This season’s featured cybersecurity nightmare may be ransomware, but breaches of all kinds are going up in both numbers and cost. In response, security vendors are offering sophisticated — and costly — solutions to defend against evermore sophisticated attackers. However, the most effective protective measures have nothing to do with specific software

According to a recent Forrester report, enterprise cloud computing adoption accelerated in 2016 and will do so again in 2017. Software-as-a-service (SaaS) remains the largest portion of the public cloud market, with global spending expected to reach $105 billion in 2017 and $155 billion by 2020. Infrastructure-as-a-service (IaaS) and platform-as-a-service (

Companies need to do more than just scan for known problems and provide huge vulnerability reports to system and network administrators for remediation. According to Gartner, known vulnerabilities still comprise 99 percent of all known exploit traffic. Furthermore, malware, ransomware and exploit kits target vulnerabilities that are six months or older on av

The very term Internet of Things (IoT) can sound like the buzziest of buzzwords. We all know we need to be aware of and plan for it, but sifting through all the security guidance about the IoT can be overwhelming. Moving Beyond Buzzwords To help cut through the noise, IBM released a new report, “Smart Things Call for Smart Risk Management,” detai

With all the industry studies, articles and literature related to insider threats, it is baffling to see that very few have focused on how insider threats are acquired — in fact, paid for — during a merger and acquisition process. Organizations are so fixated on driving profits and staying competitive that they gobble up any tangible asset they can. Compani

“There are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns — the ones we don’t know we don’t know.” — Donald Rumsfeld, former U.S. Secretary of Defense Board directors are under pressure to demonstr

The Moody Blues searched for the “Lost Chord,” Captain Kirk searched for Spock and the “In Search Of” television show sought to solve unexplained mysteries. Similarly, IT and security professionals are always searching for solutions that can balance myriad standards and regulations against a continuously evolving threat landscape. A

Disposability has become a regular thing in our lives; but you may have taken for granted the value it brings. Cost, convenience and risk are the cornerstones of successful disposability. Disposable computing offers a solution to cyber security and provides you with valuable threat information. This is the first in our two-part series on disposable computi

While the origin of the recent WannaCry exploit is still under investigation, there is no doubt that humans remain the weakest link in the chain of defense against cyberattacks. According to the IBM X-Force Threat Intelligence Index, human factors play a major role in various types of attacks. While it’s easy to blame users, many overlook the fact th

Risk management is the essence of what we do as information security professionals. We identify key security risks and analyze those risks in the context of the business. We then communicate the confirmed or potential outcomes to management. Finally, we decide — or wait for decisions — on how to respond. Misguided Decisions Many security challenges begin at

There’s huge gap in most security programs. No, it’s not the lack of management buy-in, limited budget or underimplemented technical controls — it’s weaknesses in your user security training program. There is a widespread assumption that policies can be documented and then tucked away, only to resurface every year or two when people sign of

There has been a lot of talk about the importance of building a holistic security immune system. That is, an intelligent, integrated way to protect a network using information from many different sources, all of which is ingested by powerful analytics tools to help correlate, prioritize and act on security incidents. When I put together security transformati

Faulty file definitions strike once again! On April 24, anti-virus provider Webroot issued an automated update to its signature definitions. This inadvertently quarantined hundreds of critical customer files and applications that it erroneously flagged as malicious. At one time or another, it seems that every anti-malware endpoint security provider has fal

For many, the most common reporting structure in today’s business environment is overly complicated. The majority of security leaders around the world report directly to the chief information officer (CIO), which can cause an enormous amount of conflict. That reporting structure, however, is slowly changing for some companies. In those organizations,

The Internet of Things (IoT), in which all manner of devices and things are connected, is enabling digital transformation in many walks of life. It’s also heralding the promise that we will soon live in hyperefficient smart cities. But how does this affect business? A recent report from The Economist Intelligence Unit (EIU) gauged the current IoT impac