Tag: CSO Online

The following are the eight best business-class antivirus tools for Android, according to AV-TEST’s January 2020 evaluations of 17 Android security apps. (The AV-TEST Institute is a Germany-based independent service provider of IT security and antivirus research.) AV-TEST rates each…

Read more →

To read this article in full, please click here   Advertise on IT Security News. Read the complete article: GoDaddy Websites + Marketing is perfect for new brands looking to get online.

Read more →

Cyber attack definition Simply put, a cyber attack is an attack launched from one or more computers against another computer, multiple computers or networks. Cyber attacks can be broken down into two broad types: attacks where the goal is to…

Read more →

The ongoing worldwide outbreak of coronavirus disease (COVID-19), which originated in Wuhan, China, in December 2019, continues to grab headlines. As of mid-February 2020, more than 70,000 cases had been confirmed. The World Health Organization (WHO) has declared the outbreak…

Read more →

IT security may, at times, seem an elusive goal. CISOs are facing multiple challenges. Digital transformation efforts, cloud and mobile implementations, and DevOps adoption have led to increasingly complex IT environments. These same trends have also expanded the attack surface.…

Read more →

As the attack landscape expands, CISOs must become more strategic and proactive. “They’re already dealing with very porous infrastructures that result from the business building products and services quickly without input from security teams,” says Wolfgang Goerlich, CISO Advisor with…

Read more →

IT security may, at times, seem an elusive goal. CISOs are facing multiple challenges. Digital transformation efforts, cloud and mobile implementations, and DevOps adoption have led to increasingly complex IT environments. These same trends have also expanded the attack surface.…

Read more →

“We’re [CSOs] all focused on this balance of being able to reduce risk while enabling the business,” says Lionbridge CSO & CPO Doug Graham. But, he adds, “There’s no real hard-and-fast rules about how much risk and what that recipe…

Read more →

If you have looked at your inbox lately, you’ll not be surprised when I say that phishing attacks increased 400% in the first seven months of 2019. Those phishing attacks attempted to either tricking a user to go to a…

Read more →

While segmentation is a powerful defensive tool, it’s also difficult to manage and can easily break applications that need to communicate with other services or the outside world. The Illumio platform solves many of these headaches.   Advertise on IT…

Read more →

Mobile security is at the top of every company’s worry list these days — and for good reason: Nearly all workers now routinely access corporate data from smartphones, and that means keeping sensitive info out of the wrong hands is…

Read more →

Python is one of the most widely used coding languages in the world. And, good news, it isn’t very difficult to learn — especially for those experienced using other platforms. If you want an introduction to the language, but would…

Read more →

Today’s businesses run on applications, services, and workflows that need to travel laterally across the extended network without interruption. To keep up with these demands, organizations are having to radically redesign their networks, including the addition of dynamic multi-cloud environments,…

Read more →

Kali Linux definition To read this article in full, please click here (Insider Story)   Advertise on IT Security News. Read the complete article: Kali Linux explained: A pentester’s toolkit

Read more →

RSAC 2020 Image by ALLVISIONN / DonFiore / Getty Images To read this article in full, please click here   Advertise on IT Security News. Read the complete article: Hottest new cybersecurity products at RSA Conference 2020

Read more →

The cloud is everywhere and organizations are using the cloud in one way or another. The majority of organizations have a dynamic cloud environment, with workloads spread across public cloud, private cloud, hybrid cloud and multi-cloud. As organizations develop their…

Read more →

What is penetration testing? Penetration testing is a simulated cyber attack where professional ethical hackers break into corporate networks to find weaknesses … before attackers do. It’s like in the movie Sneakers, where hacker-consultants break into your corporate networks to…

Read more →

As countries around the world begin deploying 5G technology, the promises of faster speeds and better service sometime obscure a host of security issues affecting the next-generation cellular technology. These security concerns exist despite improvements in data encryption, authentication and…

Read more →

History of ransomware Ransomware, a type of malware that holds data for ransom, has been around for years. In 1991, a biologist spread PC Cyborg, the first ransomware, by sending floppy disks via surface mail to other AIDS researchers, for instance.…

Read more →

The big data grab drove companies to stockpile data, with little thought of how to use it, and even less thought about how to properly secure it. People everywhere are growing more conscious of the data they share, who collects…

Read more →

Far too often security is being overlooked in the rush to embrace digital innovation. As a result, as businesses rapidly adopt new technologies and computing platforms, they are also opening the door for cybercriminals who are looking to gain access…

Read more →

Enterprises that apply a security strategy to their cloud workloads often rely on security checks pre-runtime. In most cases, they scan for vulnerabilities within their code or containers before deploying their cloud workloads into production. However, in runtime — when…

Read more →

New data from security and content delivery company Akamai shows that one in every five attempts to gain unauthorized access to user accounts is now done through application programming interfaces (APIs) instead of user-facing login pages. This trend is even…

Read more →

Data. Your business and computers are full of it. While much of that data is useless to anyone else, every firm has key assets that any attacker or other competitor would love to access. To read this article in full,…

Read more →

Security manufacturers increasingly refer to their solutions as a platform, with the vague implication that this gives their technology a distinct advantage. The challenge, of course, is that the term platform is rather ambiguous. It simply refers to the environment…

Read more →

Security researchers have warned for many years that failure to digitally sign and validate the low-level firmware found in computers can lead to damaging compromises that are very hard to detect and fix. While the computer industry has made some…

Read more →

Starting on February 24, the RSA Conference (RSAC) 2020 gives security vendors old and new a chance to demonstrate their capabilities. The event has become an attractive venue for startups to make their debut. This year’s crop will be demonstrating…

Read more →

Insider Pro reveals the current salaries for dozens of tech titles, details about IT workers’ top concerns, the state of the tech hiring and the tech specialties raking in the biggest compensation.   Advertise on IT Security News. Read the…

Read more →

You leave kerosene-soaked rags all around your house. You chain smoke. One day, while relaxing in front of an episode of CSI:Cyber, your hand slips and a lit cigarette sets your sofa on fire. Your house burns down. The insurance…

Read more →

Selim Aissi, CISO at software company Ellie Mae, saw it as confirmation of his role as trusted adviser when one of his company’s board members texted him late one night a few years ago. To read this article in full,…

Read more →

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions…

Read more →

Phishing definition Phishing is a cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for…

Read more →

Insider Pro reveals the current salaries for dozens of tech titles, details about IT workers’ top concerns, the state of the tech hiring and the tech specialties raking in the biggest compensation.   Advertise on IT Security News. Read the…

Read more →

The popularity of Amazon’s cloud computing platform continues to grow. That means that opportunities for IT professionals in this sector are likely to be plentiful, but only those with the proper skills will be considered for jobs. So, if you’re…

Read more →

Pop quiz: What has been the most popular — and therefore least secure — password every year since 2013? If you answered “password,” you’d be close. “Qwerty” is another contender for the dubious distinction, but the champion is the most…

Read more →

What is a DDoS attack? A distributed denial of service (DDoS) attack is when an attacker, or attackers, attempt to make it impossible for a service to be delivered. This can be achieved by thwarting access to virtually anything: servers,…

Read more →

In late 2018, the Marriott hotel chain announced that one of its reservation systems had been compromised, with hundreds of millions of customer records, including credit card and passport numbers, being exfiltrated by the attackers. While Marriott has not disclosed…

Read more →

In April of 2015, IT staffers within the United States Office of Personnel Management (OPM), the agency that manages the government’s civilian workforce, discovered that some of its personnel files had been hacked. Among the sensitive data that was exfiltrated…

Read more →

In March 2017, personally identifying data of hundreds of millions of people was stolen from Equifax, one of the credit reporting agencies that assess the financial health of nearly everyone in the United States. As we’ll see, the breach spawned…

Read more →

If I listed the names of services on your Windows systems, would you be able to determine which ones were real and which ones were fake? Attackers often use fake services designed to act and look like real Windows services…

Read more →

It’s still early in the year so it’s worth posing some important questions: Will organizations increase their cybersecurity budgets in 2020?  If so, what are their requirements and investment priorities? To read this article in full, please click here (Insider…

Read more →

As more organizations move to the cloud and to continuous deployment, security needs to “follow the ‘as code’ model,” says Marnie Wilking, global head of security & technology risk management at Wayfair. Where historically security engineers and analysts needed to…

Read more →

People skilled in the use of cloud based platforms are in demand. If you want to transition your career path into this specialized field, then The Complete 2020 Microsoft Azure Certification Prep Bundle, discounted by over 90 percent, may be…

Read more →

Anonymity and privacy are not about closing the door when you go to the bathroom. For the individual, they might be about personal autonomy, political liberty or just protecting yourself in the digital world. For the enterprise, employee privacy mitigates…

Read more →

This free, open source penetration testing tool uses real attacks and real techniques to try and exploit its way into a network.   Advertise on IT Security News. Read the complete article: Release the monkey! How Infection Monkey tests network…

Read more →

The 2020 election season got off to what could be a record-setting rocky start with delays in the reporting of the Iowa caucus results due to a poorly developed app. The failure of the mobile IowaReporterApp developed for the Democratic…

Read more →

What is the CIA triad? The CIA triad components, defined The CIA triad is a widely used information security model that can guide an organization’s efforts and policies aimed at keeping its data secure. The model has nothing to do…

Read more →

Ransomware attacks have matured over the years, adopting more stealthy and sophisticated techniques, while at the same time fixing many of the implementation errors that earlier iterations had. Moreover, some attacks are now gaining a new data leak component, which…

Read more →

Since 2014, CIOs have flagged cybersecurity as either their first or second most important IT management issue in the venerable IT Trends Study from the Society for Information Management. Yet in 2013, cybersecurity came in just seventh in that same…

Read more →

What you need to know — and do — about the tech-driven deglobalization trend and how it’s effecting change. Your career depends on understanding how nationalism and regulations impact business.   Advertise on IT Security News. Read the complete article:…

Read more →

Digital privacy is one side of a two-sided policy coin. Virtually all attention to date has been focused on developing legal and regulatory remedies to address this pervasive public concern. But in doing so, they have devoted little attention to…

Read more →

The AV-TEST Institute recently tested the most popular Windows 10 client antivirus products on three primary criteria: protection, performance, and usability. Four of the 15 products tested earned a perfect rating of 6 for each of those criteria: Kaspersky Small…

Read more →

During the 1980s, the military and intelligence services began to shift some of their information-gathering activities away from covert activities like trying to read an adversary’s mail or tapping their phones to discover hidden secrets. Instead, effort was put into…

Read more →

AI and behavioral analysis are key to elevating the level of security for devices and back-end systems and are a prerequisite for IoT devices and services. Is your vendor moving in the right direction?   Advertise on IT Security News.…

Read more →

All businesses understand they face a multitude of risks in today’s world. How they measure that risk, though, often varies across different business functions. Teams dedicated to privacy might view risk differently from those looking at industry-specific regulatory requirements, who…

Read more →

On any given day, there are a multitude of concerns pulling at the mind of a Chief Information Security Officer (CISO) — from cyber criminals to patch management and from Board presentations to data loss prevention, the problems are seemingly…

Read more →

Professionals in the cybersecurity space are well aware of the skills gap, which has already left 4 million global jobs unfilled, and that promises to continue to grow worse. CISOs are already feeling the effects across their team, especially in…

Read more →

In the age of cloud computing where infrastructure needs to be extended or deployed rapidly to meet ever-changing organizational needs, the configuration of new servers and nodes is completely automated. This is done using machine-readable definition files, or templates, as…

Read more →

For all the external threats facing companies today, sometimes the hardest challenge can be changing perceptions internally about cybersecurity and what the security team does. Changing mindsets to see security as an aid to winning new business is one way…

Read more →

Credential dumping is a significant technique that attackers use to gain persistent access in a network. They sneak into a workstation via phishing and then leverage the typical ways that admins manage and monitor a network to find exposed credentials.…

Read more →

Distracted by high-profile developments, gridlocked by partisan resentment, and time-crunched due to the election year, Congress is nevertheless swinging into gear on specific cybersecurity issues, Washington insiders told attendees at Shmoocon 2020 this past weekend. Among the top items that…

Read more →

The False Claims Act (FCA), otherwise known as the “Lincoln Law,” can cost companies that supply goods or services to the federal government millions of dollars if they fail to provide the digital security protections they promise, as two recent…

Read more →

The California Consumer Privacy Act (CCPA) went into effect on January 1 and it is affecting companies not just in California but across the United States — and even around the world. Here are nine questions that every CISO must…

Read more →

Many organizations are looking for cybersecurity skills and struggling to fill positions because demand has been pacing supply. That doesn’t mean anyone with experience in security can sail through a job interview and be hired on the spot, however. To…

Read more →

Nowadays, it’s easier than ever to power your home with clean energy, and yet, many Americans don’t know how to make the switch. Luckily, you don’t have to install expensive solar panels or switch utility companies to support a cleaner,…

Read more →

Sizable fines assessed for data breaches in 2019 suggest that regulators are getting more serious about organizations that don’t properly protect consumer data. In the UK British Airways was hit with a record $230 million penalty, followed shortly by a…

Read more →

Looking for a qualified candidate or new job? CSO’s security recruiter directory is your one-stop shop. The recruiters listed below can help you find your next Chief Security Officer (CSO), Chief Information Security Officer (CISO), or VP of Security and…

Read more →

2019 was another big year for mergers and acquisitions (M&A) in the cybersecurity industry. According to Momentum Cyber, more than 150 deals totaling more than $23 billion in value took place this year. Four billion-dollar deals have occurred in the…

Read more →

It’s not only highly effective at diagnosing and countering threats, but it does so in a transparent way that is configurable and editable by users.   Advertise on IT Security News. Read the complete article: Review: LogicHub expertly automates security

Read more →

To properly protect your network, you need to know who and what has access to your network, and where all sensitive information is located. To better control access, start by limiting the devices that are on the same subnet to…

Read more →

Bob Litterer, VP and CISO of biotech giant Biogen, isn’t a worrier at heart, but there are a few things that keep him up at night. High on that list is the interdependencies in his company’s third-party network; a data…

Read more →

Imagine this. You’ve finally completed your brand new app that’s going to revolutionize the way we live. You’ve even come up with a catchy name that meshes perfectly with your app and no other company has laid claim to. Unfortunately,…

Read more →

While outsourcing email is right for many, if not most, enterprises, it’s not enough to ensure both inbound and especially outbound email is secure. For example, outsourcing email would not prevent this from happening: To read this article in full,…

Read more →

LoRaWAN, a long-range wireless communications technology for low-powered devices such as sensors, has been gaining popularity worldwide in smart city, industrial internet of things (IioT) and smart home projects. Even though the protocol uses built-in encryption, implementation errors are common,…

Read more →

Currently, we have over 26-billion IoT devices running in our workplaces, offices and homes. If you’re looking for an IoT security scorecard, it looks something like this: Security Threats: 26,000,000,000, IoT Secure Devices: 0.   Advertise on IT Security News.…

Read more →

Best practices for configuring security features in Windows Server have changed in recent years. We’ve just said (official) good-bye to Windows Server 2008 R2, and we should be getting ready to say good-bye to Server 2012 R2 as support ends…

Read more →

Three members of a group that infected hundreds of websites from around the world with payment card stealing malware were arrested in Indonesia, the International Criminal Police Organization (INTERPOL) announced Tuesday. The arrests are the result of a larger multi-national…

Read more →

Last Friday, former IDC analyst, Chris Christensen, passed away.  I learned this sad news from my colleague John Grady who worked with Chris for many years.  Another colleague, Christina Richmond, also worked with and for Chris at IDC.  Christina and…

Read more →

This era of political espionage is rooted in manipulative ads, fake news articles and other forms of digital content. It’s one of the nation’s greatest threats, especially as we approach the 2020 presidential election.   Advertise on IT Security News.…

Read more →

As part of the ESG annual IT spending intensions research for 2020, respondents were asked to identify the area where their organizations have a problematic shortage of skills.  Cybersecurity topped the list of problematic skills shortage areas, just as it…

Read more →

Schneider Electric knows the business value of connecting its 200-plus distribution and production centers and converging them with IT systems. As more and more industrial environments are connected through sensors and actuators to produce data for proactive insights and services,…

Read more →

There is probably no better example of the potential for digital innovation, and the challenges we will need to overcome to get there, than the smart car. Over the past several years, cars have become increasingly sophisticated. Safety systems include…

Read more →

Researchers have found insecure configurations of the remote access and administration features present in several patient monitoring devices and servers made by GE Healthcare that are used in clinics and hospitals around the world. The identified issues involve the use…

Read more →

The twin pillars of digital innovation are scalability and performance. Cloud and SD-WAN provide agility and flexibility for constantly shifting business requirements, enabling organizations to dynamically scale compute, storage, application delivery and other functions to meet the escalating demands of…

Read more →

Cryptojacking definition Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers do this by either getting the victim to click on a malicious link in an email that loads cryptomining code on the computer, or by…

Read more →

Once a rarity, cyber incidents in the sporting industry are becoming common. While sports organizations have large amounts of sensitive, valuable information, the incidents themselves are often tied to the political climate. To read this article in full, please click…

Read more →

Buffer overflow definition A buffer overflow or overrun is a memory safety issue where a program does not properly check the boundaries of an allocated fixed-length memory buffer and writes more data than it can hold. This causes data to…

Read more →

January 14, 2020 was the official end of the road for public updates for Windows 7, Windows Server 2008 R2 and Windows Server 2008 SP2. The many organizations that continue to use them will need to find a way to…

Read more →

One of the lasting impacts of GDPR, the European privacy regulation that went into effect in May of 2018, has been that the security function has gained an awareness of privacy. Privacy now carries with it a risk weight that…

Read more →

Days away from the Iowa caucuses, and less than 11 months from the general election, voting and election security continues to be a challenge for the U.S political system. Threats to a secure election appear to loom as large today…

Read more →

After years of turmoil, it seems the UK finally has a deal that sets out how it will leave the European Union (EU). Prime Minister Boris Johnson’s Withdrawal Agreement Bill shares many similarities with the withdrawal agreement put forward by his…

Read more →

Too little security leads to data breaches, but too much security can wind up with the same result. Employees eager to do their jobs and fettered by what can sometimes seem like unnecessary restrictions on their ability to do so,…

Read more →

You’ve likely heard that 90% of the world’s data was created over the last two years.  This phrase, often quoted, sometimes attributed, is passing through the public consciousness, on its way to becoming trivia.  Before its reduced to a ‘fun…

Read more →

The biometric backlash is but a brief blip. Resistance is futile. You WILL be identified. But is that good or bad?   Advertise on IT Security News. Read the complete article: 3 reasons you can’t fight facial recognition

Read more →

Information security definition Information security, sometimes abbreviated to infosec, is a set of practices intended to keep data secure from unauthorized access or alterations, both when it’s being stored and when it’s being transmitted from one machine or physical location…

Read more →

Companies deploy an average of three to five different cloud services. With an increased emphasis on security and regulatory compliance, the capability to manage these disparate systems is crucial.   Advertise on IT Security News. Read the complete article: Why…

Read more →

Though threat actors have access to increasingly sophisticated and easy-to-use offensive tools, businesses often fail to get basics around patching right, leaving an easy entry route for attackers. To read this article in full, please click here (Insider Story)  …

Read more →

In 2019, the identity sector began to open its eyes, rubbing the sleep out of them, as the world awoke to the purpose and power of identity. To read this article in full, please click here (Insider Story)   Advertise…

Read more →

SaltStack Enterprise, and its optional SecOps modules, is one of the only platforms available today that can fully manage complex enterprise environments while also protecting them.   Advertise on IT Security News. Read the complete article: Review: SaltStack brings SecOps…

Read more →

As you start the new year, it’s a good time to think about what you can do to keep your network and organization from being low hanging fruit for attackers. Taking these steps won’t make you immune to attacks, but…

Read more →