Perhaps the only thing worse than falling victim to a business email compromise or “CEO fraud” that results in millions of dollars in wire fraud theft – is wondering whether your insurance will cover any of the loss.
Stacy Collett | 01 Sep | Read more
Predictive analytics plays a growing role.
Stacy Collett | 25 Aug | Read more
Many Starbucks customers got a jolt in May when cyberthieves were discovered stealing money from their credit cards and payment accounts by first tapping into their Starbucks mobile apps. The culprit was believed to be a hole in an application-programming interface (API), though perhaps not on Starbucks' site but on another app where overused passwords were stolen and reused, according to reports.
Stacy Collett | 08 Aug | Read more
Phishing scammers have infiltrated the enterprise and they're finding easy prey, but it's not in the C-suite as previously thought. Attackers are exploiting the multitasking, often overloaded middle management ranks, according to research by security and compliance firm Proofpoint.
Stacy Collett | 24 Jun | Read more
A security manager might be turned off when a job candidate calls him "dude" several times during the course of an interview, but it was a minor infraction that Todd Borandi had to overlook. Like many security team leaders seeking highly sought-after technical skills for his incident response team, he had to let small transgressions slide.
Stacy Collett | 28 May | Read more
When it comes to detecting, preventing and analyzing information security threats, security teams need all the help they can get.
Stacy Collett | 12 May | Read more
Like precocious teenagers, some employees don't want to be told what to do when it comes to cyber security. Too many rules about what they can and cannot do with technology can lead to bad decisions that inadvertently put company data at risk. Instead, a more subtle approach is required to help them make better decisions on their own.
Stacy Collett | 12 Feb | Read more
Each year, the CSO50 Awards honor individuals who demonstrate excellence, achievement and leadership in security and drive business value.
Stacy Collett | 05 Feb | Read more
Each year, the CSO50 awards honor 50 security projects and initiatives that have delivered groundbreaking business value through the innovative application of risk and security concepts and technologies. Here are the 2015 winners:
Stacy Collett | 04 Feb | Read more
Human nature dictates that you can never expect 100% of the people to follow instructions 100% of the time. The same holds true when it comes to protecting information security. At safety science company UL LLC in Northbrook, Ill., Steve Wenc, senior vice president and chief risk officer, and Robert Jamieson, IT security officer, realized early on in their security education efforts that reducing risk would require more than just lectures and written instructions.
Stacy Collett | 04 Feb | Read more
What do you do when 600 mission-critical workstations can't say goodbye to Windows XP, but support for the operating system is ending? That was the challenge facing biopharmaceutical company Quintiles Inc., in Durham, N.C.
Stacy Collett | 04 Feb | Read more
Attacks that proved successful on PCs are now being tested on unwitting mobile device users to see what works -- and with the number of mobile devices with poor protection soaring, there are plenty of easy targets. "Attackers are definitely searching after the weakest point in the chain," and then honing in on the most successful scams, says Lior Kohavi, CTO at CYREN, a cloud-based security solutions provider in McLean, Va.
Stacy Collett | 22 May | Read more
Your computer files are being held for ransom. Pay up, or lose them. Your bank account is being emptied, so click here to stop it. Your friend has died, click on this funeral home site for more information. Social engineering thugs have reached new lows.
Stacy Collett | 22 Apr | Read more
What do smartphones and corporate credit cards have in common? Very soon, both will be monitored by employers in an effort to detect abnormal or otherwise suspicious patterns of activity. In the age of bring-your-own-device (BYOD) policies, companies are turning to techniques like these to manage access from smartphones and tablets to their internal systems and to confirm the identities of the people using them.
Stacy Collett | 11 Nov | Read more
A former vice president of security at a mid-size southwestern U.S. company vows to take a much harder look at his next employer's security culture after spending almost two years embattled with the IT manager over turf and his disregard for physical security matters.
Stacy Collett | 31 Oct | Read more