Organizations still use low levels or no automation of key security and incident response tasks
Most organizations understand that automation is the path to achieve optimal workflows in the face of staff shortages and alert fatigue. Yet, 59% of the D3 Security 2019 …
How metrics can enhance the effectiveness of security programs
For anyone responsible for maintaining their organization’s security posture, the findings from the SANS 2018 Security Operations Center (SOC) Survey should come as no …
Security concerns around the rapidly growing use of the Industrial Internet of Things
Organisations hold disparate and unrealistic views on protecting the Industrial Internet of Things (IIoT), in which endpoints are considered to be the most vulnerable aspects, …
Endpoint security automation a top priority for IT pros
A new SANS Institute report found that automating endpoint detection and response processes is the top priority for IT professionals trying to put actionable controls around …
Exploring the maturity of corporate security awareness programs
Cyber security awareness programs are beginning to gain ground among businesses, but many of the professionals responsible for their implementation are challenged by a lack of …
Most dangerous attack techniques, and what’s coming next
Experts from SANS presented the five most dangerous new cyber attack techniques in their annual RSA Conference 2018 keynote session in San Francisco, and shared their views on …
Data-driven analysis of vulnerabilities in real-world OT networks
Operational Technology (OT) networks are ripe targets for adversaries, whose motives range from criminal intent to operational disruption and even threats to human and …
XPCTRA financial malware leaves no stone unturned
A Trojan that has previously been only stealing users’ banking credentials has been modified to do much more than that. This new variant, dubbed XPCTRA, can also steal …
Insider threats and ransomware are most feared, followed by DDoS attacks
A new SANS survey found that ransomware, insider threats and denial of service are considered the top three threats organizations face when it comes to securing sensitive …
Attackers turn to auto-updating links instead of macros to deliver malware
SANS ISC handler Xavier Mertens has flagged and analyzed a malicious Word file that, somehow, is made to automatically download an additional malicious RTF file, ultimately …
Most damaging threat vector for companies? Malicious insiders
According to a new SANS survey, 40 percent of respondents rated malicious insiders (insiders who intentionally do harm) as the most damaging threat vector their companies …
Every organization is only one click away from a potential compromise
Information security staffs are so single-minded about defending their organizations from external attack that they all but ignore a threat with vastly greater potential for …
Featured news
Resources
Don't miss
- June 2025 Patch Tuesday forecast: Second time is the charm?
- Why IAM should be the starting point for AI-driven cybersecurity
- Protecting patient data starts with knowing where it’s stored
- Ransomware and USB attacks are hammering OT systems
- Meta open-sources AI tool to automatically classify sensitive documents