Security professionals and managers are increasingly concerned that the leading information security risk to organizations comes from within. But despite the sinister overtones of this problem, insider threats are associated more with accidents and oversights than malicious actors. The danger is amplified by shortfalls in training and expertise, and the ch

The Moody Blues searched for the “Lost Chord,” Captain Kirk searched for Spock and the “In Search Of” television show sought to solve unexplained mysteries. Similarly, IT and security professionals are always searching for solutions that can balance myriad standards and regulations against a continuously evolving threat landscape. A

We’ve all heard that when it comes to experiencing a data breach, the question is not if it will happen, but when. You may be wondering about the actual odds of it happening to your organization. Think about it this way: The chances of being struck by lightning this year are 1 in 960,000. When it comes to experiencing a data breach, according to the Po

Security isn’t what it used to be, especially in the area of computing. It has become far more ephemeral, less obvious and much more important. To keep pace with the evolving threat landscape, we all need to reset our expectations about what cybersecurity actually is in today’s world and look carefully at what it might become. Early Computing In

The most common cyberattacks tend to follow the same pattern: An employee receives a fraudulent email and unwittingly exploits a vulnerability upon opening a malicious attachment, exposing sensitive data. Of course, there are countless variations — an unknown vulnerability, encrypted or exfiltrated data, a malware-laden hyperlink — and each one could result

Security threats can be scary, and the fear factor is understandable. Technological progress makes security a fast-moving target, with new and more sophisticated threats constantly emerging. The Internet of Things (IoT) is raising the stakes, putting the means of physical destruction in the hands of malicious actors. A sophisticated criminal underworld ecos

For the third year, the Warwick Manufacturing Group (WMG) at the University of Warwick will run the Enterprise Cyber Security (ECS) module, which is part of the institution’s Master of Science in Cyber Security and Management program. The individual degree modules offer students a solid set of security skills, culminating with the ECS module, which is

Health care is under siege from cybersecurity threats. As noted by Healthcare IT News, another large-scale health insurance vendor recently shuttered its patient portal to deal with vulnerabilities that exposed personal data. Meanwhile, Beta News reported that 43 percent of all data breaches in the U.K. come from the health care sector. Now, the U.S. Departm

Talk about cybersecurity is everywhere, from boardrooms to beach outings. But to chief information security officers (CISOs), it is more than conversation — it is the focus of their work. Just like thieves who rob from houses, cybercriminals target those who are least protected. That’s why awareness is critical to help security leaders combat cyber fa

Traveling for work is a regular occurrence for many of us. Most of the time, traveling for client meetings, conferences, team meetings and other work-related activities also means taking a laptop or other portable devices traveling too. These devices could easily include your company’s IP, strategic plans, financials or other sensitive enterprise asset

How often do you turn off your computer when you go home from work? We bet you leave it on so you don’t have to wait until it boots up in the morning. It’s possible that your IT staff have trained you to lock your system for security reasons whenever you leave your workplace. But locking your system won’t save your computer from a new type

The General Data Protection Regulation (GDPR) is designed to govern how organizations manage the personal information of European Union (EU) citizens. Any company that conducts business in Europe or stores data belonging to EU citizens is impacted, no matter where it is based. Organizations that fail to comply by the time the regulation takes effect in May

Depending on their specific goals and motivations, malicious external actors seek to blackmail individuals, organizations or security vendors to disrupt breach defenses or otherwise wreak havoc on IT operations. For security leaders tasked with defending against these threats, it’s hard to know who or what to believe. That challenge has only gotten wor

One of the fundamental requirements for big data users is big data control. Failure to properly store, audit and maintain data chain of custody undermines our individual and collective privacy. This failure also may be at odds with federal law and policy. Without data control, there is no data compliance. Fortunately, there is a host of big data analytics

Microsoft Office 365 is popular — very popular. In 2016, Gartner reported that 78 percent of enterprises surveyed used or planned to use Office 365. With access to a range of user activity events from a variety of sources, including Exchange Online, SharePoint Online and Azure Directory, how can Office 365 administrators correlate all this valuable data wit