Security breaches are becoming more common. They occur most often in the United States (followed by the UK), exposing businesses and their customers to significant risks. Most recently, in December 2017, Kromtech uncovered a breach at Ai.Type with 577GB of data stolen. It's possible the incident exposed the information of 31 million customers. And in...

A recent article in the New York Times postulated America may choose to respond to a devastating cyberattack with a nuclear response. In November of 2017, a widely viewed social media video entitled Slaughterbots suggested “swarms of AI-controlled drones [could] carry out strikes on thousands of unprepared victims with targeted precision.” Both of...

Cisco has patched a remote code execution (RCE) vulnerability bearing a "perfect" CVSS score of 10.0 that affects its Adaptive Security Appliance (ASA) software. On 29 January, the American multinational technology conglomerate publicly recognized the security issue (CVE-2018-0101) and revealed that it affects the ASA software found in the following...

Cloud computing is not a new name anymore, and its adoption is growing consistently across various industries. Public cloud is a disruptive technology, irresistible to the Financial Services Industry (FSI) due to its tremendous benefits, including agility, elasticity, time to market and on-demand provisioning, to name a few. However, there are genuine...

Phishing attacks continue to threaten organizations' digital security in droves. Kaspersky Lab prevented 46,557,343 phishing attempts in the second quarter of 2017 alone. Overall, close to one in ten (8.26%) of Kaspersky users encountered a phishing attack that quarter. Recognizing the prevalence of phishing, it's useful to examine the granular...

Especially in recent weeks and months, information security has become an issue of interest to a lot of different people. Over the last several years, more people have started paying attention to infosec issues, which means the audience of infosec communication has drastically grown and changed. Effective communication is audience-dependent. You have...

The retail industry saw more than its fair share of data breaches in 2017, with security incidents impacting at American supermarket chain Whole Foods Market and clothing companies Brooks Brothers, The Buckle, and Forever 21, to name a few. At least some of those events likely resulted from retailers' poor data breach preparation. Consider the fact...

The state of Internet of Things (IoT) security today is clear: it’s terrible. IoT devices are everywhere – from Fitbits and Amazon Alexas to smart appliances and intelligent home security systems, they’ve already permeated our consumer lives. Outside of the consumer space, however, IoT is even more prevalent. IoT devices control electrical grid...

In 2017, some of the world’s most devastating cyber attacks were seen. Insider threats continue to be the primary reason for such high profile data breaches year over year. With the rise of malware as a service, insiders are now more than capable of sabotaging a company's operations or stealing data to sell on the darknet. Without the right support...

There are many actionable items and methods a CISO can use to minimize risk in the healthcare industry. After all, there are all kinds of tools, project management resources, and resource management solutions that can help keep businesses in order and safe. However, there just a few areas in which action should be taken. As simple as it might sound,...

Based on the past year, one thing that is certain to be on every company’s mind is security. Among the various concerns associated with security, perhaps the most important is how much it costs to effectively secure your company data in the age of large-scale cyberattacks and breaches. According to Accenture’s 2017 “Cost of Cybercrime” report, the...

You can now read the 2019 edition here! With 2017 now in the rear-view mirror, the security industry is turning its attention to 2018. The new year will no doubt present its fair share of challenging digital security threats. So too will it present numerous opportunities for infosec professionals to discuss shared difficulties at conferences and...

If this first week is any indication, 2018 could mark a significant paradigm shift in trusted computing and open source hardware. Chip makers have been very effective in making enhancements to greatly improve application performance, but the revelation of Spectre and Meltdown makes it clear that more attention needs to be paid to hardware level...

The main challenge for industrial control systems is that the processes that control those systems are connected to critical infrastructure such as power, water, gas, and transport. This means they require high availability, and it is not easy to interrupt those systems to apply security updates. Effects of any downtime means that it can affect...

Ransomware is a problem on the rise, a simple threat with some very large business implications. Statistics show it has reached new levels of menace, and it's growing at a remarkable rate: 6000% in 2016, an IBM study found, and a triple-digit increase into 2018. Although a very real and present danger (as shown by some very high profile infections...

The damage done to a business's reputation and the long-term financial consequences of a data breach are never a concern that should be treated lightly. While extending an existing database into the cloud can allow users to access sensitive files and information with far greater ease, failing to address potential security concerns or underlying...

It seems like everyday you see a new report about a massive data leak caused by someone accidentally exposing files stored in AWS S3 Buckets to everyone on the Internet. Many may remember Verizon’s infamous snafu that leaked data records for six million of their customers due to a misconfiguration in their S3 buckets. Since then, there have also been...

No-one responsible for computer security should forget what happened in October 2016. The Mirai botnet launched an attack on the internet, the scale of which had never been seen before. By unleashing a massive distributed denial-of-service (DDoS) attack on DNS service company Dyn, Mirai managed to knock out significant chunks of the internet -...