Information security programs continue to rely not just on security policies, but also the controls that ensure they get enforced. Unfortunately, such controls begin degrading the moment they're put in place, sometimes rapidly, says Josh Mayfield, director of security strategy at Absolute Software.
Every security leader wants visibility into the potential attack surface. But that surface is changing in vast new ways, owing to the cloud and connected devices. Mario Vuksan of ReversingLabs defines what visibility truly means today.
Security incidents often result in damage, regardless of an organization's size. But for small and midsize firms, which often lack robust security defenses, the damage may be so severe that it means not only disruption but also the end of the business, says Vince Steckler of Avast.
Making data security as people-centric as possible by applying strong risk-based controls is the only way organizations can best secure data while also enabling employees to do their jobs, says Tony Pepper of Egress Software Technologies.
Four business sectors - hospitals, banks, securities firms and market infrastructure providers - potentially face the most significant financial impact from cyberattacks that could lead to a weakened credit profile, according to a new report from Moody's Investors Service.
An "authorized third party" exposed a Dow Jones database with more than 2.4 million records of risky businesses and individuals on a public server without password protection. The incident points to the importance of proper vendor risk management, security experts say.
Windows, MacOS and Linux operating systems don't sufficiently protect memory, making it possible for a fake network card to sniff banking credentials, encryption keys and private files, according to new research. Fixes are in the pipeline, but caution should be used before connecting to peripherals in public areas.
Senator Mark Warner, D-Va., has sent letters to four federal agencies and 12 healthcare associations posing long lists of questions as a prelude to developing short-term and long-term strategies for improving healthcare cybersecurity.
Unlike other business disciplines (CRM, ERP, HR), cybersecurity lacks clear business metrics that help frame decision-making in language the C-suite and board easily understand. To evaluate which metrics matter most, Tenable commissioned Ponemon Institute to study the effects of cyber risk on business operations. The...
Tenable Research's analysis shows that how the race begins is a key indicator of how it will end. But, security teams have the power to reclaim the advantage by developing a risk-centric mindset and more agile vulnerability management.
Download the report now to:
Find out more about Tenable Research's analysis of...
A misconfigured database at UW Medicine in Washington state that left patient data exposed on the internet for several weeks resulted in a breach affecting almost 1 million individuals. Why are breaches caused by such misconfigurations so common?
Good news for many victims of GandCrab: There's a new, free decryptor available from the No More Ransom portal that will unlock systems that have been crypto-locked by the latest version of the notorious, widespread ransomware. But the ransomware gang appears to already be prepping a new version.
This Gartner report charts your course to the future of information security with Gartner's "continuous adaptive risk and trust assessment" (CARTA) as your guide.
This reports highlights a need for security and risk management leaders to embrace a strategic approach where security is adaptive, everywhere, all the...
The internet is composed of a series of networks built on trust. But they can be abused due to weaknesses in older protocols, such as Border Gateway Protocol and the Domain Name System, which were not designed to be secure and are now being abused for online crime and espionage.