Federal agencies struggle with identifying cyberattack vectors

Agencies tend to allocate cyberdefense funds for "single point solutions" for "perceived security gaps" instead of the gaps that are already exploitable.

By Samantha Schwartz • June 1, 2018

The right training program could prevent your next data breach

A great cybersecurity learning strategy raises awareness, but it also gives employees tools to recognize and report risks.

By Riia O'Donnell • May 31, 2018

5 experts discuss how they got into cybersecurity

Though security education is becoming more formalized in university settings, many experts find themselves in cybersecurity by chance.

By Naomi Eide • May 31, 2018

What Georgia's failed 'hack back' bill says about the future of cybersecurity laws

Legislation proposing a retaliatory cyberattack as a line of defense misses the opportunity to understand how hacks happen and how to prevent them.

By Samantha Schwartz • May 29, 2018

Security tactics that won't slow your business down

The threat landscape is ever-changing, and the focus has shifted from keeping the attacker out to "what do we do and how will we know if they are already in?"

By Craig Riddell • May 29, 2018

Google and AWS lead in cloud native security

Security and risk professionals are increasingly reliant on the security capabilities built into public cloud offerings, believing it offers better security and price compared to what in-house teams could do on-premise. 

By Alex Hickey • May 24, 2018

Cybersecurity experts agree — expect more ransomware this year

Hackers will always take advantage of human error and poor judgment, so it’s up to security teams to educate line of business employees.

By Samantha Schwartz • May 24, 2018

Employees use personal devices for work without much oversight

Employees performing everyday work tasks using unsecured devices can present the highest cybersecurity risks — especially in the age of BYOD.

By Valerie Bolden-Barrett • May 22, 2018

All in the family: Meltdown, Spectre variants found

Variant 4 takes advantage of "speculative bypass," which grants a hacker access to stored memory in a CPU's stack.

By Samantha Schwartz • May 22, 2018

With fears of full-scale cyberwar, questions of attribution arise

Script kiddies and credential stuffers aside, the increase in nation-state activity and cyberespionage threats have begun to plague organizations across sectors. 

By Naomi Eide • May 22, 2018

Leadership and longevity, the keys to GDPR compliance

Through the many paths to compliance, a few clear lessons and trends are emerging.

By Alex Hickey • May 18, 2018

Going serverless? Prepare for a shake-up in security

A serverless environment means "moving parts" and organizations can "quickly lose control" when DevOps teams are tasked with engaging with a cloud, according to Gadi Naor, CTO of Alcide.

By Samantha Schwartz • May 18, 2018

How IBM is using Latin flowers to help companies comply with GDPR

The engine converts names, birthdays, addresses and other types of personally identifiable information into a series of random identifiers.

By Samantha Schwartz • May 16, 2018

Facing international pressure and lost business, Kaspersky moves critical infrastructure to Switzerland

The move is an attempt to distance the company from its Russian roots following backlash from the U.S. government and other customers last fall.

By Samantha Schwartz • May 15, 2018

Atlanta mayor says cyberattack came as 'surprise' to city, residents

Keisha Lance Bottoms said her constituents had not viewed cybersecurity as vital until the ransomware impacted their interactions with government.

By Chris Teale • May 14, 2018

WannaCry's more profitable successor: Cryptomining

While cryptomining poses little business interruption, a fluctuating cryptocurrency market could unleash a return to traditional attack vectors. 

By Naomi Eide • May 11, 2018

How 4 security experts are ringing in WannaCry's anniversary

Go ahead, reach for the Kleenex.

By Samantha Schwartz • May 11, 2018

6 cybersecurity experts share twitch-inducing pet peeves

Annoyances and pet peeves can fester at work and make for tense lunchroom conversations. But as professionals, overreaction isn't recommended. 

By Naomi Eide • May 10, 2018

Georgia governor vetoes flawed 'hack back' bill; legislators back to the drawing board

Microsoft, Google, cybersecurity experts and hacktivists adamantly opposed the bill, which would have made it possible for security researchers looking for hackable flaws to go to jail.

By Samantha Schwartz • May 9, 2018

How Fitbit steps up security

"We're kind of the best house in a bad neighborhood," said Marc Bown, director of security.

By Samantha Schwartz • May 8, 2018

11K organizations use outdated software linked to Equifax breach

One company's tragedy is another company's lesson. For a range of reasons, organizations have ignored the warning signs displayed by the fall of others.   

By Samantha Schwartz • May 8, 2018

Hackers are using GDPR to disguise phishing schemes

Emails impersonating Airbnb GDPR notices typically use a "bogus variation" of an email address meant to look legitimate, like "@mail.airbnb.work."

By Samantha Schwartz • May 4, 2018

Meltdown and Spectre are not done yet — 8 flaws reported

Intel responded to the reports saying it has always been in the company’s best practice to have a "coordinated disclosure" of "potential issues."

By Samantha Schwartz • May 4, 2018

Down the rabbit hole: A tour of the dark web

The deep web is the middle ground, partially hidden and unindexed by search engines. True mayhem lurks beneath that.

By Samantha Schwartz • May 4, 2018

Will confidential computing incentivize companies to move more sensitive data to the cloud?

Google launched an open-source framework to develop applications in trusted execution environments, a new level of security for sensitive workloads and information.

By Alex Hickey • May 3, 2018