Security Port

Security Forums
Security Articles
Security Port Blog
Security Blogs
Security Books
Security Glossary
Security Definitions
Security Directories
Security Wikis
Security Tradeshows
Security Newsletters
Security Alerts
Buyers Guides
Security Newsgroups
Security Organizations
Submit Security Sites
Security Magazines
Security Feeds
Security News
Security Software
Security Products
Search Databases


Security Port
Contains relevant information that pertains to security related issues and solutions.

Security Port

A Security Port Blog
Cybersecurity skills lacking in the legal sector
04/20/2018

According to a new assessment, while legal services are embracing new technologies the legal profession is lacking the necessary skills to ensure good cybersecurity practices are in place. Greater investment in resources is also required.

According to a new assessment, while legal services are embracing new technologies the legal profession is lacking the necessary skills to ensure good cybersecurity practices are in place. Greater investment in resources is also required.

The assessment comes from Lewis Slaney, writing from the website Threat Management. Slaney notes how legal practices process considerable volumes of sensitive and private information, which makes them a key target for cybercrime. He also notes that the number of attacks appears to be on the rise and that attacks are becoming more sophisticated.

Why Cybersecurity Is About More Than Prevention-Focused Products
04/18/2018

Breaches of Equifax, HBO and Uber made headlines in 2017, and 2018 will have its own share of high-profile breaches. As the threat landscape continues to evolve, cybercriminals are becoming more creative and expanding their attack vectors. The industry spends billions trying to protect against every imaginable threat, but experts tell you that, no matter how much you spend, it's never enough.  

The mistake most companies make is that they focus solely on security products, thinking: "If I have this product, then I am safe." The reality is that a security product focuses on only one attack vector (e.g., email), but you need to think about more than just email to truly be safe. But where to start? There is an endless supply of products and services available for every known vulnerability and attack vector a company could possibly have. In other words, without knowing better, a company could spend everything down to its last dime on cybersecurity.

National Cyber Security Centre warns UK Government and power companies of Russian threat
04/16/2018

UK Government departments have been issued guidance over possible Russian cyber attacks on key British infrastructure.

The National Cyber Security Centre (NCSC), a branch of intelligence agency GCHQ, has issued advice to key organisations on boosting security and improving cyber defences, according to reports.

Officials from the NCSC have warned the National Grid, major power companies, the Sellafield nuclear power plant and NHS hospitals to prepare for possible action from Vladimir Putin's government, including cyber attacks that cause a blackout or theft of data.

It comes after the Kremlin announced tit-for-tat expulsions of British diplomats in response to prime minister Theresa May's decision to kick out 23 Russian embassy staff.

Dispelling The Fantasy That Cybersecurity Is Sexy
04/13/2018

The news is awash with stories of presumed Russian hackers leaking secrets and unleashing bot armies on social media to spread misinformation, manipulate public opinion and swing the outcomes of elections in the U.S., Europe and elsewhere. The collective imagination is captivated by the conception of shadowy criminals conspiring to take down major corporations from hidden parts of the internet.

How to Improve Federal Cybersecurity Efforts
04/11/2018

Last year was another banner year for cyber hackers and bad actors. A recent report found that the number of data breaches reached 1,202 in 2017—a 50 percent increase since 2015. Breaches on both public- and private-sector networks resulted in millions of Americans having their personal and financial data compromised. The private sector was particularly hit hard with the massive Equifax data breach impacting 145.5 million people. But federal agencies also continue to face major challenges. The Transportation Security Administration and the National Security Agency both experienced serious breaches, even as the federal government has taken steps in recent years to help prevent such successful attacks. These ongoing cyber breaches suggest agencies aren’t doing all they can within the established cybersecurity frameworks and initiatives that abound across government today. The public sector can, and should, play a larger role in helping ensure massive breaches like those at Homeland Security Department, Office of Personnel Management and even Equifax don’t happen again.

Cybersecurity in the Cloud Era
04/09/2018

As CFOs assume greater responsibilities for operational risk management, it is critical to understand security, privacy, and compliance controls. Here is the practical guidance needed to minimize cybersecurity risk with cloud vendors.

Cybersecurity is top of mind for CFOs. Nearly two-thirds of CFOs in a recent study said they are now taking on responsibility for operational risk management and mitigation—and elements of cybersecurity are a big part of that.

The 2015 Cost of Data Breach Study by IBM and the Ponemon Institute found that the typical total cost of a breach was around $3.8 million, an increase from $3.5 million the year before. Putting aside damage to brand and reputations—which can be substantial—the impact on customer trust, and in turn acquisition and retention as well as market value, all add up.

You Do Care About Cybersecurity, But That Is Not the Problem
04/06/2018

As Lawfares survey indicates, adoption of voluntary cybersecurity measures is low. The survey shows that use of encryption on personal devices, anonymous browsers and password managers is less than 20 percent. But other data show that this might be a reflection of how difficult or inconvenient it is to set up and use these measures, as opposed to a lack of concern about consequences.

The Global Cyber Alliance conducted a survey in the fall of 2017. In a poll of 1,000 U.S. consumers:

Only half can determine if a website is legitimate and safe;

35 percent have stopped an online purchase because of security fears;

27 percent said the fear of online scams causes excessive worry; and

Only 16 percent fear a burglar more than a hacker stealing personal information.

The results were similar, if a bit less dire, in the Global Cyber Alliance’s survey of 611 U.K. consumers.

Cybersecurity By The Numbers: Market Estimates, Forecasts, And Surveys
04/04/2018

What is the state of the cybersecurity industry and practice today? Recent surveys and analysis provide fresh insights, from senior management and board of directors not taking cyber threats seriously enough, IoT and mobile security deficiencies, the perennial cybersecurity skills shortage, new types of attacks on consumers and businesses, and the increasing threat of a global cyber war.

These old and new cybersecurity challenges make 2018 yet another year of more of everything.

The Evidence Is in the Numbers: We Need More Cyber Security Professionals
04/02/2018

The digital revolution is here. With technology playing an increasingly significant role in everyday life, the world becomes more and more connected through, and dependent upon, computers. Mobile technology, the Internet of Things, machine learning, and the cloud, just to name a few, all mean opportunity and possibility for businesses, professionals, and society but also for criminals looking to capitalize on vulnerabilities. As we focus on innovation and advancement in technology, we must also focus just as intently on the mitigation of cyber crime, which requires an experienced and educated workforce ready to fill the thousands of open cyber security roles across the nation.

Women headed to front lines in cybersecurity
03/30/2018

The frontline of cybersecurity is a male-dominated space, but many organizations and women executives are working to change that.

Women comprise only 11 percent of the information security workforce, according to the 2017 Global Information Security Workforce Study, conducted by the Center for Cyber Safety and Education, (ISC)² and the Executive Women’s Forum. As the list of high-profile cyber attacks grows longer and companies strive harder to protect their customers’ personal information, there is a surging demand for information security professionals, a need that women can help meet.

How Secure Is Mobile Banking?
03/28/2018

Many consumers have turned to their mobile phones for basic banking tasks, such as depositing checks and transferring money between accounts. Cellphones offer people the convenience to perform these tasks whenever and wherever they please.

The general consensus is that while the risk is low when it comes to banking, security does depend to some extent on consumers—many of whom do not do what they should be doing to keep their phones safe from attack.

Modified BlackBerrys sold to drug dealers
03/26/2018

A cocaine bust in Southern California has led to the indictment of five execs at uncrackable phone seller Phantom Secure. The investigation involved a suspect who allegedly used the devices to coordinate shipments of thousands of kilos of cocaine and other drugs.

As of this morning, Phantom Secures site was still up, advertising BlackBerry and other mobile devices with encrypted email and chat that make them impervious to decryption, wiretapping or legal third-party records requests.

But while Phantom Secures site was still up, the secure-phone company has been hollowed out.

Google Highlights Android Security Boosts, Says It Is Just as Safe as iOS
03/23/2018

Androids latest software update, dubbed the 8.0 Oreo, has been updated to be safer than its predecessors, Googles annual review published Thursday shows.

8 questions to ask about your industrial control systems security
03/21/2018

What is an ICS?

An ICS is any device, instrumentation, and associated software and networks used to operate or automate industrial processes. Industrial control systems are commonly used in manufacturing, but they are also vital to critical infrastructure such as energy, communications, and transportation. Many of these systems connect to sensors and other devices over the internet—the industrial Internet of things (IIoT), which increases the potential ICS attack surface.

Here Is How You Can Stay Ahead Of Your Cyber Security ETF
03/19/2018

An ETF provides a single investment vehicle that typically invests in a broad universe of stocks mirroring an index or a thematic style. Investors most often look to ETFs as a passive investment that allows easy access to the underlying securities. Beyond the initial benchmark decision and associated rebalancing rules, the investment manager usually puts little weight on the fundamentals of a given company held in the fund.

Artificial intelligence and cybersecurity: The real deal
03/07/2018

If you want to understand what’s happening with artificial intelligence (AI) and cybersecurity, look no further than this week’s news.

On Monday, Palo Alto Networks introduced Magnifier, a behavioral analytics solution that uses structured and unstructured machine learning to model network behavior and improve threat detection. Additionally, Google’s parent company, Alphabet, announced Chronicle, a cybersecurity intelligence platform that throws massive amounts of storage, processing power, and advanced analytics at cybersecurity data to accelerate the search and discovery of needles in a rapidly growing haystack.

So, cybersecurity suppliers are innovating to bring AI-based cybersecurity products to market in a big way. OK, but is there demand for these types of advanced analytics products and services? Yes. According to ESG research, 12 percent of enterprise organizations have already deployed AI-based security analytics extensively, and 27 percent have deployed AI-based security analytics on a limited basis. These implementation trends will only gain momentum in 2018.

Cybersecurity spending priorities not keeping pace with emerging tech
02/05/2018

Cyberattacks – they never stop. Lately, SamSam ransomware attacks have steadily increased across all industries, including healthcare. Just last week two Indiana hospitals were hit, and Allscripts hosted EHR was hobbled for days. Then there are Spectre and Meltdown, chip vulnerabilities that could wreak havoc on healthcare cybersecurity, potentially affecting personally identifiable information leakage and medical device security problems.

But EHRs and computer chips are basic technologies at the point. Even more transformative emerging tech are shaping the way industries including healthcare do business, according to a new study from cybersecurity vendor Thales, which found that 94 percent of organizations have sensitive data in cloud, big data, internet of things, blockchain and/or mobile environments.

Baby boomers more cybersecurity savvy than Gen-Z, study
03/02/2018

Generation Z are the least ransomware savvy generation while baby boomers were more likely to accurately define ransomware and were the savviest when it comes to not forwarding emails from unknown senders.

A recent Webroot survey found 23.7 percent of Gen-Z were able to accurately define ransomware compared to 47.6 percent of baby boomers. Baby boomers were also the least likely to spread malware and other cyber threats as 94.2 percent said they had not forwarded emails from unknown senders within the past year.

Millennials fared in between the two with only 34.2 percent accurately defining ransomware. The study also found the selfie generation were most concerned about losing personal photos in a cyberattack were millennials as they comprise 28.9 percent of respondents afraid of a photo leak.

7 cybersecurity trends to watch out for in 2018
02/28/2018

1. AI-powered attacks
2. More sandbox-evading malware
3. Ransomware and IoT
4. Many companies will fail to comply with the GDPR
5. Emerging standards for multi-factor authentication
6. The adoption of more sophisticated security technologies
7. A rise of state-sponsored attacks

The Five Laws Of Cybersecurity
02/26/2018

Law No. 1: If There Is A Vulnerability, It Will Be Exploited

Law No. 2: Everything Is Vulnerable In Some Way

Law No. 3: Humans Trust Even When They Should Not

Law No. 4: With Innovation Comes Opportunity For Exploitation

Law No. 5: When In Doubt, See Law No. 1

Car cyber-security still sucks
02/23/2018

In 2015, infosec gurus Charlie Miller and Chris Valasek demonstrated that they could take over and turn off a jeep from afar as it was being driven, a feat that magnified interest in car hacking.

Their wireless attack was conducted on an active vehicle. But it turns out the engine doesn't have to be running. This is separate from hacks that unlock doors wirelessly – we're talking about commandeering the engine control system potentially over the air, here.

Code boffins from the University of Michigan, in the US, have demonstrated that cars with Electronic Control Units (ECUs), common in recent model vehicles, can be compromised when the engine is off.

Why Are So Few Women in Cybersecurity?
02/21/2018

Allison Anne Williams has a Ph.D. in mathematics, vast experience at the den of wizards known as the National Security Agency and entrepreneurial chops. She is accomplished and smart.

So what happened to her at a recent business meeting left her dismayed, although it is far from uncommon for women in cybersecurity.

Males hold 3 out of 4 jobs in the tech world, but it is in cybersecurity where the lack of participation of women is most acute. By one reckoning, only 14 percent of the U.S. workforce in cybersecurity is female. Those women that do break into the industry talk of glass ceilings, insensitivity in the workplace, a lack of mentors and popular culture that reinforces the image of male tech workers.

The gender imbalance has potential consequences for the nations security. The United States already suffers a shortage of cybersecurity workers, even as global hacking threats grow more acute. The labor shortage is forecast to worsen. A study last year by Frost & Sullivan, a consulting firm, found that North America will face a shortage of 265,000 cybersecurity workers by 2022.

How to stop your digital fortune from going up in smoke
02/19/2018

Hackers are targeting cryptocurrencies.
More than 3 million bitcoins have been lost — maybe forever.

In the last few weeks, hundreds of frantic people have called into McCann Investigations in Houston, Texas. Some have lost their cryptocurrencies. Others had them stolen.

Wallet Recovery Services, which helps people find their lost cryptocurrencies, warns web site visitors to expect a slow response time due to its high volume of new requests.

Intel data center sales surge, warns of potential security flaw fallout
02/16/2018

Intel stock rose 3.8 percent to $47.06, boosted by a 10 percent dividend hike and the forecast, which signaled that Intel is succeeding in containing fallout from recently disclosed security flaws that could allow hackers to steal data from computers.

Those flaws, dubbed Spectre and Meltdown, created global concern among technology users, and Intel acknowledged on Thursday, for the first time, that the fallout could hurt future results. But Intel executives consistently indicated that they did not expect that to happen.

Software fixes for the problems would be succeeded by solutions designed into Intel chips themselves later this year, Chief Executive Brian Krzanich said on a conference call.

How Secure Is Your Data When It is Stored in the Cloud?
02/14/2018

As cloud storage becomes more common, data security is an increasing concern. Companies and schools have been increasing their use of services like Google Drive for some time, and lots of individual users also store files on Dropbox, Box, Amazon Drive, Microsoft OneDrive and the like. They’re no doubt concerned about keeping their information private—and millions more users might store data online if they were more certain of its security.
Data stored in the cloud is nearly always stored in an encrypted form that would need to be cracked before an intruder could read the information.

Can homeowners prevent neighbors from installing security cameras?
02/12/2018

This is an excellent question and a very fact specific question.  In a homeowners association, lot owners are generally permitted to install security devices and cameras for security purposes.  The documents may require the association to approve the installation, but it can be accomplished.

That is very different from the relative privacy interests.  As you can imagine, if the cameras catch you walking your dog down a sidewalk in the middle of the day, that is very different from a camera pointed at your bedroom.  In the first example, you have very little expectation of privacy because you voluntarily walked out into a public space, and in the second situation, you have a very high expectation of privacy for obvious reasons.

First Jackpotting Attacks Hit U.S. ATMs
02/09/2018

ATM jackpotting — a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand — has long been a threat for banks in Europe and Asia, yet these attacks somehow have eluded U.S. ATM operators. But all that changed this week after the U.S. Secret Service quietly began warning financial institutions that jackpotting attacks have now been spotted targeting cash machines here in the United States.

To carry out a jackpotting attack, thieves first must gain physical access to the cash machine. From there they can use malware or specialized electronics — often a combination of both — to control the operations of the ATM.

Bluetooth Security Devices Ended Up Being Easier to Surveil
02/07/2018

Security researchers at Duo Labs discovered that Bluetooth vulnerabilities personal safety devices from Wearsafe and Revolar left their users exposed to tracking from a distance. That Bluetooth can be used to track someone shouldn't be all that surprising, but the concern here centers more around the types of devices in question, as they're used to signal to friends that you're in some sort of distress. Presumably that means owners are already more sensitive to being followed, tracked, or surveilled.

Dutch Spies Snooped on Russias Elite Hackers
02/05/2018

Cozy Bear is one of Russias elite hacking groups, in part responsible for the hack of the DNC in 2016 in an effort to influence the presidential campaign. They also, according to Dutch media reports, had been spied on by Dutch intelligence agents for at least a year. The observed the Russian hackers attempting to infiltrate both the State Department and the White House, and informed the NSA about the intrusions.

Millions of PCs Targeted by Cryptocurrency-Mining Malware
02/01/2018

Malware is increasingly developing an appetite for cryptocurrency mining. One newly discovered strain has tried to infect millions of Windows machines, all in an effort to siphon their computing power and possibly sell it for mining purposes.

The operation has been going on for over four months, and may have targeted around 15 million machines or more, security firm Palo Alto Networks said Wednesday.

16 Best Password Manager Apps for Your Small Business
01/30/2018

If you are thinking about making use of the different password managers available, take a look at the following 16 best password manager apps for your small business.

complete article

Super Bowl brings massive security resources to Minneapolis
01/28/2018

Concrete barriers and chain-link fencing are going up around the site of the Super Bowl in downtown Minneapolis, where a contingent of local, state and national agencies is working to ensure that the game and dozens of related events are safe.

The downtown location of the Feb. 4 title game has presented challenges for authorities, who have had to get creative as they carved a secure perimeter around businesses and a major hospital near U.S. Bank Stadium. But it's not the first time the Super Bowl has dealt with the challenges of a city center, and authorities who have spent roughly two years thinking about every possible scenario say they are prepared.

What is cyber security? How to build a cyber security strategy
01/24/2018

Cyber security is the practice of ensuring the integrity, confidentiality and availability (ICA) of information. It represents the ability to defend against and recover from accidents like hard drive failures or power outages, and from attacks by adversaries. The latter includes everyone from script kiddies to hackers and criminal groups capable of executing advanced persistent threats (APTs), and they pose serious threats to the enterprise. Business continuity and disaster recovery planning are every bit as critical to cyber security as application and network security.

Cybersecurity important for businesses
01/22/2018

Broadband and information technology are powerful tools for small businesses. However, cybersecurity threats are real and businesses must implement the best tools and tactics to protect themselves, their customers and their data.

Using AI intelligently in cyber security
01/19/2018

Bold claims have been made about the potential for cyber security solutions to detect and block attacks with little to no human involvement. During the last 12 months in particular the volume has been turned up on the potential of increased AI and automation helping to win the ongoing battle against cybercrime.

What AI has to offer is undoubtedly impressive, but it should not be taken as an indication that AI can be left to its own devices, fixing problems and eliminating threats without us lifting a finger.

Killer Sex Robots in the Future?
01/17/2018

Sex robots could be hijacked by hackers and used to cause harm or even kill people, a cybersecurity expert has warned.

Artificial intelligence researchers have consistently warned of the security risks posed by internet-connected robots, with hundreds recently calling on governments to ban weaponized robots.

Top Security Challenges for 2018
01/15/2018

In 2018, we anticipate that cybercriminals will look to target and exploit more security software.

Companies are publicly touting their GDPR readiness, but behind closed doors, I expect a lot of uncertainty about the ability to comply with these new and incredibly strict guidelines.

Criminal organizations will continue their ongoing development and become increasingly more sophisticated.

Even though the majority of cyber incidents are still motivated by espionage or criminal activity, more destructive attacks fueled by masquerading tools, especially by nation-state actors, will be an alarming and growing trend in 2018.

4 Keys to an Effective BYOD Mobile Security Policy
01/12/2018

Most organizations have allowed employee mobile devices to become key parts of their IT infrastructure, whether they formally acknowledge it or not. Here are four ways companies can revisit their mobile security policy to acknowledge the role of Bring Your Own Device (BYOD) in enterprise security management, mitigating the risks while still providing employees flexibility and freedom.

1. Recognize Employee-Owned Devices
2. Revisit Heavyweight EMM Strategies
3. Use the Cloud and Containers to Solve Security Problems
4. Focus on the Greatest Risks and Provide Feedback

10 Cybersecurity Trends: What to Expect in 2018
01/02/2018

1. More Big, Bad Breaches
2. More Poor Security Practices
3. More Endpoint Security Woes
4. More Takedowns
5. More Bitcoin Heists
6. More Extortion Shakedowns
7. Online Proxy Wars
8. Market Consolidation
9. More EU Breach Notifications
10. GDPR Fines

Database Security Market by Software, Service, Business Function, Deployment, Organization Size, and Vertical - Global Forecast to 2022 - Research and Markets
01/10/2018

The global database security market size is expected to grow from USD 2.95 billion in 2017 to USD 7.01 billion by 2022, at a Compound Annual Growth Rate (CAGR) of 18.9% during the forecast period.

The database security market is driven by rising threats including SQL injection, Denial of Service (DoS) attacks, and malware attacks.

Growing demand for sophisticated security solutions and evolving regulatory landscapes are driving the database security market. However, limited security budgets and high installation cost of solutions may restrain the growth of database security market.

Database encryption is one of the crucial solutions for securing the database. The database encryption can be done in 2 ways: encryption of data at rest and encryption of data in transit with better authentication control. Vendors in the market offer various encryption solutions to protect sensitive business data from both insiders as well as outsiders.

Cybersecurity Predictions for 2018
01/08/2018

There will be at least one large-scale data breach, if not more. Just as 2017 brought us the Yahoo breach and the massive Equifax losses, there is no reason at all–none–to think 2018 will be any safer. While we can’t say exactly who will be the victim, we can say with confidence that data breaches do not fundamentally change anything. Corporate behavior is unaffected and consumers quickly internalize the costs.

The U.S. Department of Homeland Security will finally get a cybersecurity leader for the National Protection and Programs Directorate. It’s only been a year.

No significant federal effort will be made to protect the cybersecurity of the 2018 election. As long as executive branch leadership holds the official view that no Russian interference occurred in 2016, there is little reason to expect the federal government will take action. As a result, there will be serious questions about the integrity of the 2018 elections.

There will be a significant disruption of internet traffic caused by a botnet attack. Service will be blacked out and messages will be diverted. The disruption will last more than an hour.

Pressure on social media organizations to monitor content will grow significantly. The restrictions will start with efforts to protect against sex trafficking. Silicon Valleys obtuseness to the nature of their influence will leads to calls for regulation. In response, they will engage in much greater self-censorship. Free speech will suffer.

Startup Is Using Blockchain Tech To Rethink Cyber Security In The Bitcoin Era
01/05/2018

Paul Puey serves as the CEO of Edge, a cyber security company that empowers individuals to take control of their own online data by developing the proprietary tools, software and systems needed to keep their information tightly secured.

Experts argue that secure information should be housed at the edge of a network rather than in a centralized location. Following this approach, instead of relying on enterprise server security, edge-security first encrypts data from the user's device before it ever touches a network or server.

2018 ushered in with tight security across U.S.
01/03/2018

As millions in the U.S. prepared to ring in 2018, there had already been massive celebrations around the world. In Sydney, Australia, a huge fireworks display lit up the harbor. In Hong Kong, a spectacular array of pyrotechnics wowed spectators. And in Dubai, an amazing light show on the side of the world's tallest building, the Burj Khalifa, welcomed the new year.

Technology and Security Gap
12/04/2017

Technological advancements are increasing rapidly, but the general populations ability to utilize these new capabilities continues to lag behind. The growing number of recent cybersecurity attacks highlights a second gap; a shortage of skilled workforce in the cybersecurity industry, predicted to reach around 1.8 million workers by 2022.

There are numerous suggestions and ideas about how to close the gap, such as upskilling existing employees skill sets or utilizing automation. But a long-term strategy focused on training and educating the next generation will help to ensure enough people have the right skills for the future.
Children are now growing up in a digital age and should be in an ideal position and better equipped to take on the challenges of cybersecurity when they enter the workforce. This early exposure to the technology and best practices could easily be harnessed to give them a golden opportunity to be trained in the skills needed to fill the gap in the cybersecurity industry. But how do we to attract them into what many consider a geeky industry?

The cyber security skills your business needs
12/01/2017

The cyber security skills gap is set to widen to between one million and two million positions by 2019 - a nightmare for organisations needing talent, but a significant opportunity for those candidates with the right skills.

That increasing skills gap, forecast by Intel Security, leaves businesses and economies vulnerable to cyber attacks, as they often find themselves outmanned and outgunned in the battle against hackers. Companies are looking for people that are going to be able to help them safeguard against these threats, and so there has never been a better time to get into cybersecurity.

The opportunities are certainly there, but what exactly are the skills needed for effective cybersecurity?

Cybersecurity and the CFO: Risk, Responsibility and Resilience
11/29/2017

Your companys capital structure, the current sentiment of your stakeholders and constantly-evolving economic modeling are all things for you to worry about. You likely know what keeps your fellow executives up at night as well. But what about your organization’s cybersecurity team?

Old-schoolers might consider IT to be just an expensive line item when, in fact, your IT team’s successes and failures impact everything under your purview and beyond. Their nightmares should be your nightmares. Strategic investments, good governance and thoughtful reporting by your security team helps fortify your company’s business resilience, letting you enjoy some peace of mind while avoiding a situation of Equifax proportions.

Customers expect to be able to trust the safety of their private data and financial information within an organization. When any large-scale breach (like Equifax, which lasted from mid-May through July) occurs a considerable amount of that trust is lost, sometimes irrevocably.

But bigger than putting a dent in brand reputation, cyberattacks and data breaches can measurably affect an organization’s bottom line.

Why the governments cybersecurity matters
11/27/2017

With the recent breach of personnel information from the Office of Management and Personnel and revelations that insiders within our intelligence community mishandled and exposed sensitive information, citizens may be asking themselves, How could it get worse? To be certain, our national security and national prosperity will be significantly threatened if we do not ensure that cybersecurity and protection of the people’s information are at the top of every agenda in every department and agency.

Cybersecurity is a risk management issue, and the United States government, like many businesses around the country, is accepting a lot of risk. This should be deeply concerning to all Americans, as it represents a critical threat to our national security, the openness of our economy and our way of life. However, the good news is it does not need to be this way. There are concrete and achievable steps that the government must take to reduce the level of risk, beginning with filling the vacant federal chief information officer and chief information security officer positions with experienced and qualified personnel, upgrading our network architecture and infrastructure, investing in workforce training and adopting many of the proven best practices that work in the private sector.

Examining The Three Classes Of Cybersecurity Needs
11/25/2017

September 2017 witnessed a trifecta of mega-breaches: Equifax, SEC and Deloitte. Cybersecurity was already a messy and technical topic, and these disclosures have made it even more perplexing. There are hundreds of security product vendors, and the industry is collectively spending billions of dollars every year and is expected to top $100 billion by 2020. So why is it so hard for organizations to get their act together and prevent breaches? What exactly are we missing?

The cybersecurity problem is hard because organizations have massive and growing attack surfaces. There are myriad ways by which our networks can be breached, and it is very hard to keep up with the adversary. The industry still has unmet needs for tools and methods of appropriate scale to defend ourselves.

Cybersecurity a costly necessity
11/23/2017

It was a perfect case of the complexities involved in trying to protect against attacks like last May’s WannaCry ransomware that infected more than 300,000 computers in 150 countries in a matter of days, demanding ransoms to regain access to their computers.

Rather than being held hostage to cyber criminals who have manage to get into the most heavily guarded computer systems of businesses, hospitals and government agencies, it’s essential to be knowledgeable and diligent, said Brian Levine, founder of UMass Cybersecurity Institute.


Yet security is hard.

Florida Sets Sights on Becoming Cybersecurity Front-Runner
11/21/2017

Florida probably is not the first place that comes to mind in terms of a strong cybersecurity industry. In fact, it has a somewhat insecure reputation — the Sunshine State had the second highest rate for identity theft complaints in 2016, according to the Federal Trade Commission.

But local stakeholders are looking to change that, and Florida is making slow but incremental progress on a few fronts.

The mission that was given to us is make Florida the leading state in cybersecurity, said Sri Sridharan, executive director of the Florida Center for Cybersecurity.

The University of South Florida-affiliated center, which is hosting its annual cybersecurity conference Friday, was established by the Florida legislature in 2014 to position Florida as a national leader in cybersecurity.





Current Blog

2018

February - March Archive
January Archive

2017
Nov/December Archive

October Archive

September Archive
August Archive
April Archive
March Archive

February Archive
January Archive

2016 Security Blog Archive
November /December Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2015 Security Blog Archive
November / December Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2014 Security Blog Archive
November / December Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
Jan & February Archive

2013 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2012 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2011 Security Blog Archive

December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2010 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2009 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2008 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
July-August Archive
May-June Archive
April Archive
March Archive
February Archive
January Archive

2007 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2006 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive


Security Alerts
Locate security alerts, and security feeds via a security rss feed directory.