individuals charged with protecting and improving a company’s cybersecurity, the CISO is typically seen as the executive for the job. That said, the shift to …
Plan for change but don’t leave security behind
COVID-19 has upended the way we do all things. In this interview, Mike Bursell, Chief Security Architect at Red Hat, shares his view of which IT security changes are ongoing …
Developing a plan for remote work security? Here are 6 key considerations
With so many organizations switching to a work-from-home model, many are finding security to be increasingly more difficult to administer and maintain. There is an influx of …
Most compliance requirements are completely absurd
Compliance is probably one of the dullest topics in cybersecurity. Let’s be honest, there’s nothing to get excited about because most people view it as a tick-box exercise. It …
Mapping the motives of insider threats
Insider threats can take many forms, from the absent-minded employee failing to follow basic security protocols, to the malicious insider, intentionally seeking to harm your …
Cybersecurity after COVID-19: Securing orgs against the new threat landscape
Picture this: An email comes through, offering new COVID-19 workplace safety protocols, and an employee, worn down by the events of the day or feeling anxious about their …
How to protect yourself from the hidden threat of evasive scripts
Evasion techniques are used by cybercriminals to evade detection, and they are especially prevalent in the context of scripts, which on their own have legitimate uses (e.g., …
September 2020 Patch Tuesday forecast: Back to school?
Another month has passed working from home and September Patch Tuesday is upon us. For most of us here in the US, September usually signals back to school for our children and …
Featured news
Resources
Don't miss
- Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs
- Attackers phish OAuth codes, take over Microsoft 365 accounts
- When confusion becomes a weapon: How cybercriminals exploit economic turmoil
- SWE-agent: Open-source tool uses LLMs to fix issues in GitHub repositories
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433)