Organizations lack a basic understanding of "the landscape of security vulnerabilities," says U.K.-based cybersecurity expert John Walker. He discusses the state of cybersecurity today - including why he prefers the term "verified trust" to Zero Trust - and offers predictions for 2022.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including mitigating the Apache Log4j zero-day vulnerability, findings from a new report analyzing the Conti ransomware attack on Ireland's Health Services Executive and President Biden's drive to...
The findings from a penetration test can help you identify risks and gaps in your security controls. Charles Gillman offers tips to maximize the value of your next pen test and, in the process, deliver better results.
The U.S. Department of Homeland Security this week announced a "Hack DHS" bug bounty program to identify potential cybersecurity vulnerabilities within its systems and to increase DHS' overall cyber resilience. Hackers uncovering vulnerabilities will be compensated by the department.
Large financial services companies are prime targets for a broad variety of threat actors, including the most persistent nation-state sponsored outfits. From closing gaps in visibility to achieving a more proactive security posture, the following whitepaper illustrates how any organization can benefit from the access...
Like CISOs everywhere, Dawn Cappelli of Rockwell Automation awoke last Friday to news about the Log4j vulnerability and the risk it posed to her company, customers and partners. Here is how she approached triage, response and capturing insights to be shared with other security leaders.
The year is ending with a cybersecurity bang - not whimper - due to the widespread prevalence of the Apache Log4j vulnerability. Researchers warn that at least 40% of corporate networks have been targeted by attackers seeking to exploit the flaw. More than 250 vendors have already issued security advisories.
In today's disparate IT environment, there are gaping, business critical gaps in enterprise log management. Graylog's Mark Brooks discusses the Log Management Maturity Model and the six (6) critical steps to move from "no alignment" to "continuous improvement."
It's no surprise that as some ransomware-wielding criminals have been hitting healthcare, pipelines and other sectors that provide critical services, governments have been recasting the risk posed by ransomware not just as a business threat but as an urgent national security concern.
Casey Ellis, founder and CTO of Bugcrowd, shares insights from the company's annual report, Inside the Mind of a Hacker 2021, which reveals that 8 out of 10 ethical hackers recently identified a vulnerability they had never seen before.
The annual IRISSCOM cybercrime conference in Dublin aims to give attendees "an overview of the current cyberthreats facing businesses in Ireland and throughout the world" and how to best defend themselves, organizers say. Here are visual highlights from the conference's latest edition.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including why security teams are still unprepared for cyberattacks over weekends and holidays, which experts warn is when attackers love to strike.
Cyber attacks happen — that’s a static fact of today’s cyber-fueled world. What isn’t static is how and where these attacks happen. Opportunities for attackers abound as networks grow more complex and orgs migrate (or come to life) in the cloud. Today’s attackers can spend months hiding in an environment,...
It takes years to build a brand. A cyberattack that exposes customer data or even simply
paints the company in a negative light can cause catastrophic loss of trust in an instant.
Fortunately, all is not yet lost. Cybersecurity companies are continuing to fend off cybercriminals and consumers are