The following are the eight best business-class antivirus tools for Android, according to AV-TEST’s January 2020 evaluations of 17 Android security apps. (The AV-TEST Institute is a Germany-based independent service provider of IT security and antivirus research.) AV-TEST rates each…
Tag: CSO Online
GoDaddy Websites + Marketing is perfect for new brands looking to get online.
To read this article in full, please click here Advertise on IT Security News. Read the complete article: GoDaddy Websites + Marketing is perfect for new brands looking to get online.
What is a cyber attack? Recent examples show disturbing trends
Cyber attack definition Simply put, a cyber attack is an attack launched from one or more computers against another computer, multiple computers or networks. Cyber attacks can be broken down into two broad types: attacks where the goal is to…
A security guide for pandemic planning: 7 key steps
The ongoing worldwide outbreak of coronavirus disease (COVID-19), which originated in Wuhan, China, in December 2019, continues to grab headlines. As of mid-February 2020, more than 70,000 cases had been confirmed. The World Health Organization (WHO) has declared the outbreak…
BrandPost: 2020 Security: Securing Your Business with an Integrated Security Platform
IT security may, at times, seem an elusive goal. CISOs are facing multiple challenges. Digital transformation efforts, cloud and mobile implementations, and DevOps adoption have led to increasingly complex IT environments. These same trends have also expanded the attack surface.…
BrandPost: Benchmarks for 2020: Three Goals for CISOs in the Coming Year
As the attack landscape expands, CISOs must become more strategic and proactive. “They’re already dealing with very porous infrastructures that result from the business building products and services quickly without input from security teams,” says Wolfgang Goerlich, CISO Advisor with…
2020 Security: Securing Your Business with an Integrated Security Platform
IT security may, at times, seem an elusive goal. CISOs are facing multiple challenges. Digital transformation efforts, cloud and mobile implementations, and DevOps adoption have led to increasingly complex IT environments. These same trends have also expanded the attack surface.…
BrandPost: Episode 4: Reducing risk vs. enabling the business: finding the balance
“We’re [CSOs] all focused on this balance of being able to reduce risk while enabling the business,” says Lionbridge CSO & CPO Doug Graham. But, he adds, “There’s no real hard-and-fast rules about how much risk and what that recipe…
How to prevent scripting attacks in Microsoft Office
If you have looked at your inbox lately, you’ll not be surprised when I say that phishing attacks increased 400% in the first seven months of 2019. Those phishing attacks attempted to either tricking a user to go to a…
Review: Achieving enlightened segmentation with Illumio
While segmentation is a powerful defensive tool, it’s also difficult to manage and can easily break applications that need to communicate with other services or the outside world. The Illumio platform solves many of these headaches. Advertise on IT…
8 mobile security threats you should take seriously in 2020
Mobile security is at the top of every company’s worry list these days — and for good reason: Nearly all workers now routinely access corporate data from smartphones, and that means keeping sensitive info out of the wrong hands is…
Train to become a skilled Python coder for just $50
Python is one of the most widely used coding languages in the world. And, good news, it isn’t very difficult to learn — especially for those experienced using other platforms. If you want an introduction to the language, but would…
BrandPost: Modern Networks Require High-Performance Internal Segmentation
Today’s businesses run on applications, services, and workflows that need to travel laterally across the extended network without interruption. To keep up with these demands, organizations are having to radically redesign their networks, including the addition of dynamic multi-cloud environments,…
Kali Linux explained: A pentester’s toolkit
Kali Linux definition To read this article in full, please click here (Insider Story) Advertise on IT Security News. Read the complete article: Kali Linux explained: A pentester’s toolkit
Hottest new cybersecurity products at RSA Conference 2020
RSAC 2020 Image by ALLVISIONN / DonFiore / Getty Images To read this article in full, please click here Advertise on IT Security News. Read the complete article: Hottest new cybersecurity products at RSA Conference 2020
BrandPost: Addressing the Security Demands of Today’s Dynamic Cloud Environments
The cloud is everywhere and organizations are using the cloud in one way or another. The majority of organizations have a dynamic cloud environment, with workloads spread across public cloud, private cloud, hybrid cloud and multi-cloud. As organizations develop their…
11 penetration testing tools the pros use
What is penetration testing? Penetration testing is a simulated cyber attack where professional ethical hackers break into corporate networks to find weaknesses … before attackers do. It’s like in the movie Sneakers, where hacker-consultants break into your corporate networks to…
5G security is a mess. Could digital certificates help?
As countries around the world begin deploying 5G technology, the promises of faster speeds and better service sometime obscure a host of security issues affecting the next-generation cellular technology. These security concerns exist despite improvements in data encryption, authentication and…
Recent ransomware attacks define the malware’s new age
History of ransomware Ransomware, a type of malware that holds data for ransom, has been around for years. In 1991, a biologist spread PC Cyborg, the first ransomware, by sending floppy disks via surface mail to other AIDS researchers, for instance.…
The CCPA is an opportunity to get your data security house in order
The big data grab drove companies to stockpile data, with little thought of how to use it, and even less thought about how to properly secure it. People everywhere are growing more conscious of the data they share, who collects…
BrandPost: Understanding the Impact of the Cybersecurity Skills Shortage on Business
Far too often security is being overlooked in the rush to embrace digital innovation. As a result, as businesses rapidly adopt new technologies and computing platforms, they are also opening the door for cybercriminals who are looking to gain access…
BrandPost: Securing your Cloud Workloads in Runtime: Why Pre-Runtime Scans Aren’t Enough
Enterprises that apply a security strategy to their cloud workloads often rely on security checks pre-runtime. In most cases, they scan for vulnerabilities within their code or containers before deploying their cloud workloads into production. However, in runtime — when…
APIs are becoming a major target for credential stuffing attacks
New data from security and content delivery company Akamai shows that one in every five attempts to gain unauthorized access to user accounts is now done through application programming interfaces (APIs) instead of user-facing login pages. This trend is even…
How to set up your network to prevent data loss
Data. Your business and computers are full of it. While much of that data is useless to anyone else, every firm has key assets that any attacker or other competitor would love to access. To read this article in full,…
BrandPost: Defining the Security Platform
Security manufacturers increasingly refer to their solutions as a platform, with the vague implication that this gives their technology a distinct advantage. The challenge, of course, is that the term platform is rather ambiguous. It simply refers to the environment…
Lack of firmware validation for computer peripherals enables highly persistent attacks
Security researchers have warned for many years that failure to digitally sign and validate the low-level firmware found in computers can lead to damaging compromises that are very hard to detect and fix. While the computer industry has made some…
12 hottest new cybersecurity startups at RSA 2020
Starting on February 24, the RSA Conference (RSAC) 2020 gives security vendors old and new a chance to demonstrate their capabilities. The event has become an attractive venue for startups to make their debut. This year’s crop will be demonstrating…
IT Salary Survey 2020: The results are in
Insider Pro reveals the current salaries for dozens of tech titles, details about IT workers’ top concerns, the state of the tech hiring and the tech specialties raking in the biggest compensation. Advertise on IT Security News. Read the…
5 things you should know about cybersecurity insurance
You leave kerosene-soaked rags all around your house. You chain smoke. One day, while relaxing in front of an episode of CSI:Cyber, your hand slips and a lit cigarette sets your sofa on fire. Your house burns down. The insurance…
The CSO’s playbook for forging board relationships
Selim Aissi, CISO at software company Ellie Mae, saw it as confirmation of his role as trusted adviser when one of his company’s board members texted him late one night a few years ago. To read this article in full,…
The CSO guide to top security conferences, 2020
There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions…
What is phishing? How this cyber attack works and how to prevent it
Phishing definition Phishing is a cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for…
IT Salary Survey 2020: The results are in
Insider Pro reveals the current salaries for dozens of tech titles, details about IT workers’ top concerns, the state of the tech hiring and the tech specialties raking in the biggest compensation. Advertise on IT Security News. Read the…
Train to become a skilled AWS expert for less than $50
The popularity of Amazon’s cloud computing platform continues to grow. That means that opportunities for IT professionals in this sector are likely to be plentiful, but only those with the proper skills will be considered for jobs. So, if you’re…
The 25 worst passwords of 2019, and 8 tips for improving password security
Pop quiz: What has been the most popular — and therefore least secure — password every year since 2013? If you answered “password,” you’d be close. “Qwerty” is another contender for the dubious distinction, but the champion is the most…
DDoS explained: How distributed denial of service attacks are evolving
What is a DDoS attack? A distributed denial of service (DDoS) attack is when an attacker, or attackers, attempt to make it impossible for a service to be delivered. This can be achieved by thwarting access to virtually anything: servers,…
Marriott data breach FAQ: How did it happen and what was the impact?
In late 2018, the Marriott hotel chain announced that one of its reservation systems had been compromised, with hundreds of millions of customer records, including credit card and passport numbers, being exfiltrated by the attackers. While Marriott has not disclosed…
The OPM hack explained: Bad security practices meet China’s Captain America
In April of 2015, IT staffers within the United States Office of Personnel Management (OPM), the agency that manages the government’s civilian workforce, discovered that some of its personnel files had been hacked. Among the sensitive data that was exfiltrated…
Equifax data breach FAQ: What happened, who was affected, what was the impact?
In March 2017, personally identifying data of hundreds of millions of people was stolen from Equifax, one of the credit reporting agencies that assess the financial health of nearly everyone in the United States. As we’ll see, the breach spawned…
How to fight hidden malware on Windows networks
If I listed the names of services on your Windows systems, would you be able to determine which ones were real and which ones were fake? Attackers often use fake services designed to act and look like real Windows services…
Cybersecurity spending trends, 2020
It’s still early in the year so it’s worth posing some important questions: Will organizations increase their cybersecurity budgets in 2020? If so, what are their requirements and investment priorities? To read this article in full, please click here (Insider…
Episode 3: Succeeding with security as code
As more organizations move to the cloud and to continuous deployment, security needs to “follow the ‘as code’ model,” says Marnie Wilking, global head of security & technology risk management at Wayfair. Where historically security engineers and analysts needed to…
Get Microsoft Azure-savvy & supercharge your resume with this training.
People skilled in the use of cloud based platforms are in demand. If you want to transition your career path into this specialized field, then The Complete 2020 Microsoft Azure Certification Prep Bundle, discounted by over 90 percent, may be…
8 steps to being (almost) completely anonymous online
Anonymity and privacy are not about closing the door when you go to the bathroom. For the individual, they might be about personal autonomy, political liberty or just protecting yourself in the digital world. For the enterprise, employee privacy mitigates…
Release the monkey! How Infection Monkey tests network security
This free, open source penetration testing tool uses real attacks and real techniques to try and exploit its way into a network. Advertise on IT Security News. Read the complete article: Release the monkey! How Infection Monkey tests network…
Presidential campaigns taking email security more seriously–not so much at the local level
The 2020 election season got off to what could be a record-setting rocky start with delays in the reporting of the Iowa caucus results due to a poorly developed app. The failure of the mobile IowaReporterApp developed for the Democratic…
The CIA triad: Definition, components and examples
What is the CIA triad? The CIA triad components, defined The CIA triad is a widely used information security model that can guide an organization’s efforts and policies aimed at keeping its data secure. The model has nothing to do…
More targeted, sophisticated and costly: Why ransomware might be your biggest threat
Ransomware attacks have matured over the years, adopting more stealthy and sophisticated techniques, while at the same time fixing many of the implementation errors that earlier iterations had. Moreover, some attacks are now gaining a new data leak component, which…
Cybersecurity in 2020: From secure code to defense in depth
Since 2014, CIOs have flagged cybersecurity as either their first or second most important IT management issue in the venerable IT Trends Study from the Society for Information Management. Yet in 2013, cybersecurity came in just seventh in that same…
Is technology killing globalization?
What you need to know — and do — about the tech-driven deglobalization trend and how it’s effecting change. Your career depends on understanding how nationalism and regulations impact business. Advertise on IT Security News. Read the complete article:…
Why hacking must be addressed in digital privacy policymaking
Digital privacy is one side of a two-sided policy coin. Virtually all attention to date has been focused on developing legal and regulatory remedies to address this pervasive public concern. But in doing so, they have devoted little attention to…
Best antivirus software: 12 top tools
The AV-TEST Institute recently tested the most popular Windows 10 client antivirus products on three primary criteria: protection, performance, and usability. Four of the 15 products tested earned a perfect rating of 6 for each of those criteria: Kaspersky Small…
8 top OSINT tools: Find sensitive public info before hackers do
During the 1980s, the military and intelligence services began to shift some of their information-gathering activities away from covert activities like trying to read an adversary’s mail or tapping their phones to discover hidden secrets. Instead, effort was put into…
Next-generation endpoint security goes beyond the endpoint
AI and behavioral analysis are key to elevating the level of security for devices and back-end systems and are a prerequisite for IoT devices and services. Is your vendor moving in the right direction? Advertise on IT Security News.…
Risk profiling gives PPD real-time view of vulnerabilities
All businesses understand they face a multitude of risks in today’s world. How they measure that risk, though, often varies across different business functions. Teams dedicated to privacy might view risk differently from those looking at industry-specific regulatory requirements, who…
6 tips for building your cybersecurity bench
On any given day, there are a multitude of concerns pulling at the mind of a Chief Information Security Officer (CISO) — from cyber criminals to patch management and from Board presentations to data loss prevention, the problems are seemingly…
BrandPost: Hiring Tips for CISOs Closing the Cyber Skills Gap
Professionals in the cybersecurity space are well aware of the skills gap, which has already left 4 million global jobs unfilled, and that promises to continue to grow worse. CISOs are already feeling the effects across their team, especially in…
Infrastructure-as-code templates are the source of many cloud infrastructure weaknesses
In the age of cloud computing where infrastructure needs to be extended or deployed rapidly to meet ever-changing organizational needs, the configuration of new servers and nodes is completely automated. This is done using machine-readable definition files, or templates, as…
How one law firm made security a business development opportunity
For all the external threats facing companies today, sometimes the hardest challenge can be changing perceptions internally about cybersecurity and what the security team does. Changing mindsets to see security as an aid to winning new business is one way…
5 steps to avoid credential dumping attacks
Credential dumping is a significant technique that attackers use to gain persistent access in a network. They sneak into a workstation via phishing and then leverage the typical ways that admins manage and monitor a network to find exposed credentials.…
On the 2020 Congressional cybersecurity agenda: Critical infrastructure, copyright exemptions
Distracted by high-profile developments, gridlocked by partisan resentment, and time-crunched due to the election year, Congress is nevertheless swinging into gear on specific cybersecurity issues, Washington insiders told attendees at Shmoocon 2020 this past weekend. Among the top items that…
Recent False Claims Act cases a caution to gov’t contractors that skimp on security
The False Claims Act (FCA), otherwise known as the “Lincoln Law,” can cost companies that supply goods or services to the federal government millions of dollars if they fail to provide the digital security protections they promise, as two recent…
9 CCPA questions every CISO should be prepared to answer
The California Consumer Privacy Act (CCPA) went into effect on January 1 and it is affecting companies not just in California but across the United States — and even around the world. Here are nine questions that every CISO must…
10 tough security interview questions, and how to answer them
Many organizations are looking for cybersecurity skills and struggling to fill positions because demand has been pacing supply. That doesn’t mean anyone with experience in security can sail through a job interview and be hired on the spot, however. To…
Arcadia makes supporting clean energy easier
Nowadays, it’s easier than ever to power your home with clean energy, and yet, many Americans don’t know how to make the switch. Luckily, you don’t have to install expensive solar panels or switch utility companies to support a cleaner,…
The biggest data breach fines, penalties and settlements so far
Sizable fines assessed for data breaches in 2019 suggest that regulators are getting more serious about organizations that don’t properly protect consumer data. In the UK British Airways was hit with a record $230 million penalty, followed shortly by a…
Security Recruiter Directory
Looking for a qualified candidate or new job? CSO’s security recruiter directory is your one-stop shop. The recruiters listed below can help you find your next Chief Security Officer (CSO), Chief Information Security Officer (CISO), or VP of Security and…
10 biggest cybersecurity M&A deals of 2019
2019 was another big year for mergers and acquisitions (M&A) in the cybersecurity industry. According to Momentum Cyber, more than 150 deals totaling more than $23 billion in value took place this year. Four billion-dollar deals have occurred in the…
Review: LogicHub expertly automates security
It’s not only highly effective at diagnosing and countering threats, but it does so in a transparent way that is configurable and editable by users. Advertise on IT Security News. Read the complete article: Review: LogicHub expertly automates security
How to set up Windows Firewall to limit network access
To properly protect your network, you need to know who and what has access to your network, and where all sensitive information is located. To better control access, start by limiting the devices that are on the same subnet to…
Episode 2: Three things that keep Biogen CISO Bob Litterer up at night
Bob Litterer, VP and CISO of biotech giant Biogen, isn’t a worrier at heart, but there are a few things that keep him up at night. High on that list is the interdependencies in his company’s third-party network; a data…
Set your brand up for success with a .tech domain extension
Imagine this. You’ve finally completed your brand new app that’s going to revolutionize the way we live. You’ve even come up with a catchy name that meshes perfectly with your app and no other company has laid claim to. Unfortunately,…
With email security, some things can’t be outsourced
While outsourcing email is right for many, if not most, enterprises, it’s not enough to ensure both inbound and especially outbound email is secure. For example, outsourcing email would not prevent this from happening: To read this article in full,…
Implementation flaws make LoRaWAN networks vulnerable to attack
LoRaWAN, a long-range wireless communications technology for low-powered devices such as sensors, has been gaining popularity worldwide in smart city, industrial internet of things (IioT) and smart home projects. Even though the protocol uses built-in encryption, implementation errors are common,…
Securing the IoT is a nightmare
Currently, we have over 26-billion IoT devices running in our workplaces, offices and homes. If you’re looking for an IoT security scorecard, it looks something like this: Security Threats: 26,000,000,000, IoT Secure Devices: 0. Advertise on IT Security News.…
The 9 Windows Server security settings you need to get right
Best practices for configuring security features in Windows Server have changed in recent years. We’ve just said (official) good-bye to Windows Server 2008 R2, and we should be getting ready to say good-bye to Server 2012 R2 as support ends…
Magecart-related arrests made in Indonesia
Three members of a group that infected hundreds of websites from around the world with payment card stealing malware were arrested in Indonesia, the International Criminal Police Organization (INTERPOL) announced Tuesday. The arrests are the result of a larger multi-national…
Remembering Chris Christensen
Last Friday, former IDC analyst, Chris Christensen, passed away. I learned this sad news from my colleague John Grady who worked with Chris for many years. Another colleague, Christina Richmond, also worked with and for Chris at IDC. Christina and…
Why manipulation campaigns are the biggest threat facing the 2020 election
This era of political espionage is rooted in manipulative ads, fake news articles and other forms of digital content. It’s one of the nation’s greatest threats, especially as we approach the 2020 presidential election. Advertise on IT Security News.…
5 ways to cope with the cybersecurity skills shortage (that don’t involve hiring)
As part of the ESG annual IT spending intensions research for 2020, respondents were asked to identify the area where their organizations have a problematic shortage of skills. Cybersecurity topped the list of problematic skills shortage areas, just as it…
Closing the security gap in OT/IT convergence
Schneider Electric knows the business value of connecting its 200-plus distribution and production centers and converging them with IT systems. As more and more industrial environments are connected through sensors and actuators to produce data for proactive insights and services,…
BrandPost: Integrating Smart Systems: From Connected Cars to Security
There is probably no better example of the potential for digital innovation, and the challenges we will need to overcome to get there, than the smart car. Over the past several years, cars have become increasingly sophisticated. Safety systems include…
Insecure configurations expose GE Healthcare devices to attacks
Researchers have found insecure configurations of the remote access and administration features present in several patient monitoring devices and servers made by GE Healthcare that are used in clinics and hospitals around the world. The identified issues involve the use…
BrandPost: Security Performance in the Age of Digital Transformation
The twin pillars of digital innovation are scalability and performance. Cloud and SD-WAN provide agility and flexibility for constantly shifting business requirements, enabling organizations to dynamically scale compute, storage, application delivery and other functions to meet the escalating demands of…
What is cryptojacking? How to prevent, detect, and recover from it
Cryptojacking definition Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers do this by either getting the victim to click on a malicious link in an email that loads cryptomining code on the computer, or by…
How the Tour de France secures its broadcast from disruption
Once a rarity, cyber incidents in the sporting industry are becoming common. While sports organizations have large amounts of sensitive, valuable information, the incidents themselves are often tied to the political climate. To read this article in full, please click…
What is a buffer overflow? And how hackers exploit these vulnerabilities
Buffer overflow definition A buffer overflow or overrun is a memory safety issue where a program does not properly check the boundaries of an allocated fixed-length memory buffer and writes more data than it can hold. This causes data to…
How to implement Windows 7, Server 2008 security updates after end-of-life
January 14, 2020 was the official end of the road for public updates for Windows 7, Windows Server 2008 R2 and Windows Server 2008 SP2. The many organizations that continue to use them will need to find a way to…
Tracking Privacy from a Risk Standpoint
One of the lasting impacts of GDPR, the European privacy regulation that went into effect in May of 2018, has been that the security function has gained an awareness of privacy. Privacy now carries with it a risk weight that…
US elections remain vulnerable to attacks, despite security improvements
Days away from the Iowa caucuses, and less than 11 months from the general election, voting and election security continues to be a challenge for the U.S political system. Threats to a secure election appear to loom as large today…
What the Brexit Withdrawal Agreement Bill means for data protection and the GDPR
After years of turmoil, it seems the UK finally has a deal that sets out how it will leave the European Union (EU). Prime Minister Boris Johnson’s Withdrawal Agreement Bill shares many similarities with the withdrawal agreement put forward by his…
How Adobe monitors cloud deployments to control shadow IT
Too little security leads to data breaches, but too much security can wind up with the same result. Employees eager to do their jobs and fettered by what can sometimes seem like unnecessary restrictions on their ability to do so,…
Data on the rise: 4 new challenges security must master
You’ve likely heard that 90% of the world’s data was created over the last two years. This phrase, often quoted, sometimes attributed, is passing through the public consciousness, on its way to becoming trivia. Before its reduced to a ‘fun…
3 reasons you can’t fight facial recognition
The biometric backlash is but a brief blip. Resistance is futile. You WILL be identified. But is that good or bad? Advertise on IT Security News. Read the complete article: 3 reasons you can’t fight facial recognition
What is information security? Definition, principles, and jobs
Information security definition Information security, sometimes abbreviated to infosec, is a set of practices intended to keep data secure from unauthorized access or alterations, both when it’s being stored and when it’s being transmitted from one machine or physical location…
Why multicloud security is your next big challenge
Companies deploy an average of three to five different cloud services. With an increased emphasis on security and regulatory compliance, the capability to manage these disparate systems is crucial. Advertise on IT Security News. Read the complete article: Why…
Vulnerability management requires good people and patching skills
Though threat actors have access to increasingly sophisticated and easy-to-use offensive tools, businesses often fail to get basics around patching right, leaving an easy entry route for attackers. To read this article in full, please click here (Insider Story) …
What’s ahead for digital identity in 2020?
In 2019, the identity sector began to open its eyes, rubbing the sleep out of them, as the world awoke to the purpose and power of identity. To read this article in full, please click here (Insider Story) Advertise…
Review: SaltStack brings SecOps to network orchestration and automation
SaltStack Enterprise, and its optional SecOps modules, is one of the only platforms available today that can fully manage complex enterprise environments while also protecting them. Advertise on IT Security News. Read the complete article: Review: SaltStack brings SecOps…
3 ways to make your Windows network harder to attack
As you start the new year, it’s a good time to think about what you can do to keep your network and organization from being low hanging fruit for attackers. Taking these steps won’t make you immune to attacks, but…