Blog, Page 2

Capture the Prize

Risk is the effect of uncertainty on objectives.  Managing risk well increases the certainty that objectives will be achieved.  Not surprisingly, organizations leading in risk management “capture the prize”.  According to a PWC Risk Review, organizations more frequently achieve their objectives, are more profitable and less likely to experience a negative profit margin than those…

Eliminating Access Blind Spots in the Modern Enterprise

Last year, 63% of data breaches involved compromised identities. This year, it’s up to 81%. As the world settles into the “new normal” of mobile, cloud and other nontraditional access points for applications and other resources, the problem of identity-related attacks isn’t going anywhere; to the contrary, it’s getting bigger. We can’t promise those numbers…

Delivering Convenient and Secure Access to the Modern Workforce

In the relatively quick journey from don’t-even-think-about-bringing-your-own-device to please-absolutely-bring-your-own-device, identity management has experienced some dramatic transformations. And it’s still evolving now, as security policy continues to move away from limiting user options and toward expanding them. Organizations haven’t taken long to come around to thinking that giving users more ways to access the resources they…

Transaction Protection in a Human-Not-Present Age

Imagine it is 10AM and you’re sitting in a meeting at work. You gaze out the window only to see your car drive out of the parking lot, turn left at the end of the road, and disappear around the corner. Your car, having sensed it needs a change of oil and seeing today’s calendar…

Shadowfall

Over the last several months, RSA Research embarked on a cross-organizational effort against RIG Exploit Kit (RIG EK or just plain RIG), which led to insight into the operational infrastructure (and possibly the entire ecosystem), as well as significant discoveries related to domain shadowing. Domain shadowing is “a technique in which attackers steal domain account…

8 Authentication Pitfalls That Can Put You on the Road to Nowhere

Two-factor, multi-factor, mobile, push, tokenless, biometric: you have choices today when it comes to authentication solutions. Choose the right authentication solution, and you’ve got a straight shot to access that’s secure and convenient for users. Choose the wrong one, and you risk getting on a path that’s at best bumpy and at worst downright dangerous.…

Chances are your account has been breached

When it comes to protecting personal data, there are three types of people in the world: Those who go to great lengths to protect their personal information, using unique passwords and trying to remain un-breached. Those who are ignorant or ambivalent to the impact of breaches and the personal security risk they entail. Those who…

What Really Led to WannaCry?

Much of the focus on WannaCry has been on how it works and what organizations need to do in the near term to recover. It’s important, however, to take a step back and ask ourselves why WannaCry became such a tour-de-force in the first place. After all, the security community has been talking about concepts…

Metrics (Not Just Fun Facts!) Are key to driving a Business-Driven Security™ Strategy

Dave Gray & Azeem Aleem “What’s Measured Improves” Peter Drucker It’s mid-2017 and we have already witnessed the conundrum across organizations as the pressure of building a more efficient business creates loopholes for cyber criminals to gain an advantage. In a previous blog we talked about the traditional perimeter melting away and how the “not…

The Business Value of RSA Archer

Implementing an effective governance, risk, and compliance program can be a costly and time-consuming effort: Hardware, software, and the active engagement of a lot of people in the first, second and third lines of defense.  Before implementing a program, and periodically throughout the life of the program, the question always arises from senior management: Is…