How metrics can enhance the effectiveness of security programs
For anyone responsible for maintaining their organization’s security posture, the findings from the SANS 2018 Security Operations Center (SOC) Survey should come as no …
SANS
Security concerns around the rapidly growing use of the Industrial Internet of Things
Organisations hold disparate and unrealistic views on protecting the Industrial Internet of Things (IIoT), in which endpoints are considered to be the most vulnerable aspects, …
Endpoint security automation a top priority for IT pros
A new SANS Institute report found that automating endpoint detection and response processes is the top priority for IT professionals trying to put actionable controls around …
Exploring the maturity of corporate security awareness programs
Cyber security awareness programs are beginning to gain ground among businesses, but many of the professionals responsible for their implementation are challenged by a lack of …
Most dangerous attack techniques, and what’s coming next
Experts from SANS presented the five most dangerous new cyber attack techniques in their annual RSA Conference 2018 keynote session in San Francisco, and shared their views on …
Data-driven analysis of vulnerabilities in real-world OT networks
Operational Technology (OT) networks are ripe targets for adversaries, whose motives range from criminal intent to operational disruption and even threats to human and …
XPCTRA financial malware leaves no stone unturned
A Trojan that has previously been only stealing users’ banking credentials has been modified to do much more than that. This new variant, dubbed XPCTRA, can also steal …
Insider threats and ransomware are most feared, followed by DDoS attacks
A new SANS survey found that ransomware, insider threats and denial of service are considered the top three threats organizations face when it comes to securing sensitive …
Attackers turn to auto-updating links instead of macros to deliver malware
SANS ISC handler Xavier Mertens has flagged and analyzed a malicious Word file that, somehow, is made to automatically download an additional malicious RTF file, ultimately …
Most damaging threat vector for companies? Malicious insiders
According to a new SANS survey, 40 percent of respondents rated malicious insiders (insiders who intentionally do harm) as the most damaging threat vector their companies …
