IT resilience refers to a network or system’s ability to withstand the slings and arrows of life and operations, from human error to migration failure to natural disaster. Any of these unavoidable factors can disrupt or even cripple an enterprise. As a concept, IT resilience is closely related to security. A deliberate attack is, in a sense, a predicta

From W-2 scams to WordPress vulnerabilities, ransomware, business email compromises, DDos attacks and allegations of a hacked presidential election -- 2016's been a hell of a year in cybersecurity, and it's not over yet.There's no reason to believe 2017 will be any better. If anything, it could be even worse as cybercriminals continue to push social eng

The likelihood that companies will experience a security incident continue to rise every year. While most organizations have put a data breach preparedness plan in place to combat such incidents, most executives aren't updating or practicing the plan regularly, according to study released earlier this month."When it comes to managing a data breach, havin

The hack of the Democratic National Committee this past summer, allegedly by Russia, prompted a political firestorm, but didn’t cause even a ripple in the US economy.But imagine the economic firestorm that would result if online attackers brought the entire internet down, even temporarily.You may not have to imagine it, according to Bruce Schneier, CTO o

It’s not enough for security pros to figure out how to protect digital enterprises from risks that can ruin the business, they must effectively sell it to corporate boards whose blessing is needed to authorize the plan, Gartner analysts told attendees at their Security and Risk Management Summit.With that in mind, three Gartner security specialists walke

High-profile events such as data breaches, natural disasters and terrorist attacks are raising enterprise awareness of business continuity management (BCM). Leaders have a crucial stake in ensuring the continuity and resiliency of business operations in the face of interruptions. Unfortunately, many organizations still have not put into place the people, pro

Hackers breached the systems of anti-adblocking solutions provider PageFair and used the access to deliver malware via the publishers that rely on the company’s services.PageFair helps web publishers measure and recover revenue lost due to ad blockers, which have become increasingly problematic for the advertising industry. The company says it serves more th

Disasters, SOCs, Attacks, and Dyre straits… it’s time for an all-new InfoSecond! In our latest entry, we touch on criminals capitalizing on disasters – and who they’re targeting, the three questions you should ask before setting up a Security Operations Center (SOC), connecting the data on attack scenarios using the latest findings, and how

Sony Pictures Entertainment pressed media outlets Sunday against using data hackers may have leaked about the studio. In the letter sent to groups including The New York Times and The Hollywood Reporter, lawyer David Boies said the "stolen information" must be destroyed and should not make it to publication. The studio "does not consent to your posse

Sony Pictures organized a town hall-style meeting with staff Monday to discuss the massive cyber attack on the Hollywood studio, a day after hackers promised a big "Christmas gift." Staff were called together at its headquarters west of Los Angeles to hear how the company is responding to the ongoing hacking attack which has produced a string of dama

These days, the battle for system-wide survivability can be found in many places, from the army to scientific laboratories to building fields for ships and airplanes. A security system should be considered survivable when it provides a permanent service level despite unstable business factors or changes to its structure and behavior. For instance, let’

Instagram, Grindr, OkCupid and many other Android applications fail to take basic precautions to protect their users’ data, putting their privacy at risk, according to new study.The findings comes from the University of New Haven’s Cyber Forensics Research and Education Group (UNHcFREG), which earlier this year found vulnerabilities in the messaging applicat

A recent security bulletin released by Microsoft as part of the August 2014 Patch Tuesday can lead to a crash on some systems, the company said in a knowledge base article. Microsoft launched an investigation after a large number of users reported getting a so-called "blue screen of death" (BSOD) after installing update KB2982791 (MS14-045). MS1

As the CSO/CISO/person responsible for Information Security, your job is to…  well … do you even know?  Does upper management know?  "Our crappy CSO <this>…" and "Our stupid CSO <that>…" are statements commonly used by various (techie) people, throw