Macs are really no more secure than a PC, but for many years there just weren’t as many out there because of the expense of the hardware and other issues. They've historically been a much less popular choice among both consumers, enterprises, and hackers alike.The PC attack surface is much wider; therefore, criminals develop malware that works on PCs because the payout is much higher. James Plouffe, lead solutions architect at mobile-security company MobileIron, said there are, however, a couple of oft-overlooked things that also protect Macs.First, Plouffe said, "MacOS is actually BSD Unix derivative. Granted, it's heavily customized but this meant that, unlike Windows (which had a long tail of viruses reaching back to the days of MS-DOS), bad actors had a lot more heavy lifting to do to be able to attack macOS."To read this article in full or to leave a comment, please click here
Larger enterprises have the resources to not only afford the technology needed to grow in the digital age, but they also have the budget and manpower to build security into their overall ecosystems.Does the K-12 education sector have the means to do the same? As the use of technology becomes more prevalent in public schools, will collecting more data potentially increase the cybersecurity risks for the K-12 sector?Earlier this fall, the Center for Data Innovation released a report, Building a Data-Driven Education System in the United States, in which they said 93 percent of teachers are regularly using digital tools to assist classroom instruction in some capacity.To read this article in full or to leave a comment, please click here
Larger enterprises have the resources to not only afford the technology needed to grow in the digital age, but they also have the budget and manpower to build security into their overall ecosystems.Does the K-12 education sector have the means to do the same? As the use of technology becomes more prevalent in public schools, will collecting more data potentially increase the cybersecurity risks for the K-12 sector?Earlier this fall, the Center for Data Innovation released a report, Building a Data-Driven Education System in the United States, in which they said 93 percent of teachers are regularly using digital tools to assist classroom instruction in some capacity.To read this article in full or to leave a comment, please click here
While the San Francisco 49ers are leading the NFL in defense, the New Orleans Saints currently hold the number one slot for total offense. In the overall league rankings, though, neither of those two teams rank in the top 10. What's the takeaway? Winning isn't strictly about strong offense or impenetrable defense. NFL league leaders advance to the top because they know how to balance the two; they know how to play the game.To address the growing number of attacks on the US government and private sector systems, President-elect Donald Trump's cybersecurity plan aims to, "Develop the offensive cyber capabilities we need to deter attacks by both state and non-state actors and, if necessary, to respond appropriately."To read this article in full or to leave a comment, please click here
While the San Francisco 49ers are leading the NFL in defense, the New Orleans Saints currently hold the number one slot for total offense. In the overall league rankings, though, neither of those two teams rank in the top 10. What's the takeaway? Winning isn't strictly about strong offense or impenetrable defense. NFL league leaders advance to the top because they know how to balance the two; they know how to play the game.To address the growing number of attacks on the US government and private sector systems, President-elect Donald Trump's cybersecurity plan aims to, "Develop the offensive cyber capabilities we need to deter attacks by both state and non-state actors and, if necessary, to respond appropriately."To read this article in full or to leave a comment, please click here
Depending on the size of the organization, the person who has the most impact on driving security advancement could be a C-level or board member, but non-executive administrators, and sometimes the one man IT/security show is the person paving the path.Whoever it is, every business needs someone who makes security not only a line item on the budget but also a part of the overall culture. More often than not, though, organizations prioritize security for one of two reasons.Josh Feinblum, vice president of information security at Rapid7 said,"Companies that care about security have either a progressive leadership team that believes it is important, or it is a company that has gone through a major event."To read this article in full or to leave a comment, please click here
Depending on the size of the organization, the person who has the most impact on driving security advancement could be a C-level or board member, but non-executive administrators, and sometimes the one man IT/security show is the person paving the path.Whoever it is, every business needs someone who makes security not only a line item on the budget but also a part of the overall culture. More often than not, though, organizations prioritize security for one of two reasons.Josh Feinblum, vice president of information security at Rapid7 said,"Companies that care about security have either a progressive leadership team that believes it is important, or it is a company that has gone through a major event."To read this article in full or to leave a comment, please click here
Since Edward Snowden leaked classified information from the National Security Agency (NSA) in 2013, the FBI and Apple had a public battle around privacy, Shadow Brokers leaked some of the NSA's hacking tools, and Hal Martin, an ex-NSA contractor was arrested for stealing classified information.To read this article in full or to leave a comment, please click here
Since Edward Snowden leaked classified information from the National Security Agency (NSA) in 2013, the FBI and Apple had a public battle around privacy, Shadow Brokers leaked some of the NSA's hacking tools, and Hal Martin, an ex-NSA contractor was arrested for stealing classified information.To read this article in full or to leave a comment, please click here
Big data has proven to be a big asset for corporations who are trying to collect information and make informed business decisions, but if the proper strategies for protecting that data are not in place, the risks to the enterprise can be costly.Earlier this year Cisco reported that worldwide mobile traffic is expected to grow eightfold from 2015 to 2020 reaching 30.6 exabytes, monthly. Planning for that data inflation raises a very important question: “How can organizations ensure their data is an asset and not a liability?” To read this article in full or to leave a comment, please click here
Well, it's 2016, and a few years ago Gartner reported that "By 2016, poor return on equity will drive more than 60 percent of banks worldwide to process the majority of their transactions in the cloud."Enterprises across all sectors are either in the cloud, transitioning to the cloud, or thinking about making the idea of cloud a reality. For those who are preparing to make the move, there are a variety of concerns to consider and plan for in order to make for a smooth transition. In addition to deciding on the right cloud provider and whether to go with a private or a public cloud, CISOs also need to think about implementing solutions for controls on access, encryption, legal and compliance issues.To read this article in full or to leave a comment, please click here
Well, it's 2016, and a few years ago Gartner reported that "By 2016, poor return on equity will drive more than 60 percent of banks worldwide to process the majority of their transactions in the cloud."Enterprises across all sectors are either in the cloud, transitioning to the cloud, or thinking about making the idea of cloud a reality. For those who are preparing to make the move, there are a variety of concerns to consider and plan for in order to make for a smooth transition. In addition to deciding on the right cloud provider and whether to go with a private or a public cloud, CISOs also need to think about implementing solutions for controls on access, encryption, legal and compliance issues.To read this article in full or to leave a comment, please click here
Employees at Axe Investment, the fictional firm of biollionaire Bobby Axelrod in Showtimes new series, Billions, were downright angry when they learned that surprise SEC raid was only a test. Axelrod, though, found the mock raid fruitful as it revealed the internal weak links of his organization.These are metrics that enterprises should be using to evaluate the success of their security awareness programs. In order for awareness training to work, it has to keep everyone in the enterprise, well, aware. A recent Wombat report revealed that in addition to the ever growing problem of phishing, employees across industries struggle with oversharing on social media, unsafe use of WiFi, and company confidential data exposure. Those ubiquitous posts pose serious risks.To read this article in full or to leave a comment, please click here
Easy to access, widely used, and outside of enterprise control, social media sites are gold mines for malicious actors. People share a lot of seemingly innocuous information, which is exactly the kind of data that hackers love to collect and use in phishing or spear phishing campaigns. A recent NopSec 2016 State of Vulnerability Risk Management Report found that organizations use inadequate risk evaluation scoring systems. The report claimed that social media -- which often isn't included in any risk evaluation system -- is now a top platform for cybersecurity.So, what's the correlation between social media and the rise in malware?To read this article in full or to leave a comment, please click here
Reduction in sales and damage to brand are potential bottom line impacts that auto manufacturers need to be concerned about when it comes to security risks and connected cars. According to a newly released IOActivereport , "Commonalities in Vehicle Vulnerabilities", authored by senior security consultant Corey Thuen, "39 percent of vulnerabilities are related to the network. This is a general category that includes all network traffic, such as Ethernet or web."Using security best practices publications to design connected cars can mitigate up to 45 percent of vulnerabilities, yet OBD2 adapters, telematics systems and other embedded devices remain security problems in the modern vehicle.To read this article in full or to leave a comment, please click here
Reduction in sales and damage to brand are potential bottom line impacts that auto manufacturers need to be concerned about when it comes to security risks and connected cars. According to a newly released IOActivereport , "Commonalities in Vehicle Vulnerabilities", authored by senior security consultant Corey Thuen, "39 percent of vulnerabilities are related to the network. This is a general category that includes all network traffic, such as Ethernet or web."Using security best practices publications to design connected cars can mitigate up to 45 percent of vulnerabilities, yet OBD2 adapters, telematics systems and other embedded devices remain security problems in the modern vehicle.To read this article in full or to leave a comment, please click here
While most of the decision makers would likely prefer to hear a simple yes or no when asking if they should pay, nothing in security is simple. By and large, the position of many leaders in the industry is that the ideal situation is not to pay.Security experts across the industry would like to see all enterprises, large and small, be prepared for a hit so that they can recover their data without paying a ransomware fee. The question of whether to pay the ransomware fee is tricky, though, as sometimes organizations are left with no other options.MORE: How to respond to ransomware threats
When asked whether companies should ever pay a ransomware fee, Ryan Manship, security practice director at RedTeam Security said, “The first thing about ransomware is that it’s in many ways like terrorism. The US has a policy not to negotiate with terrorists. Where does that come from? Why does it exist? The reality is, you can’t trust the bad guys. You can’t trust them to do what they say they are going to do, which is to give back access to your data.”To read this article in full or to leave a Continue reading
Because there are so many different kinds of third parties, identifying whether they do or don’t have the right infrastructure or security protocols can be a challenge. Moreover, doing the proper due diligence needed to vet third-party vendors can be costly and time consuming.As so many organizations rely on a variety of different providers, third parties can become the gateways to the network. In order to mitigate the risk of a breach from a third party, enterprises need to design a vetting process and understand the language of the service-level agreemen in order to best evaluate their contracts.[ ALSO ON CSO: How to achieve better third-party security: Let us count the ways ]To read this article in full or to leave a comment, please click here
Because there are so many different kinds of third parties, identifying whether they do or don’t have the right infrastructure or security protocols can be a challenge. Moreover, doing the proper due diligence needed to vet third-party vendors can be costly and time consuming.As so many organizations rely on a variety of different providers, third parties can become the gateways to the network. In order to mitigate the risk of a breach from a third party, enterprises need to design a vetting process and understand the language of the service-level agreemen in order to best evaluate their contracts.[ ALSO ON CSO: How to achieve better third-party security: Let us count the ways ]To read this article in full or to leave a comment, please click here
It is no easy task to secure today's digital enterprise. With all of the irons in the fire of the digital ecosystem, there is a lot that can compromise the corporate website. Both website visitors and Internet users are vulnerable to web-based malware, and it is increasingly more difficult for security practitioners to thwart web-based attacks.Even with the daily occurrence of breaches, some organizations are not thinking about security, especially those enterprises for whom a large percentage of their revenue comes directly through the website. Many companies that do worry about security, think of it in terms of restricting internal users from accessing what might be potentially risky sites.To read this article in full or to leave a comment, please click here