Staring Down your Data Governance Challenges by Chris Rich

With the explosion of unstructured data in most organizations, it will become both increasingly important to determine not only who should have access to what, but also, what’s worth securing. It should come as no surprise that when facing such a herculean task there needs to be some prioritization. To do that, you to need to ask…

The Internet of Things: Advanced Threats Against Medical Devices

The internet of things refers to the vision of all manner of “things” having network connectivity so that they can send and receive data independently of human interaction. This vision holds much promise in terms of convenience, greater connectivity and improved quality, but it also creates many new challenges. Among these are the increased likelihood…

Protecting Yourself Against Your Own Users

There is a common thread among many of the major attacks that have occurred in the past couple of years—they were perpetrated either directly or indirectly by someone on the inside. While most of network and computer security is still focused on guarding against external threats, the reality is that privileged users on the inside…

Role of Data Correlation in Security

With the upward trend in security breaches, from high profile credit card breaches to massive password hacks, fraudsters are getting more sophisticated. Many consumer facing websites are targeted as the first step in a broader attack on an enterprise. Unless bad actors’ behavior is watched and acted upon in real-time, these types of breaches will…

Security & Mobility – A Necessary Match Made in Heaven

What did we do before we had mobile phones?  I mean, never mind the phone calls, texts and emails – it is the one-click shopping, balance checking, bill paying and research that I can’t imagine living without.  The power of a quick search to see if the shoes I am looking at in Store X…

The Benefits and Perils of Employee File Sharing

The growth in the use of mobile devices and cloud-based services brings many benefits, including providing workers with greater freedom to work in ways that suit them best. But they also bring many challenges to organizations regarding how corporate data is handled and stored. One particular area of growth in terms of cloud services is…

Intelligence Driven Security: It’s All About Visibility, Analysis and Action

In a recent article entitled “How Companies Can Rebuild Trust After A Security Breach,” Forbes staff writer Kate Vinton details steps companies can take to minimize the impact of a security breach. In the article, Vinton states “companies need to either find a foolproof way to prevent security breaches entirely (an unfortunately idealistic goal), or work…

Security Awareness: A Proactive Lifecycle Approach

Security awareness training is essential for every organization. It is used to educate employees regarding information and computer security so that they can be aware of the threats that face such systems and the behavior that is expected of them to guard against those threats. Based on the security policy set by a particular organization,…

The Dragonfly Attack

At the same time that my RSA Research colleagues were uncovering the Boleto fraud in Brazil reported this week, Symantec released a Security Response describing a 2013 cyber-attack on US energy infrastructure, dubbed “Dragonfly“.  (Also researched by Kaspersky under the name “Energetic Bear”. F-Secure has been tracking one of the malware variants used, called Havex.)…

9 Tips for Achieving Command and Control

One of the more common issues that those of us involved in trust in general and security in particular are guilty of perpetuating is that we tend to be a bit myopic when it comes to what we focus on when trying to ensure appropriate trust levels for critical assets. Our primary concern is almost…