Information security programs continue to rely not just on security policies, but also the controls that ensure they get enforced. Unfortunately, such controls begin degrading the moment they're put in place, sometimes rapidly, says Josh Mayfield, director of security strategy at Absolute Software.
With the number of vulnerabilities on the rise, and their severity increasing, how can you identify the biggest cyber threats to your business - and know what to fix first?
Download the "3 Things You Need to Know About Prioritizing Vulnerabilities" eBook now to:
Discover the 3 critical steps to building an...
Every security leader wants visibility into the potential attack surface. But that surface is changing in vast new ways, owing to the cloud and connected devices. Mario Vuksan of ReversingLabs defines what visibility truly means today.
Security incidents often result in damage, regardless of an organization's size. But for small and midsize firms, which often lack robust security defenses, the damage may be so severe that it means not only disruption but also the end of the business, says Vince Steckler of Avast.
Making data security as people-centric as possible by applying strong risk-based controls is the only way organizations can best secure data while also enabling employees to do their jobs, says Tony Pepper of Egress Software Technologies.
Four business sectors - hospitals, banks, securities firms and market infrastructure providers - potentially face the most significant financial impact from cyberattacks that could lead to a weakened credit profile, according to a new report from Moody's Investors Service.
An "authorized third party" exposed a Dow Jones database with more than 2.4 million records of risky businesses and individuals on a public server without password protection. The incident points to the importance of proper vendor risk management, security experts say.
Windows, MacOS and Linux operating systems don't sufficiently protect memory, making it possible for a fake network card to sniff banking credentials, encryption keys and private files, according to new research. Fixes are in the pipeline, but caution should be used before connecting to peripherals in public areas.
In 2017, 15,038 new CVEs were published, up from 9,837 in 2016. Last year, 16,500 new CVEs were disclosed. With vulnerabilities growing year after year, patching every potential threat to your business is a futile exercise. The need to prioritize is clear, but where to start, especially when CVSS categorizes the...
Unlike other business disciplines (CRM, ERP, HR), cybersecurity lacks clear business metrics that help frame decision-making in language the C-suite and board easily understand. To evaluate which metrics matter most, Tenable commissioned Ponemon Institute to study the effects of cyber risk on business operations. The...
Good news for many victims of GandCrab: There's a new, free decryptor available from the No More Ransom portal that will unlock systems that have been crypto-locked by the latest version of the notorious, widespread ransomware. But the ransomware gang appears to already be prepping a new version.
The internet is composed of a series of networks built on trust. But they can be abused due to weaknesses in older protocols, such as Border Gateway Protocol and the Domain Name System, which were not designed to be secure and are now being abused for online crime and espionage.
Britain's intelligence establishment has reportedly concluded that any risks posed by Chinese-built Huawei networking equipment used as part of the country's 5G rollout can be minimized if the process is appropriately managed.