Category Archives: Follow on

Attention CISOs: Five steps to get the security funding you need

Going in front of the board to request or increase your security funding is no easy task – especially when the organization is facing budget restraints or, worse, the board does not agree with your sense of urgency in securing the organization. If you’re about to make such a presentation, remember your focus should be describing your organization’s overall cyber security maturity, risks caused by company deficiencies, existing risk position based on current weaknesses, and … More

The post Attention CISOs: Five steps to get the security funding you need appeared first on Help Net Security.

What hackers inside your company are after: Convenience

Digital transformation is not a technology trend. Rather, it is a convenience trend. Businesses are changing because customer expectations demand it. Each day, consumers find yet another use for mobile connectivity. Corporations, meanwhile, hasten the rush of data into the cloud. And the so-called Internet of Things, or IoT, is woven more tightly into the fabric of our lives. The truth is we’ve all become addicted to the amazing, modern conveniences driven mainly by advances … More

The post What hackers inside your company are after: Convenience appeared first on Help Net Security.

Closed loop automation combats IoT security threats in the 5G age

The 5G race is on as carriers prepare for the onset of the next wireless generation in their own ways. While some have pseudo-definitions of 5G, others like Verizon and AT&T, are leading the 5G wars in a marketing-defined battle. Regardless of current status, the reality is that 5G will reach millions with nationwide and global launches giving rise to explosive connectivity growth. A recent report from Cisco reminds us of the tremendous proliferation of … More

The post Closed loop automation combats IoT security threats in the 5G age appeared first on Help Net Security.

Adhering to the mobility requirements of NIST 800-171 does not have to keep you awake at night

The majority of companies in the United States and Europe are required to comply with at least one IT security regulation – often times more. This forces companies to exert strong control over how data is transferred, accessed and maintained throughout its lifecycle. One particularly toothy regulation is referred to as NIST SP 800-171, and it requires that all non-federal organizations that want to continue working with U.S. government agencies need to be compliant with … More

The post Adhering to the mobility requirements of NIST 800-171 does not have to keep you awake at night appeared first on Help Net Security.

Perimeter solutions: Do layers of security make a difference?

As an enterprise, it is always important to constantly reevaluate information security solutions. When doing so, take a good look at the perimeter solutions in place and their associated detection mechanisms. What’s interesting is that many vendors that offer detection offerings use more than one solution as their engines. Some of these detection mechanisms are developed in-house, others combine with external solutions and some collaborate with other vendors to provide a solution with improved security. … More

The post Perimeter solutions: Do layers of security make a difference? appeared first on Help Net Security.

April Patch Tuesday Forecast: Be aware of end-of-service issues and browser exploits

April Patch Tuesday is nearly here with two significant topics of concern. The first relates to end-of-service milestones and the second issue is browser exploits. Let’s start with end-of-service. This is a fitting topic this month given we have two Windows 10 versions that are hitting end of service milestones in April, but I do want to expand the conversation beyond Windows 10 to discuss Windows 7, Server 2008 and 2008 R2, Flash Player, Java … More

The post April Patch Tuesday Forecast: Be aware of end-of-service issues and browser exploits appeared first on Help Net Security.

WHOIS after GDPR: A quick recap for CISOs

2018 was a big year for data protection with the implementation of the General Data Protection Regulation (GDPR) last May — forcing CISOs and other professionals to rethink how the personal data of European consumers should be collected and processed. Taking a closer a look at WHOIS in connection to that, the protocol gives access to public domain data including TLDs and ccTLDs as well as more personal information like the names and addresses of … More

The post WHOIS after GDPR: A quick recap for CISOs appeared first on Help Net Security.

How to Marie Kondo your data

By now you’ve heard about Marie Kondo, the author of New York Times bestseller, The Life Changing Magic of Tidying Up, and star of Tidying Up, the new Netflix show that puts her principles of organization and decluttering into practice in family homes throughout Los Angeles. While the #KonMariMethod has put households across America in an organizing frenzy, we found that her tidying principles can also be applied to solve a core challenge for the … More

The post How to Marie Kondo your data appeared first on Help Net Security.

Cybercriminals are increasingly using encryption to conceal and launch attacks

In this Help Net Security podcast, Deepen Desai, VP Security Research & Operations at Zscaler, talks about the latest Zscaler Cloud Security Insight Report, which focuses on SSL/TLS based threats. Here’s a transcript of the podcast for your convenience. Hello everyone. My name is Deepen Desai. I’m the Head of Security Research at Zscaler. In this Help Net Security podcast I will be talking about the latest Zscaler Cloud Security Insight Report that focuses on … More

The post Cybercriminals are increasingly using encryption to conceal and launch attacks appeared first on Help Net Security.

Employee cybersecurity essentials part 1: Passwords and phishing

Your company may have state-of-the-art monitoring and the latest anti-malware and anti-virus programs, but that doesn’t mean you’re not at risk for a breach, or that – as an employee, that you’re not putting your company at risk. Humans have always been the weakest link in the security chain. Phishing and social engineering schemes account for 93 percent of breaches, according to Verizon’s 2018 Data Breach Investigations Report. And passwords are easier for hackers to … More

The post Employee cybersecurity essentials part 1: Passwords and phishing appeared first on Help Net Security.

Breaking the cybersecurity stalemate by investing in people

No surprise, it happened again. In 2018, the financial toll cyber breaches took on organizations hit $3.86 million, a 6.4 percent rise from 2017. Before last year’s close, analysts at Gartner claimed worldwide spending on infosec products and services would increase 12.4 percent, reaching over $114 billion in 2019. In fact, when the U.S. government announced a 2019 budget of $15 billion for cybersecurity-related activities, it came with a 4.1 percent jump and a caveat: … More

The post Breaking the cybersecurity stalemate by investing in people appeared first on Help Net Security.

Four key security tips when using any collaboration technology

With database breaches and ransomware attacks making daily news, security is now a top priority for companies, and collaboration solutions are no exception. In the current age of global connectivity, video conferencing and collaboration technologies have become an inescapable part of doing business. Business partners and remote employees around the world rely on these solutions to stay connected and communicate effectively, especially when in-person meetings aren’t possible. While it’s easy enough to say, “my company … More

The post Four key security tips when using any collaboration technology appeared first on Help Net Security.

Meet the new generation of white hats

The past two years have seen an explosion in the number of software vulnerabilities being published, jumping from 6,447 in 2016 to 14,714 in 2017. Seeing as 2018 beat out the previous year with 16,521 CVEs reported, we should prepare ourselves for plenty of patching ahead in 2019. While factors like the adoption of automated Application Security Testing (AST) tools by more vendors and the absolute growth of code are definitely playing a bigger role … More

The post Meet the new generation of white hats appeared first on Help Net Security.

Thinking of threat intelligence as a contributing member of your security team

Threat intelligence is widely considered as a significant asset for organizations, but implementation of this intelligence within security operations can often be cumbersome. In this Help Net Security podcast recorded at RSA Conference 2019, Nicholas Hayden, Senior Director of Threat Intelligence at Anomali, talks about the intelligence-driven security operations center. Here’s a transcript of the podcast for your convenience. My name is Nicholas Hayden. I’m the Senior Director of Threat Intelligence for Anomali. Today, on … More

The post Thinking of threat intelligence as a contributing member of your security team appeared first on Help Net Security.