Automated systems: Flag smarter, not everything
Imagine dealing with 1,000s of security alerts a day, whilst simultaneously juggling the tasks that are part of your day-to-day job. Challenging right? This is the current …
Expert Analysis
Lateral phishing makes for dangerous waters, here’s how you can avoid getting caught in the net
As companies and consumers have become more aware of phishing, hackers have refined their techniques and are now launching a more advanced form of attack known as lateral …
The FBI multi-factor authentication notification that should have never been
While reviewing the recent Private Industry Notification from the FBI about using social engineering and technical attacks to circumvent multi-factor authentication, I was …
The password reuse problem is a ticking time bomb
Despite Bill Gates predicting the demise of passwords back in 2004, they are still very much in use. Passwords, like email, seem future proof; but they are also the source of …
When is the right time to red team?
It takes a thief to catch a thief. Despite being hundreds of years old, this idiom holds perfectly true for that most modern of thieves, the cybercriminal. With adversaries …
Believe the hype, but control the threat: Reducing the risk of ransomware
Ransomware is becoming an epidemic for any collection or repository of data. Each day the attacks seem to be getting larger and more lucrative for cybercriminals. According to …
Speeding MTTR when a third-party cloud service is attacked
We all know you can’t stop every malicious attack. Even more troublesome is when an externally sourced element in the cloud – engaged as part of your infrastructure …
November 2019 Patch Tuesday Forecast: Out with the old, in with the new
There are only two more Patch Tuesday’s before the new year, but we already have something new to experience this November. Windows 10 version 1909, named the November 2019 …
What financial records do companies need to keep, and for how long?
Companies generate stacks of documents and managing them correctly is crucial. It can be complicated to balance organizational requirements, employee interests, and legal …
5 factors to consider when choosing an encryption key management system
Data breaches are at an all-time high with 2019 looking to one of the worst on record for data loses. Within the data security battle, encryption is considered to be the gold …
The promise and peril of post quantum computing
In this Help Net Security podcast, Avesta Hojjati, Head of R&D at DigiCert, talks about the security implications of post quantum computing. Here’s a transcript of the …
Defining risk controls that actually work
Previously, we looked at practical ideas for conducting the complex information security risk assessments that all enterprises should regularly perform. The right methodology …