Stories by George V. Hulme

Social engineering stories from the front lines

It's always amazing how little attention social engineering attacks get when discussing enterprise information security risks. After all, it's usually easier to get an unsuspecting employee to click on a link than it is to find an exploitable vulnerability on a reasonably hardened webserver. Social engineering attacks come from many different angles: from targeted e-mails, phone call pretexting, or acting like a service technician or other innocuous person to obtain access to the IT resources and data they seek.

George V. Hulme | 30 Jan | Read more

The 2015 Social Engineering Survival Guide

Despite being an integral aspect of many, if not most, major attacks, social engineering tactics always seem to go underappreciated by enterprise security teams. However, it's often easier to trick someone into opening an email and exploiting a vulnerability that way, or convincing an unsuspecting assistant to provide a few useful bits of information, than it is to directly attack a web application or network connection.

George V. Hulme | 23 Jan | Read more

Data Breaches Rise as Cybercriminals Continue to Outwit IT

Online criminals remain at least one step ahead of many IT groups, according to this year's "U.S. State of Cybercrime Survey," conducted annually by CSO magazine, the Secret Service, the Software Engineering Institute at Carnegie Mellon University, and PricewaterhouseCoopers. Deterrence and detection are both falling short of their goals: The 500 survey respondents faced an average of 135 security incidents last year, and 34 percent say that number was up compared to the previous year. Just one-third of respondents could estimate losses from their breaches; among those who could, the breaches cost $415,000, on average. Legal liabilities and lawsuits after breaches add to the costs.

George V. Hulme | 29 Sep | Read more

Pay up for talent? Is there a security salary disconnect?

Demand for security talent has never been higher. Security spending, according to market research firm Gartner, is expected to grow nearly 8% this year. And few would argue that data breaches are under control. And yet, in our discussions with many security professionals throughout all levels of experience and expertise you often hear that enterprises are simply not willing to pay what is necessary for talent.

George V. Hulme | 10 Sep | Read more

Moving toward smart and secure continuous software delivery

It's no surprise that security and application development teams often find themselves locking horns. One wants applications and new features to roll out -- and swiftly -- and the other is often more concerned with keeping systems and data snug. At some organizations, as they embrace more agile development and continuous integration/delivery methods, the tension runs even higher.

George V. Hulme | 21 Aug | Read more

Five CISO skills critical to your success in the next five years

There's certainly no shortage of claims regarding the current shortfall of cybersecurity professionals. These findings show up repeatedly in our surveys, most recently the 2014 Global Information Security Survey and the 2013 State of the CSO, which both revealed that the demand for skilled IT security professionals continues to strain organizations' ability to fill security positions. Finding skilled information security workers was identified as one of the greatest challenges for 31 percent of large companies.

George V. Hulme | 14 Aug | Read more

Securing big data off to slow start

While so-called "big data" initiatives are not new to a number of industries – such as large financial services firms, pharmaceuticals, and large cloud companies – it is new to most organizations. And the low cost and ease of access of the software and hardware needed to build these systems, coupled with an eagerness to unleash any hidden value held within all of those enterprise data, are two trends that have sent large, next-generation database adoption soaring.

George V. Hulme | 16 Jul | Read more

Defending DevOps

DevOps is all about collaboration between operations teams and development teams. And the increase in collaboration should help enterprises to become more agile, eliminate waste, and automate, while also creating a more reliable infrastructure. It's about rapidly iterating, continuously improving, and being more competitive.

George V. Hulme | 25 Jun | Read more