What Are Security Professionals Afraid Of? Lack of Precision Doesn’t Mean “I Don’t Know”

Security professionals, like people in many other lines of work, tend to have certain cultural characteristics in common. One of the most deeply rooted characteristics is pride in our detailed understanding of threats, vulnerabilities, exploits, and the technologies that help defend our organizations against them. We’ve conditioned ourselves to believe that such stone-cold facts—in detail…

RSA Uncovers New POS Malware Operation Stealing Payment Card & Personal Information

By Yotam Gottesman, Senior Security Researcher, RSA FirstWatch team In a recent investigation, RSA researchers uncovered the server infrastructure used in a global Point-of-Sale (PoS) malware operation responsible for the electronic theft of payment card and personal data from several dozen retailers, mostly based in the U.S. Infection activity has also been detected in 10…

Security Operations Management: Ninjas and Windows

Describing to a lay person how a “hack” happens is not an easy discussion.   Like many of you, I have fielded over the years multitudes of inquiries from friends and family when something big hits the news.  Since I am the “security guy”, I have to explain how a big company could be hacked and…

The Real Failure of a Password Breach Is the Inability to Explain Their Value

Password breaches are bad news. The rushed conclusion is that people are simply incapable of handling passwords, signaling yet another round of “kill the password.” This quick, and common, conclusion conveniently overlooks the simple fact that companies are failing to protect their systems, which leads to the password breach. Recent breaches further suggest that companies…

3 Ways to Bridge the Business-IT Disconnect

A few months ago, the Huffington Post interviewed Robert J. Webb, CEO of the Technology Business Management Council, to shed light on the near-ubiquitous communication disconnect between business and IT leaders.  Webb supposed that the line-of-business consistently over-ranks the amount of resources available to IT, while CISOs’ “Key Performance Indicators” fail to resonate with those in business roles. …

IAM, Getting Smarter with Every Release

New product releases typically bring a bevy of new features, but some of these additions—the ones created by the desire to lead the market or respond to customer requests—are  typically more interesting and, frankly, more important. Take Instagram, for example. They recently introduced "Instagram Direct," which allows users to message privately. The update allows users…

Know Your Enemy

Back in 2006 I read John Keegan’s book on Intelligence in War.  It demonstrated to me the importance of knowing your adversary, a lesson learnt long ago by the military.   He relates a story of perhaps one of the most successful military leaders in history, Alexander the Great.  Alexander who as a boy sat on…

Security Operations Management: Castor and Pollux

At the beginning of January, a security flaw was uncovered in the X Windows system that has sat unnoticed almost 22 years.   According to the advisory ‘This bug appears to have been introduced in the initial RCS version 1.1 checked in on 1991/05/10, and is thus believed to be present in every X11 release starting…

Top 5 Ways to Better Protect Data

Over the past few weeks, publications ranging from the niche (Fibre2Fashion) to the broad (Forbes, Huffingtonpost) have reported on the surging prevalence of data compromisation. Seeing a string of recent, high-profile breaches as worrisome, the majority of the reports suggested that protecting sensitive information will only increase in scope and difficulty, and as a consequence,…

Continuous Alignment is Vital to Maintain Security Effectiveness

Integration and alignment of a Cyber Security strategy with the business is no longer a matter of choice– it is instead a resounding reality that in the wake of recent and ever-growing number of breach incidents is being taken very seriously by organizations of all sizes.  In fact, it has now become one of the…