Category Archives: Follow on

Digital skills are critical for tackling the rising tide of cybercrime

The rising tide of cybercrime shows no sign of slowing. Whether it’s hacking, identity fraud or malware attacks, online criminals have proven themselves to be both relentless and ruthless. Targets have included public sector institutions, charities, even the UK’s National Health Service (NHS) was not spared. In this challenging climate, it is unsurprising that police forces are facing extreme pressure to protect victims and take meaningful action against the perpetrators, who are hard to track … More

The post Digital skills are critical for tackling the rising tide of cybercrime appeared first on Help Net Security.

Equifax: A study in accountability but not authority responsibility

Like most of the security community, I have spent hours digesting the recently released U.S. House of Representatives Committee on Oversight and Government Reform report on the Equifax breach. I read the report with a mix of heartfelt empathy and fear-inducing understanding of some of the findings. I feel empathy because my role has offered me a unique view on the size and scope of the threats facing many organization; fear because some of the … More

The post Equifax: A study in accountability but not authority responsibility appeared first on Help Net Security.

How can businesses get the most out of pentesting?

More than 4.5 billion data records were compromised in the first half of this year. If you still feel like your enterprise is secure after reading that statistic, you’re one of the few. Hackers utilizing high-profile exploits to victimize organizations is becoming an almost daily occurrence, with 18,000 to 19,000 new vulnerabilities estimated to show up in 2018. Here’s the thing though – we can still address the situation and make the current threat landscape … More

The post How can businesses get the most out of pentesting? appeared first on Help Net Security.

December Patch Tuesday forecast: Let it snow, let it snow, let it snow

Grab your shovels, dust off the snow blower, and bundle up. The way patches are accumulating this month is making me think of winter in Minnesota. I’m talking about the kind where the snow flurries start and stop so many times over the course of a few weeks, you suddenly realize there is a lot of snow out there! So the question is, do you shovel in small amounts when there are breaks in the … More

The post December Patch Tuesday forecast: Let it snow, let it snow, let it snow appeared first on Help Net Security.

Why hospitals are the next frontier of cybersecurity

Hospital cybersecurity is a pressing problem with unique challenges and incalculable stakes. The healthcare industry’s accelerating adoption of sophisticated networks, connected devices and digital records has revolutionized clinical operations and patient care but has also left modern hospitals acutely vulnerable to cyber attack. Recent high-profile hacks have brought these mounting threats sharply into focus. However, despite increasing efforts and awareness, a number of technological, cultural and regulatory issues complicate healthcare cybersecurity. Security solutions built for … More

The post Why hospitals are the next frontier of cybersecurity appeared first on Help Net Security.

Best practice methodology for industrial network security: SEC-OT

Secure Operations Technology (SEC-OT) is a methodology and collection of best practices inspired by a decade of experience working with secure industrial sites. The SEC-OT approach is counter-intuitive to many IT and even industrial control system (ICS) security practitioners. It turns out that secure industrial sites ask different questions and get different answers. For example, industrial sites generally do not ask “how can we protect our information?” Instead, they ask, “how to we keep the … More

The post Best practice methodology for industrial network security: SEC-OT appeared first on Help Net Security.

The fundamentals of network security and cybersecurity hygiene

Infrastructure and network security The two fundamental building blocks to ensuring that your data is secure are physical infrastructure and network security. Understanding and protecting your information from threats and human error require meticulously layered security protocols. Physical infrastructure Last year, British Airways canceled over 400 flights and stranded 75,000 passengers because of an IT outage caused by an engineer who disconnected a power supply at a data center near London’s Heathrow airport. When it … More

The post The fundamentals of network security and cybersecurity hygiene appeared first on Help Net Security.

Why compliance is never enough

Organizations are well aware of the security risks inherent in our hyper-connected world. However, many are making the mistake of focusing their attention on being compliant rather than on ensuring that their security strategy is effective and efficient. As the threat landscape continues to evolve this type of compliance-driven, checkbox mentality is setting many organizations up for a potentially disastrous fall (or breach). Being in compliance does not guarantee that a company has a comprehensive … More

The post Why compliance is never enough appeared first on Help Net Security.

Why you shouldn’t be worried about UPnP port masking

Last May, security firm Imperva wrote a blog post discussing a new proof of concept for bypassing DDoS mitigation after discovering reflected network protocols appearing on non-standard network ports. Imperva was able to replicate the same behavior using a technique called UPnP Port Masking, which uses the Universal Plug and Play (UPnP) Protocol to alter the source port of commonly abused network protocols in DDoS attacks. Multiple news outlets picked up on Imperva’s research and … More

The post Why you shouldn’t be worried about UPnP port masking appeared first on Help Net Security.

Conficker: A 10-year retrospective on a legendary worm

This November marked the 10-year anniversary of Conficker, a fast-spreading worm targeting Microsoft systems that went on to claim one of the highest levels of infection in history. Millions of computers were eventually infected by the worm, including hospitals across Europe as well as ordinary consumers. Looking back to my time helping to defeat the worm however, it is apparent that the outbreak also helped to elevate the security industry and shape many of the … More

The post Conficker: A 10-year retrospective on a legendary worm appeared first on Help Net Security.

Privacy laws do not understand human error

In a world of increasingly punitive regulations like GDPR, the combination of unstructured data and human error represents one of the greatest risks an organization faces. Understanding the differences between unstructured and structured data – and the different approaches needed to secure it – is critical to achieve compliance with the many data privacy regulations that businesses in the U.S. now face. Structured data is comprised of individual elements of information organized to be accessible, … More

The post Privacy laws do not understand human error appeared first on Help Net Security.