Stacy Collett

Author Archives: Stacy Collett

That online job candidate may be carrying a virus

January is the month when employees are most likely to think about changing jobs, according to a survey by Glassdoor. Almost one in five jobseekers cited January as the most popular month to make a move, which means that resumes, cover letters and reference contacts are eagerly shared through social media, email and company websites.Cyber thieves are eager to take advantage of the busy hiring season, too, and they’ve come up with several ways to infiltrate corporate systems. Security pros offer their tips on what to watch out for, and how to stop them.Cyber criminals use LinkedIn and other social media sites to bypass company defenses LinkedIn and other social networks are becoming targets for threat actors since they know it's a great way to bypass company's defenses, according to cybersecurity firm Cylance. LinkedIn is typically a site that is not blocked by network filters to allow HR departments the freedom to communicate with prospective job candidates.To read this article in full or to leave a comment, please click here

How to improve your security grade in 2017

The City of San Diego seems to have all the building blocks in place to make the smart city an exceptionally safe one when it comes to cyber attacks. Deputy director and CISO Gary Hayslip has built out the city’s security operations center, he’s partnering with innovative security vendors and startups, and conferring with law enforcement to keep up with the latest threats. He has the backing of the mayor and city executives, with plenty of funding, and he’s hiring more staff.Yet when asked how he would grade his organization’s ability to detect and mitigate cyber threats, he offered a sobering assessment.“I would probably say about a C+,” Hayslip says. “I’m realistic. There’s a lot of risk out there. We’re dealing with about a million attacks a day on our networks. I’ve got 40 departments, 24 networks and 40,000 endpoints” to protect. As the smart city adds more IoT devices connecting streetlights, stoplights and HVAC systems to the network, the threat surface will only grow.To read this article in full or to leave a comment, please click here

Companies increasingly looking for hackers to attack their networks

The U.S. Army ventured into unfamiliar territory last week, the first day of its “Hack the Army” bug bounty program that challenges dozens of invited hackers to infiltrate its computer networks and find vulnerabilities in select, public-facing Army websites."We're not agile enough to keep up with a number of things that are happening in the tech world and in other places outside the Department of Defense," explained Army Secretary Eric Fanning in announcing the plan in mid-November. "We're looking for new ways of doing business," which includes a break from the past when government avoided working with the hacker community.To read this article in full or to leave a comment, please click here

Companies increasingly looking for hackers to attack their networks

The U.S. Army ventured into unfamiliar territory last week, the first day of its “Hack the Army” bug bounty program that challenges dozens of invited hackers to infiltrate its computer networks and find vulnerabilities in select, public-facing Army websites."We're not agile enough to keep up with a number of things that are happening in the tech world and in other places outside the Department of Defense," explained Army Secretary Eric Fanning in announcing the plan in mid-November. "We're looking for new ways of doing business," which includes a break from the past when government avoided working with the hacker community.To read this article in full or to leave a comment, please click here

Best small to midsized cities to land a cybersecurity job

Looking for a change of scenery in 2017? Image by ThinkstockWhile cybersecurity positions are plentiful in most major cities, thousands of cyber positions at all levels are waiting to be filled in less populated and often more scenic locales – and most offer a lower cost of living.Although larger corporations usually post the most job openings, “you’re most likely to find that you’re working at a smaller company” in these smaller cities, says Tim Herbert, senior vice president of research and market intelligence at CompTIA, the Computing Technology Industry Association. But the tradeoff will be broader responsibilities and more experience, he adds. “In smaller companies you take on more responsibilities with less specialization than in a large enterprise where roles are very well-defined.”To read this article in full or to leave a comment, please click here

Is your IT staff ready for IoT?

The city of Kansas City, Mo., blazed a new technology trail in May when it launched its first streetcar line with public Wi-Fi that spreads across two square miles, covering more than 50 square blocks. It also marked the debut of the city's first-generation smart city corridor for new technologies, many of which will run wirelessly over one of the largest free public Wi-Fi zones in the country.To read this article in full or to leave a comment, please click here(Insider Story)

Rise of the IoT machines

Friday’s distributed denial-of-service attack on domain name service provider Dyn may have seemed like the end of the world for millions of Netflix, Twitter and Spotify users, but security professionals say the service disruption was merely a nuisance attack – although an eye opening one – compared to the potential damage that can be unleashed by billions of unsecure IoT devices.“It’s really just the tip of the iceberg,” says Nicholas Evans, vice president and general manager within the Office of the CTO at Unisys, where he leads its worldwide applied innovation program. “You can grade the threat intensity as the IoT devices become more autonomous, like self-driving cars, or more controllable, like some of factory-type devices that actually manipulate the physical environment. That’s where the real threat is.”To read this article in full or to leave a comment, please click here

Rise of the IoT machines

Friday’s distributed denial-of-service attack on domain name service provider Dyn may have seemed like the end of the world for millions of Netflix, Twitter and Spotify users, but security professionals say the service disruption was merely a nuisance attack – although an eye opening one – compared to the potential damage that can be unleashed by billions of unsecure IoT devices.“It’s really just the tip of the iceberg,” says Nicholas Evans, vice president and general manager within the Office of the CTO at Unisys, where he leads its worldwide applied innovation program. “You can grade the threat intensity as the IoT devices become more autonomous, like self-driving cars, or more controllable, like some of factory-type devices that actually manipulate the physical environment. That’s where the real threat is.”To read this article in full or to leave a comment, please click here

5 ways to better survey IT employees

To keep employees' unhappiness from reaching a tipping point, companies are turning to more frequent surveys to gauge the mood of their staffers, thanks to a slew of new survey and collaboration tools that make pulse-taking easier.To read this article in full or to leave a comment, please click here(Insider Story)

Navigating the muddy waters of enterprise infosec

Executives at Booz Allen Hamilton learned the importance of information security the hard way back in 2011 when the hacker group Anonymous claimed that it had penetrated one of Booz Allen’s servers and had deleted 4GB of source code and released a list of more than 90,000 military email addresses and encrypted passwords.The breached server turned out to be a development environment containing test data, “but that didn’t really matter; it was a wakeup call,” says Michael Waters, director of information security at the consulting firm and government contractor. “It was a pretty unpleasant experience, but it did galvanize substantial investment — both capital and HR — in getting things done. The firm looked around and said, ‘We have been working on this, but we need to put more toward it.’”To read this article in full or to leave a comment, please click here

Five social engineering scams employees still fall for

You’ve trained them. You’ve deployed simulated phishing tests. You’ve reminded your employees countless times with posters and games and emails about avoiding phishing scams. Still, they keep falling for the same ploys they’ve been warned about for years. It’s enough to drive security teams to madness.According to Verizon’s 2016 Data Breach Investigation Report, 30 percent of phishing messages were opened by their intended target, and about 12 percent of recipients went on to click the malicious attachment or link that enabled the attack to succeed. A year earlier, only 23 percent of users opened the email, which suggests that employees are getting worse at identifying phishing emails -- or the bad guys are finding more creative ways to outsmart users.To read this article in full or to leave a comment, please click here

Can cybersecurity save the November elections?

The Federal Bureau of Investigation’s disclosure earlier this month that foreign hackers had infiltrated voter registration systems in Illinois and Arizona came as no surprise to some cybersecurity experts.“Given where cybercrime has gone, it’s not too surprising to think about how information risks might manifest themselves during the election season to cause some level of either potential disruption, change in voting, or even just political fodder to add the hype cycle,” says Malcolm Harkins, chief security and trust officer at network security firm Cylance.To read this article in full or to leave a comment, please click here

Can cybersecurity save the November elections?

The Federal Bureau of Investigation’s disclosure earlier this month that foreign hackers had infiltrated voter registration systems in Illinois and Arizona came as no surprise to some cybersecurity experts.“Given where cybercrime has gone, it’s not too surprising to think about how information risks might manifest themselves during the election season to cause some level of either potential disruption, change in voting, or even just political fodder to add the hype cycle,” says Malcolm Harkins, chief security and trust officer at network security firm Cylance.To read this article in full or to leave a comment, please click here

Tips for scaling up a data analytics project

The U.S. Environmental Protection Agency's new chief data scientist likens the adoption of big data analytics at the agency to the early adoption of the iPhone in 2007. Those early adopters "didn't know exactly what it was, but they wanted to use it because they perceived the value," says Robin Thottungal.To read this article in full or to leave a comment, please click here(Insider Story)

What’s in a security score?

Fair Isaac Corp., the company that issues credit scores for individuals, was tired of other analytics companies developing security scoring tools for businesses and then proclaiming themselves “the FICO of security scores.”So in May, FICO upped its own scoring game. It acquired cybersecurity firm QuadMetrics to create its own brand of enterprise security scores for enterprises. The new scoring tool, available in August, uses predictive analytics and security risk assessment tools to issue scores and predict a company’s likelihood of a significant breach compared to other firms within the next 12 months.“Our own cyber breach insurance underwriters commented how great it would be if there was really a FICO score on this for the underwriting process,” says Doug Clare, vice president of cybersecurity solutions. The company had already invested in cybersecurity detection technology that assesses network traffic, and it saw the addition of QuadMetrics as “the right opportunity at the right time,” he adds.To read this article in full or to leave a comment, please click here

What’s in a security score?

Fair Isaac Corp., the company that issues credit scores for individuals, was tired of other analytics companies developing security scoring tools for businesses and then proclaiming themselves “the FICO of security scores.”So in May, FICO upped its own scoring game. It acquired cybersecurity firm QuadMetrics to create its own brand of enterprise security scores for enterprises. The new scoring tool, available in August, uses predictive analytics and security risk assessment tools to issue scores and predict a company’s likelihood of a significant breach compared to other firms within the next 12 months.“Our own cyber breach insurance underwriters commented how great it would be if there was really a FICO score on this for the underwriting process,” says Doug Clare, vice president of cybersecurity solutions. The company had already invested in cybersecurity detection technology that assesses network traffic, and it saw the addition of QuadMetrics as “the right opportunity at the right time,” he adds.To read this article in full or to leave a comment, please click here

How to attract a board-level cybersecurity expert

Suzanne Vautrinot’s impressive cybersecurity experience has been in high demand since she retired from the U.S. Air Force in October 2013. As a major general and commander, she helped create the Department of Defense's U.S. Cyber Command and led the Air Force's IT and online battle group.In the past year alone, she has fielded “more than a handful” of phone calls from company executives and recruiters who hope to attract her to their board of directors, but she doesn’t jump at every opportunity. She has turned down board positions “more than once” because she perceived that the company wasn’t committed to cybersecurity initiatives or that she wouldn’t be active in any board matters beyond security.To read this article in full or to leave a comment, please click here

Why legal departments begrudge the cloud

Legal professionals are by their nature a skeptical and cautious lot, but the sharp rise in cloud-based applications being used by enterprises and law firms, as well as recent high-profile law firm security breaches, has many legal professionals reticent about entering cloud engagements.“The buck stops with the lawyer,” says Michael R. Overly, a partner and intellectual property lawyer focusing on technology at Foley & Lardner LLP in Los Angeles. “You’re trusting the [cloud provider] with how they manage security,” and yet their contract language excuses them from almost all responsibility if a security or confidentiality breach occurs, he says. “One can’t simply go to clients or the state bar association and say the third party caused a breach, so it’s really not our responsibility.”To read this article in full or to leave a comment, please click here

Companies high on virtualization despite fears of security breaches

Companies are feeling more comfortable with the cloud, virtualization and even software defined data centers than ever before, despite their fears about security breaches, according to a study due out this month by technology companies HyTrust and Intel. While no one thinks security problems will go away, companies are willing to tolerate the risk in the name of agility, flexibility and lower costs.Some 62 percent of executives, network administrators and engineers surveyed expect more adoption of SDDC in 2016, which can quantifiably drive up virtualization and server optimization, while 65 percent predict that these implementations will be faster.To read this article in full or to leave a comment, please click here

Should your board of directors include a cybersecurity expert?

Should companies have a cybersecurity expert on their board of directors? The federal government seems to think so, and increasingly so do security and risk professionals, although companies would prefer to make that decision without government involvement, according to a sampling of industry pros. A disclosure bill introduced by the U.S. Senate in December would ask companies to disclose whether they have a “cyber security expert” or equivalent measure on its board of directors. While no action is required if no expert currently has a seat on the board, the company would need to provide an explanation for how it is approaching cybersecurity.To read this article in full or to leave a comment, please click here(Insider Story)