When it comes to hiring, enterprise security teams can use all of the help that they can rally. But when it comes to hiring entry-level talent, that's not as easy as it may seem.
George V. Hulme |
11 Mar |
Read more
It's always amazing how little attention social engineering attacks get when discussing enterprise information security risks. After all, it's usually easier to get an unsuspecting employee to click on a link than it is to find an exploitable vulnerability on a reasonably hardened webserver. Social engineering attacks come from many different angles: from targeted e-mails, phone call pretexting, or acting like a service technician or other innocuous person to obtain access to the IT resources and data they seek.
George V. Hulme |
30 Jan |
Read more
No more is it enough to think that securing your iPhone with a simple 4 digit PIN is adequate.
George V. Hulme |
29 Jan |
Read more
Despite being an integral aspect of many, if not most, major attacks, social engineering tactics always seem to go underappreciated by enterprise security teams. However, it's often easier to trick someone into opening an email and exploiting a vulnerability that way, or convincing an unsuspecting assistant to provide a few useful bits of information, than it is to directly attack a web application or network connection.
George V. Hulme |
23 Jan |
Read more
In 2014, it seemed that no industry went unscathed. The data breaches this year were broad and deep. Software maker Adobe was hit for 152 million records. Online marketplace eBay was drained of another 145 million; Bank and financial services firm JP Morgan Chase 76 million; retailers Target and The Home Depot for another 70.
George V. Hulme |
06 Nov |
Read more
The year since our previous Global Information Security Survey won't go down as one of the better years for information security. In fact, it may go down as one of the most grueling.
George V. Hulme |
01 Oct |
Read more
Online criminals remain at least one step ahead of many IT groups, according to this year's "U.S. State of Cybercrime Survey," conducted annually by CSO magazine, the Secret Service, the Software Engineering Institute at Carnegie Mellon University, and PricewaterhouseCoopers. Deterrence and detection are both falling short of their goals: The 500 survey respondents faced an average of 135 security incidents last year, and 34 percent say that number was up compared to the previous year. Just one-third of respondents could estimate losses from their breaches; among those who could, the breaches cost $415,000, on average. Legal liabilities and lawsuits after breaches add to the costs.
George V. Hulme |
29 Sep |
Read more
Demand for security talent has never been higher. Security spending, according to market research firm Gartner, is expected to grow nearly 8% this year. And few would argue that data breaches are under control. And yet, in our discussions with many security professionals throughout all levels of experience and expertise you often hear that enterprises are simply not willing to pay what is necessary for talent.
George V. Hulme |
10 Sep |
Read more
If you don't understand the capabilities and motivations of your adversaries – you can't expect to be very successful in managing your relationship with them, negotiating, or defending against their advancements.
George V. Hulme |
26 Aug |
Read more
It's no surprise that security and application development teams often find themselves locking horns. One wants applications and new features to roll out -- and swiftly -- and the other is often more concerned with keeping systems and data snug. At some organizations, as they embrace more agile development and continuous integration/delivery methods, the tension runs even higher.
George V. Hulme |
21 Aug |
Read more
There's certainly no shortage of claims regarding the current shortfall of cybersecurity professionals. These findings show up repeatedly in our surveys, most recently the 2014 Global Information Security Survey and the 2013 State of the CSO, which both revealed that the demand for skilled IT security professionals continues to strain organizations' ability to fill security positions. Finding skilled information security workers was identified as one of the greatest challenges for 31 percent of large companies.
George V. Hulme |
14 Aug |
Read more
Every year the numbers and the types of devices security professionals find themselves having to secure from attacks keep growing, and there's certainly no sign of that letting up at Black Hat 2014 this year.
George V. Hulme |
05 Aug |
Read more
It is said that an enterprise is only as secure as its weakest link. Today, that weak link often turns out to be partners, suppliers, and others with persistent network and application access.
George V. Hulme |
29 Jul |
Read more
While so-called "big data" initiatives are not new to a number of industries – such as large financial services firms, pharmaceuticals, and large cloud companies – it is new to most organizations. And the low cost and ease of access of the software and hardware needed to build these systems, coupled with an eagerness to unleash any hidden value held within all of those enterprise data, are two trends that have sent large, next-generation database adoption soaring.
George V. Hulme |
16 Jul |
Read more
DevOps is all about collaboration between operations teams and development teams. And the increase in collaboration should help enterprises to become more agile, eliminate waste, and automate, while also creating a more reliable infrastructure. It's about rapidly iterating, continuously improving, and being more competitive.
George V. Hulme |
25 Jun |
Read more