Security Port

Security Forums
Security Articles
Security Port Blog
Security Blogs
Security Books
Security Glossary
Security Definitions
Security Directories
Security Wikis
Security Tradeshows
Security Newsletters
Security Alerts
Buyers Guides
Security Newsgroups
Security Organizations
Submit Security Sites
Security Magazines
Security Feeds
Security News
Security Software
Security Products
Search Databases


Security Port
Contains relevant information that pertains to security related issues and solutions.

Security Port

A Security Port Blog
Cybersecurity: Tiny Cybersecurity Stock on Cusp of Triple-Digit Gains?
08/26/2016

Cybersecurity revenue advanced from 2013 to 2015 and is predicted to continue at a healthy rate that could help jumpstart IMPV stock. Imperva is estimated to grow its revenue 29.7% to $303.96 million this year and another 24.2% to $377.44 million in 2017. These are terrific growth metrics if IMPV stock can deliver what Wall Street expects.

Cybersecurity blind spots: Vulnerabilities and risks
08/24/2016

How should companies deal with vulnerabilities? It may depend on the specific vertical industry an organization is in, according to Pavel Slavin, technical director of medical device cybersecurity at healthcare firm Baxter International. We can not just take a Microsoft patch on Tuesday and apply it -- medical devices can not be patched before the patch is validated as it could kill the patient, he said. We need to be able to adapt how we respond to vulnerabilities that could cause more harm than good.

Feds to hire 3,500 cybersecurity pros by years end
08/22/2016

Last October, the U.S. government began hiring 6,500 new cybersecurity IT professionals. It has hired 3,000 so far, and plans to hire another 3,500 by January 2017, the White House said Tuesday.

The government is now trying to improve its recruiting and retention of cybersecurity professionals. This includes finding ways to improve government pay, which can be well below the private sector.

This strategy was detailed Tuesday in a White House memo. The U.S. plans to do more to reach women, in particular, who comprise less than 25% of the government's cybersecurity workforce.

DARPA Challenge Tests AI as Cybersecurity Defenders
08/19/2016

This summer, seven finalist teams in the Cyber Grand Challenge the U.S. Defense Advanced Research Projects Agency (DARPA) will do battle with AI systems that can autonomously scan rivals’ network servers for exploits and protect their own servers by actively finding and fixing software flaws. The immediate rewards comes in the form of a US $2 million prize for first place, $1 million for second place, and $750,000 for third place. But in the long run, DARPA hopes the challenge results will prove autonomous AI systems have become capable enough to help humans in the never ending struggle to protect computer software and networks.

How to train new grads on corporate security
08/17/2016

Millennials bring a lot to the workplace, whether they're pushing the boundaries of company culture or forcing companies to modernize. But there are a few risks associated with hiring recent grads -- especially if it is their first job in the industry -- and one of those risks is data security.

In a recent study from the Ponemon Institute in partnership with Experian, which surveyed over 16,000 people at companies with data protection and privacy training programs, 66 percent of respondents cited employees as the biggest security threat to their company. And 55 percent said that their organization had, at some point, experienced a security incident or data breach due to a malicious or negligent employee, according to the report.

With new grads entering the workforce, it is time to make your security policies a priority in the hiring and onboarding process. According to David Wagner, CEO of ZixCorp and Bradon Rogers, Senior Vice President of Product Strategy and Operations at Blue Coat, companies need to take a multi-step approach to help prevent their employees -- especially new hires -- from becoming their biggest security threat.

Auto Industry Bug Bounty Programs Point to Our Security Future
08/15/2016

Go ahead: Hack me if you can.

That was the message this week from Chrysler, as they announced their new bug bounty program. If you report a security hole, you can get paid up to $1,500 in cash. Fiat Chrysler (FCA) has decided to partner with Bugcrowd on this new security program.

Chryslers new endeavor is to crowdsource the process of uncovering and fixing security vulnerabilities associated with automobiles. And the focus is not just on your cars engine, gas pedal or brakes:

Here are the CIAs Possible Security Guidelines For Pokémon Go
08/12/2016

It is 2016, Pokémon are (augmentedly) real, and everyone is losing their minds. After a week of traffic accidents, cliff accidents, trespassing, and mobs descending on public spaces, it is time for cooler heads to prevail, and various governments and nonprofit organizations are stepping in to provide some level-headed guidelines for catching ‘em all.

Including, it seems, the U.S. Department of Defense.

Within the U.S. government, operations security (OPSEC) refers to the process intelligence officers and other government workers follow to protect unclassified information that could be used by adversaries to cause harm. Generally, it means being aware of what you’re posting on social media, writing in emails, or talking about in public, keeping in mind that such information could make its way into an adversarys hands.

New York State ramps up security following Nice attack
08/11/2016

While New York has not been home to a terrorist attack since September 11, 2001, Cuomo said that “The Department of Homeland Security and Emergency Services Office of Emergency Management Watch Center will be on heightened alert, monitoring world events.”

The horrific rampage in Nice is a direct attack on the universal values our two countries have long championed and upheld,”Cuomo said, adding, This is not only an attack on France, but an attack on democracy.

The increased security follows a terrorist attack in Southern France late Thursday, when a man drove a delivery truck for about a mile through a crowd of people celebrating Bastille Day.

More code deploys means fewer security headaches
08/09/2016

Organizations with high rates of code deployments spend half as much time fixing security issues as organizations without such frequent code updates, according to a newly released study.

In its latest annual state-of-the-developer report, Devops software provider Puppet found that by better integrating security objectives into daily work, teams in "high-performing organizations build more secure systems. The report, which surveyed 4,600 technical professionals worldwide, defines high IT performers as offering on-demand, multiple code deploys per day, with lead times for changes of less than one hour. Puppet has been publishing its annual report for five years.

Google Ventures invests $20 million to rate enterprise security threats
08/07/2016

GV, formerly Google Ventures, is investing $20 million to help the enterprise analyze security weakness which may result in successful data breaches hurting itself or suppliers.

Announced on Thursday, New York-based SecurityScorecard said a Series B funding round led by GV has raised $20 million which will be used to fuel SecurityScorecards continued scale and innovation delivering cybersecurity ratings.

Additional partners in the investment round include Sequoia Capital, Evolution Equity Partners, Boldstart Ventures and Two Sigma Ventures.

Concerns about security, information sharing up among industrial control system security pros
08/05/2016

Security managers working with industrial control systems are increasingly concerned about security, and worried about insufficient information sharing in the industry, according to a new survey.

This year, 67 percent of respondents said that the threats to the control systems were moderate to severe, up from 43 percent last year, said Derek Harp, director of ISC global programs at Bethesda, MD-based SANS Institute, one of the authors of the report.

Why APIs beat proxies for cloud security
08/03/2016

While many businesses laud the benefits of cloud computing, some feel less than 100 percent confident in their ability to fully secure their cloud resources.

Is it any wonder? Your corporate network might link to multiple cloud services, run by different operators. Mobile users might be accessing cloud resources simultaneously over dissimilar WANs and device types. Some users and devices fall under your management domain; others do not.

Maybe You Should Borrow This Security Trick From Zuckerberg
08/01/2016

It was meant solely to be a celebratory post by Mark Zuckerberg about Instagram reaching the milestone of 500 million users. But as CNET reports, the Internet was far more interested in what Zuckerberg revealed inadvertently: His laptop is in the background, and it shows that Zuckerberg puts a piece of tape over its camera as an apparent security measure—to ward off hackers who might gain control of it remotely to spy on him. A Twitter user named Chris Olson seemed to be the first to spot it, tweeting on Tuesday that Zuckerberg also tapes over his microphone jack and uses a rather obscure email client from Mozilla called Thunderbird.

Trend Micro unveils ransomware security suite
07/30/2016

New software and services are tailored for ransom attacks. Will more security vendors follow suit or build anti-ransomware functionality into existing malware tools?

Trend Micro announced security software and services to help organizations avoid and eradicate ransomware as such attacks are becoming more frequent in the healthcare industry.

Whereas security software rivals Fortinet, Intel McAfee, Kaspersky, Sophos and Symantec have long-standing anti-malware programs and all offer various utilities for combatting ransomware, Trend Micro said its new offerings are tailored specifically for the malicious code that encrypts data so hackers can demand a ransom to unlock it.

To that end, Trend Micro’s suite includes ransomware readiness assessment, ransomware removal tools, enhancements to existing software that help better fight ransomware, and hotlines that customers can call for advice.

Why Brexit Will Promote European, British, and American Security
07/28/2016

On June 23, Britain will hold a referendum on its membership in the European Union. Opponents of a British exit from the EU assert that a Brexit would be bad for both British security and the peace of Europe. Indeed, on May 9, British Prime Minister David Cameron, a supporter of Britains EU membership, implied that Brexit risks causing a European war.

This argument rests on bad history and a worse understanding of the risks to peace in Europe today. If Britain exits the EU, it will ensure that it retains control of its foreign, security, and alliance policies. This will allow it to continue to play a leading role in the NATO alliance, and ensure that it remains a vital security and intelligence ally of the United States. It is the United States and NATO—not the EU—that have brought peace to Europe.

10 Data Security Mistakes Startups Can Not Afford to Make
07/26/2016

Startups are usually in a rush, and they often forget about data security as they try to get an MVP out.

With new businesses, a data breach can result in the company closing down. To address the mistakes most commonly made, I asked ten YEC entrepreneurs the following:

What is the one crucial mistake that tech startups seem to make when it comes to data security nowadays and why?

1. Personal and professional borders.
Bring your own device (BYOD) has become increasingly popular during the past years, even more so in the startup scene.

Gartners top 10 security predictions
07/24/2016

One overriding recommendation is that businesses must be aware that delaying security measures in an effort to avoid disrupting business can be a false economy.

He recommends that security pros should make decisions about protecting networks and resources based on the range of risks that known weaknesses represent to the business and its goals. Rather than thinking about their role purely as protecting, they should look at it as facilitating successful business outcomes.

Here are the predictions and recommendations:  

Threat and vulnerability management

Prediction: Through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.

Prediction: By 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources.

Prediction: By 2018, the need to prevent data breaches from public clouds will drive 20% of organizations to develop data security governance programs.

Prediction: By 2020, 40% of enterprises engaged in DevOps will secure developed applications by adopting application security self-testing, self-diagnosing and self-protection technologies.

Prediction: By 2020, 80% of new deals for cloud-based cloud-access security brokers (CASB) will be packaged with network firewall, secure web gateway (SWG) and web application firewall (WAF) platforms.

Prediction: By 2019, 40% of identity as a service (IDaaS) implementations will replace on-premises IAM implementations, up from 10% today.

Prediction: By 2019, use of passwords and tokens in medium-risk use cases will drop 55%, due to the introduction of recognition technologies.

Chrome 51 serves up 42 security fixes, $65K in bug bounties
07/22/2016

Not only did Google add a Credential Manager API to Chrome 51 for Windows and Mac that lets developers go beyond simply creating passwords, it served up 42 security fixes, including 23 from outside researchers resulting in a more than $65,000 pay out in bug bounties.

With the new Credential Management API, developers can more easily store and retrieve passwords meaning that users to sign on in a single tap. And they will be signed back in after a session expires. The federated account employed by the user to sign will be remembered as well.

Google noted that some of the vulnerabilities fixed by the latest Chrome release carried a high-severity rating.

In a release, Google provided the following information on the bugs and credited the researchers responsible for finding them, as well as the bounties they received:

How to toughen your LinkedIn accounts security in light of hack
07/20/2016

On May 18, the professional-networking site said that more than 100 million members email and password combinations hacked during a 2012 data breach had just been posted online. In the same breach, hackers stole and publicly released a separate set of 6.5 million encrypted passwords that year.

Debunking seven fundamental cyber-security myths
07/18/2016

If we look at the world of cyber security through the eyes of the media, it is a pretty frightening view. We hear story after story of security breaches hitting major companies and the next data leaks that follows affecting thousands of people. It’s enough to fill any business with trepidation.

With cyber security such a big talking point, we tend to see a lot of information floating around -- some of which is not in the least bit true. If a company wants to enhance its IT security it is imperative to be able to separate facts from fiction.


It’s these fundamental security myths that cause organizations to incorrectly assess threats, misallocate resources and set inappropriate goals. Dispelling those myths is key to developing a sophisticated and appropriate approach to information security.

No stars for Internet of Things security
07/16/2016

Deliberate threats, such as back doors and remote data transmission, you fix with code reviews.

Ignorant threats, such as poor security configurations or bad design choices, you find through penetration testing.

Security evaluations take time, cost money, and always fail to find every possible problem,

DarkMatter Cyber Security Poll Reveals 48% of Respondents Organisations Still Lack Key Cyber Security Personnel
07/14/2016

DarkMatter, an international cyber security firm headquartered in the UAE, has found that 48% of respondents to its DarkMatter Cyber Security Poll say their organisations do not have a senior management executive assigned to oversee cyber security, while 46% of respondents said their organisations did not have a Board-level representative responsible for cyber security.

The statistics are extracted from a poll conducted by DarkMatter during the Gulf Information Security Expo & Conference (GISEC) 2016 held in Dubai, at which the company was the Cyber Security Innovation Partner. DarkMatter was able to poll the answers of over 200 information and communication technology (ICT) visitors present at the event, with the aim of the exercise being to identify attitudes held by enlightened ICT professionals towards the role of cyber security in modern, highly digitised economies, and the state of their organisations' cyber threat resilience.

The poll identified that 23% of respondents believe that their organisations have been victim to an internal cyber security breach, while 32% believe their organisations have fallen victim to an external attack. This suggests external threats pose a greater threat to organisations' digital assets than internal ones, with a further poll result indicating 46% of respondents believe cyber security breaches are most often the result of human factors.  

Five most common myths about web security
07/12/2016

Protection of corporate crown jewels is more important than web apps

No, you cannot secure one part of your network and ignore another one. Information security shall be comprehensive and holistic: you shall analyze all threats, vulnerabilities and thus attack vectors in their integrity. Today, no cybercriminals will try to steal your crown jewels directly wherever they are [securely] stored.

Breaking in via your web applications in pair with spear phishing will probably be one of the cheapest, reliable and silent ways to get into your corporate network and bypass your defense-in-depth.

Delta Is Trying To Innovate Faster Security Lanes For The TSA
07/10/2016

U.S. airlines are starting to provide supplemental support at checkpoints around the country this spring thanks to a flagging TSA. Earlier this month, that effort came in the form of airlines hiring supplemental staff to direct traffic at checkpoints and enhance the customer experience, though no actual screeners were hired. Now, Delta Air Lines has gone so far as to design and install its own checkpoints into Atlanta Hartsfield Jackson International Airport and gift them to the TSA.

Waiting in Line for the Illusion of Security
07/08/2016

Interminable lines at airport security checkpoints have caused a great deal of unnecessary misery.

Many people have missed their planes, and some flights have been delayed because too few passengers made it to the gate on time. A video of a two-hour security delay at Chicago’s Midway International Airport generated millions of views.

There are many explanations for what has been happening at the airports, but, as economists, we naturally prefer a basic, economic one: When something is free, it is likely to be wasted.

Hackers showed us how easy it is to secretly clone a security badge
07/06/2016

Almost everyone uses an RFID badge to get into their office or apartment, and it's a lot easier than you might think for someone to steal the data on your card to gain access. A group of white hat hackers called RedTeam Security cloned one of our work IDs to show us just how quickly they can do it from as far as 3-6 feet away.

Brainjacking: the future of software security for neural implants
07/04/2016

In a new scientific review paper published in World Neurosurgery, a group of Oxford neurosurgeons and scientists round up a set of dire, terrifying warnings about the way that neural implants are vulnerable to networked attacks.

Most of the article turns on deep brain stimulation devices, which can be used to stimulate or suppress activity in different parts of the brain, already used to treat some forms of mental illness, chronic pain and other disorders.

Cyber security Q&A: Insurance, the Skills Gap and Gender Diversity
07/02/2016

From a security point of view, what lessons have been learned from 2015?
The main lesson from 2015 is that the adversaries are persistent and we are not as secure as we thought we were. With so many prominent data breaches last year – from the likes of Ashley Maddison to TalkTalk – more and more organisations are finally giving cyber security the attention it deserves.

How do you see the security landscape developing over the next 12 months?
Security is more on the agenda than ever before, and this is showing no sign of relenting. I recently visited a global financial services company and every one of their board meetings now has a three-hour itinerary dedicated specifically to cyber security. A couple of years ago this was unheard of, but because of the increasing threat landscape we face today, it is an issue organisations of all sizes realise they have to address. .

Want a security clearance? Feds will now check your Facebook and Twitter first
06/30/2016

The government will start scanning Facebook, Twitter, Instagram and other social media accounts of thousands of federal employees and contractors applying and re-applying for security clearances in a first-ever policy released Friday.

Federal investigators looking at applicants’ backgrounds to determine their trustworthiness will not ask for passwords or log in to private accounts, limiting their searches to public postings. And when they find information that has no relevance to whether they should have access to classified information, it will be wiped from government servers, the policy promises.

Manufacturers beef up cyber security
06/28/2016

One thing that helps modern manufacturers stand out in the marketplace — their intellectual property — also makes them an attractive target for hackers.

Take United States Steel Corp., for example. The steelmaker last month filed a formal complaint with the U.S. International Trade Commission, asking the organization to investigate Chinas biggest steel producers for unfair trade practices. One that stands out? The allegation that China hacked into U.S. Steel’s systems and stole information on how to make advanced, high-strength steel.

Companies Get Creative to Relieve Shortage of Security Professionals
06/26/2016

While many companies offer heftier salaries and better benefits, others are trying fractional IT security positions and more intelligent systems to ease the shortage of security professionals.

Bluelock, an Indianapolis-based cloud provider of disaster recovery services, has had to struggle to attract the right security staff to help the company develop and manage its cloud service.

Being based in the Midwest, the company has to compete against both the West Coast and East Coast for talent. As Indianapolis becomes more of a tech hub, they compete with other local companies, as well.

3 ways startups are fighting for digital and physical security
06/24/2016

Internet accessibility for all people, of all ages and in all places has unleashed unprecedented resources and opportunities. It also unlocked our digital and physical security. The sacrifice of safety is an unintended consequence of the Internet age. Can the tools that caused this vulnerability be reappropriated to make us safer?

Mapping
Reporting
Intervention

Manchester United home finale postponed due to security concerns
06/22/2016

Fans were evacuated from the stadium, as thousands flooded into the streets amid the security concern. The match was first delayed, but something, which was not yet clear, prompted security officials to have the match called off. It turns out, per the Greater Manchester police, bomb disposal experts carried out a controlled explosion within the stadium. Neil Ashton of The Sun said on the NBC Sports telecast that Bournemouth's coach and players were at one point stuck inside the stadium and weren't cleared to leave.

Whose Fault Is It Security Lines are So Long?
06/20/2016

Modal Trigger It is your fault security lines take forever, according to the TSA

New Yorkers can blame themselves for unbearably long lines at area airports, the Transportation Security Administration said in response to criticism from the Port Authority.

The TSA admitted that waiting times at Newark, JFK and LaGuardia airport security checkpoints had increased since last year — hitting a high of 55 minutes this spring — but blamed the spike on passengers who clog up checkpoints with too many carry-on bags.

Security Should be a Top Priority
06/18/2016

Security is a constantly moving target, but few IT departments have the resources to do security thoroughly. PC security is something of a thankless job, to boot. Do it right, no one says a word. Do it wrong, you’re on the firing line.

Surprisingly, security is not always a top factor when IT looks to replace aging PCs, according to IDC. Of the top five considerations cited when making PC brand decisions, security ranked fourth below overall performance (priority no. 1), overall costs (no. 2), and overall specs (no. 3).

IT typically adds security to laptops via software such as anti-virus, anti-malware, firewalls, and intrusion detection. They’re all certainly important and should be a part of your overall security strategy.

Security Think Tank: Identifying, attracting and keeping the right IT security talent
06/16/2016

Attracting security talent

If you want the best cyber security resource, you need to make a compelling offer.

It is not about the money. As a seasoned consultant myself, I like a challenge. I like to work on new, emerging things and stay on top of my game.

I do not want a job governing security on legacy Windows 2003 systems and supporting a company that puts cyber security last on its list of priorities.

That is bad for two reasons: I am unchallenged and my name is in tatters when these systems get breached.

A look inside the Department of Homeland Securitys Cyberhub
06/14/2016

The building where the Department of Homeland Security tracks every cyber attack against the US is surprisingly bland. With its neutral exterior and circular drive, I was not even sure we were at the right place until I saw our press liaison standing in the lobby. There are no signs to distinguish it from the generic office park that surrounds it, and the doorman would not even confirm if DHS had an office inside.

The National Cybersecurity and Communications Integration Center, better known by the abbreviated NCCIC, opened in 2009 to serve as a place where DHS could monitor cyber threats across government agencies and critical infrastructure, such as power grids and dams.

Digital Vulnerability: Cyber security expert on preventing your social media from being hacked
06/12/2016

Passwords:
At least ten characters, including: upper case letters, lower case letters, special characters and numbers.
Second form passwords: Most people find them annoying, but are key to keeping your password and account hack free. Facebook and other social media sites allow you to use your cell phone as a second means of authentication. For example, when you log into your Facebook you will receive a text message with a special number password you have to enter in order to access your account
Change password every 30-45 days: Many people find changing their password annoying, but keeping your new passwords in a secure electronic wallet is a great way to keep track of them in case you forget.

The Evolution of Voice Authentication as a Security Method
06/10/2016

New forms of authentication are required to secure online resources. With the rise of cloud computing and the corresponding threat of identity theft, vendors have stepped up their game in this arena: MasterCard is now using selfies for authentication and security vendors are adding new forms of multifactor tokens to their arsenal.

Another productive avenue has been the use of various biometric-based solutions for access management, such as voice authentication factors.

Biometric Authentication Takes Hold
Voice authentication and fingerprint detection both have their advantages and disadvantages when used in authentication. The good news is that you do not have to carry anything else since you already have your voice or your fingerprints or your eyeballs. Also, using biometric factors can eliminate the need to provide personal information to verify their identity.

Security bug could expose Android phones to hackers
06/08/2016

Security researchers are warning that a software bug could leave many Android phones vulnerable to hackers' attacks. Security firm FireEye wrote in a blog post Thursday that a flaw in a software package from Qualcomm could give hackers access to everything from call histories to text messages. Older versions of Android, 4.3 and earlier, are reportedly more vulnerable than newer versions.

The bug, called CVE-2016-2060, was made possible when Qualcomm, a mobile chipmaker, provided new APIs to developers that were part of system service network_manager.

Security Pros Help Make Business Less Risky
06/06/2016

For several years, one of the primary themes coming out of CompTIAs security research was the importance that companies placed on being secure. Nearly every company we surveyed said that security was a moderately higher or significantly higher priority today than it was two years ago, and there was an expectation that security would continue to grow as a priority in the years to come.

There were some problems deeper in the data though. Apparently, saying security is a high priority isn’t the same as taking the right steps. Companies continued to report data breaches—both in our surveys and in major headlines. There was a low level of concern for emerging topics, with most focus still placed on traditional attacks like malware. And companies still viewed security as a technology problem, discounting corporate processes and end user education.

Rethinking security for the Internet of Things
06/03/2016

Many people scoffed in January 2014 when Cisco CEO John Chambers pegged the Internet of Everything as a potential $17 trillion market, five to 10 times more impactful on society than the Internet itself. Two years later, it seems that Chambers  prediction for the phenomenon more commonly known as the Internet of Things (IoT) could be on the conservative side.

There is no question that IoT is ushering in a new era of innovation, connecting the digital and machine worlds to bring greater speed and efficiency to diverse sectors, including automotive, aviation, energy and healthcare. But with sensitive data increasingly accessible online — and more endpoints open to attackers — businesses are quickly realizing that security cannot be an afterthought.

Security expert: Everything is hackable
06/01/2016

There are two types of people: those whose cell phones have been hacked and know about it, and those whose cell phones have been hacked and are yet to find out. That is what security expert John Hering told Sharyn Alfonsi in an interview that will air on Sundays 60 Minutes.

Apple opens up on how it approaches security following FBI battle
05/30/2016

In a press briefing Friday, Apple discussed how security works on the iPhone and iOS. The meeting, which was often technical, shed insights into its broader approach to security.

Although the meeting was not specifically about the battles the company has had with the FBI and parts of the U.S. government – including cases in San Bernardino and Brooklyn – that conflict was still the elephant in the room.

Still, Apple insists its goal with iOS and iPhone security is not about protecting users from the government, it is about protecting users from hackers.

Cloud computing is everywhere, and so are frayed nerves about
05/27/2016

However, while cloud is apparently everywhere, so is a great deal of nervousness around security. A majority of enterprise IT leaders (77 percent) note that their organizations trust cloud computing more than a year ago, but only 13 percent completely trust public cloud providers to secure sensitive data.

Add to that a lack of awareness of what vulnerabilities may still exist. A majority of respondents, however (72 percent), list compliance as the primary concern across all types of cloud deployments, and only 13 percent of respondents actually know whether or not their organizations stored sensitive data in the cloud. In addition, fewer than one-quarter (23 percent) of enterprises are aware of data breaches with their cloud service providers.

Senate to Americans: Your security is not our problem
05/25/2016

The Senate Intelligence Committee just released a draft of long-awaited legislation to tackle the problem authorities have with encrypted communications. Namely, because encryption is so secure, it interferes with court orders in the same way private property poses problems for police who just want to get things done.

The Compliance with Court Orders Act of 2016 authored by Sens Richard Burr, R-N.C., and Dianne Feinstein, D-Calif., mandates companies to shoulder the technical burden of accessing encrypted emails or files when investigators issue court orders.

Making sense of enterprise security
05/23/2016

Human beings have a tendency to do things with technology that go beyond original intent, and this inclination should be celebrated. After all, technology continues to drive radical innovation, whether in the form of new applications, use cases or platforms.

Unfortunately, it is also this type of behavior that makes security such a difficult problem. As individuals and organizations leverage technology for intended and unintended uses, it becomes virtually impossible to foresee all threats and vulnerabilities that surface in the process. In other words, the issue with enterprise security is that, by nature, it is reactive. No system or asset can ever be fully secure.

7 Cybersecurity Tips For Lawyers
05/20/2016

This past week, the world learned about the big hack of Biglaw. If your employer was one of the almost 50 firms prestigious enough to be targeted by Russian hackers… congrats?

The targeted firms tended to be transactionally oriented; the apparent plan of the hackers was to obtain confidential, market-moving information and trade on it. But litigators should be concerned as well. As noted by Logikcull, the discovery automation platform, ediscovery is the next frontier for hackers.

It’s not clear that any information was actually taken or used for insider trading in the big Biglaw hack, but it might still generate headaches for the firms — in the form of litigation. Noted class-action lawyer Jay Edelson — known to the general public for suing tech giants, and known to Above the Law readers for suing ExamSoft (and winning a hefty settlement) — has announced plans to file class-action malpractice cases against various firms, alleging inadequate cybersecurity.

Meeting Cyber Security Challenges through Gamification
05/18/2016

When it comes to cybersecurity issues, we always seem to be dealing with either shortages or excess. Everywhere there is talk of how data breaches are growing in number, size, severity and cost, and there are always too many new security holes, vulnerabilities and attack vectors that need to be fixed.

On the other hand, there’s a widening cybersecurity talent gap to fill vacant posts. We never seem to have enough tools to deal with new threats and malware that are sprouting on a daily basis, and there’s not enough data to make smart assumptions and decisions (or in some cases, too much data and too many false positives to find the real threats). And awareness about security matters among employees, staffers and executives in firms, associations and agencies is always at abysmal levels.

With the dark shadow of bigger security incidents constantly looming on the horizon, both government agencies and private firms are always looking for new ways to meet the challenges and overcome the many shortages the cybersecurity industry is facing.

Looking to Improve Cyber Security? Fire some CEOs
05/16/2016

More than 90 percent of corporate executives said they cannot read a cybersecurity report and are not prepared to handle a major attack, according to a new survey.

More distressing is that 40 percent of executives said they don't feel responsible for the repercussions of hackings, said Dave Damato, chief security officer at Tanium, which commissioned the survey with the Nasdaq.





Current Blog

2016 Security Blog Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2015 Security Blog Archive
November / December Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2014 Security Blog Archive
November / December Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
Jan & February Archive

2013 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2012 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2011 Security Blog Archive

December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2010 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2009 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2008 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
July-August Archive
May-June Archive
April Archive
March Archive
February Archive
January Archive

2007 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2006 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive


Security Alerts
Locate security alerts, and security feeds via a security rss feed directory.