Security

Bracing for 'holy crap,' zero-day exploits

If malicious code is written with "purpose," any computer can run it.

By Samantha Ann Schwartz • Oct. 15, 2019

Opinion

3 things CIOs should discuss with the CEO to optimize cybersecurity

As a business partner, the CIO must provide solutions to cybersecurity concerns and become a champion for working collaboratively with the business.

By Aaron Shum • Oct. 14, 2019

Are retailers doomed for more outages this holiday season?

J. Crew, Lowe's and Walmart experienced tech glitches or crashes last Black Friday. Experts weigh in on how companies can prevent a repeat this year.

By Caroline Jansen • Oct. 07, 2019

63% of new hires bring data from old employers. What's the risk?

To get a leg up when starting a new job some employees bring data from past roles. While enterprising, it threatens business reputation and poses legal, security and financial risks. 

By Samantha Ann Schwartz • Oct. 03, 2019

Success in DevOps adoption can boost security, research finds

Puppet research found companies that integrate security into the software development lifecycle are "twice as confident in their security posture."

By Naomi Eide • Oct. 01, 2019

Zero trust 101 and the art of healthy skepticism

Where Kubernetes, multifactor authentication and default suspicion intersect.

By Samantha Ann Schwartz • Oct. 01, 2019

Shift to digital business is booming, but are CEOs ignoring associated risk?

Risk that exists beyond a company's core network and into the cloud is "stuff that CEOs really do not understand," said John Wheeler, senior director analyst at Gartner.

By Samantha Ann Schwartz • Sept. 27, 2019

DoorDash data breach impacts 4.9M people

Customers, delivery workers and merchants had names, email and delivery addresses, order history, phone numbers and passwords stolen in the May 4 breach, the company confirmed this week.

By Alicia Kelso • Sept. 27, 2019

Fidelity Investments​ translates risk scenarios for the C-suite

One of the most important pieces of risk management is having a more strategic presentation. Take it to the people who facilitate change.

By Samantha Ann Schwartz • Sept. 26, 2019

Pickles, mayo and data privacy: Jersey Mike's rethinks mobile authentication

While historically slow to adopt new technologies, restaurants have to rethink mobile systems in an era of heightened privacy concerns.

By Samantha Ann Schwartz • Sept. 25, 2019

Companies miss 99% of IaaS configuration errors, McAfee says

In some cases, companies aren't even aware the number of IaaS providers they have.

By Naomi Eide • Sept. 24, 2019

Cybersecurity confidence rattled by continued investments, small results

Only 11% of firms feel a "high degree of confidence" in their cyber resilience, according to Microsoft's annual cyber survey.

By Samantha Ann Schwartz • Sept. 20, 2019

Target tackles identity and access management with zero trust

When designing an identity ecosystem, companies need to define access by a "need to know" classification reinforced by zero trust, said Jing Zhang-Lee, principal security architect and engineer at Target.

By Samantha Ann Schwartz • Sept. 17, 2019

Skepticism slows cloud and SaaS adoption

CISOs perceive on-premise solutions as the safer option. Relinquishing control to SaaS vendors amplifies a sense of paranoia.

By Samantha Ann Schwartz • Sept. 17, 2019

10 lessons Fannie Mae learned redesigning its security network

The lending company experienced minor hiccups while building out micro-segmentation. 

By Samantha Ann Schwartz • Sept. 16, 2019

Internet treated casually, but it's 'live-fire combat,' experts say

Nation state actors attract the attention and get the blame, but cyberattacks are more likely executed by run-of-the-mill cybercriminals.

By Samantha Ann Schwartz • Sept. 13, 2019

Cybercriminals rake in billions using email compromise, fraudulent tech support

Total losses from internet cybercrimes reached nearly $3 billion 2018, according to the FBI.

By Samantha Ann Schwartz • Sept. 09, 2019

First remote cyberattack on US grid found, regulator says

A March cyberattack resulted in a denial of service condition at a "low-impact" control center and multiple remote generation sites, according to newly released analysis.

By HJ Mai • Sept. 09, 2019

Banks have more to lose from data breaches than other companies

Differences in notification urgency highlights data sensitivity. Exposed email addresses are far less sensitive than banking information or social security numbers.

By Dan Ennis • Sept. 06, 2019

Report: Google lobbyists push to add loopholes to California's privacy law

As lobbyists make last-minute effort to exclude digital advertising from the California Consumer Privacy Act, other states watch closely.

By Roberto Torres • Sept. 04, 2019

Faith in cloud security strengthens, but concerns persist

For a time, CISOs held off cloud adoption because of a lingering belief the cloud was less secure, a Nominet survey found.

By Samantha Ann Schwartz • Sept. 03, 2019

Insurers do the math and instruct cities to pay the ransom, ProPublica reports

The cyberattack market exists, and while insurers didn't create it, their actions could help sustain it.

By Samantha Ann Schwartz • Aug. 29, 2019

Encryption 101 and the trap of leaving data unprotected

Encryption protects data from unauthorized eyes if it is ever lost, stolen or breached. Without it, data lays bare and vulnerable.

By Samantha Ann Schwartz • Aug. 22, 2019

Data breaches up 54% YOY, 2019 set to be 'worst year on record'

Eight breaches exposed more than 3.2 billion records, accounting for nearly 80% of the compromised records so far this year, RiskBased Security research found.

By Samantha Ann Schwartz • Aug. 21, 2019

Texas officials 'unaware' of any ransom payments after widespread attack

More than half of the 23 organizations impacted are "back to operations as usual" after the August attack, according to the Texas Department of Information Resources. 

By Samantha Ann Schwartz • UPDATED: Sept. 9, 2019 at 3:55 p.m.