There are many reasons why IT professionals can be fired, but six out of the top nine are related to security. Fireable offenses included failing to modernize a security program, data breaches with unknown causes, data breaches that do not become public, and the failure of a security product or program investment.
Maria Korolov | 19 Jan | Read more
A local pitchfest brought together Australian security innovators and some very interesting ideas that reflect the future of Australian infosec. Speakers highlighted the need for curiosity and diversity. Along similar lines, one of Australia’s newest certified cybersecurity experts warned that the security community needs to undergo significant cultural change.
David Braue | 31 Oct | Read more
Security experts have backed claims that flaws in heart implants made by St Jude Medical can be used to deliver electric shocks.
With about five billion IoT devices connected today, with growth expected to reach 25 to 38 billion over the next five years it's clear something needs to be done to arrest the threat of billions of devices being recruited for nefarious purposes.
Anthony Caruana | 25 Oct | Read more
The security of Australians' healthcare information came under the spotlight after the federal Department of Health pulled massive dataset of Medicare-related information and Telstra faced concerns it lacks the cybersecurity credentials to support a major contract it was awarded earlier this year.
David Braue | 29 Sep | Read more
Hackers love health apps because their popularity has outpaced the industry's ability to safeguard them. Technology experts discussed the privacy and security risks at a House hearing July 14 with the Energy and Commerce subcommittee.
Xuanyan Ouyang | 27 Jul | Read more
Network-security tools have long focused on identifying compromises that they recognise from past encounters, but what do you do about the attacks that you’ve never seen before – or even thought to look for?
David Braue | 02 Jun | Read more
In an IT-security industry that is rife with 'year of' predictions – the year of spam, the year of the advanced persistent threat (APT), the year of ransomware – there may be some comfort in the observation that, so far, 2016 is turning out to be the year of fighting back.
David Braue | 02 Jun | Read more
Mainstream use of biometric authentication has taken a big step forward as the Australian Taxation Office (ATO) begins using voice biometrics to replace security questions and passwords for taxpayers phoning the organisation's enquiry line.
David Braue | 22 Jan | Read more
One in ten files shared within cloud applications is exposing sensitive or regulated data to potential compromise, according to an analysis of cloud file-sharing that placed the average potential losses from unmanaged 'shadow IT' at some $1.9m per organisation.
David Braue | 21 Jan | Read more
The new year is always a good time for new beginnings – and this includes reviewing your security policies to ensure they're up to date with your changing business. CSO offers a range of policy templates and tools to give you best-practice guidance to get you started, while newly-minted security interest Forcepoint was working to equip CSOs with a better metric to track organisational security posture when dealing with the board.
David Braue | 18 Jan | Read more
Pump and dump spam from the notorious Waladec botnet may have netted fraudsters tens of thousands of dollars by triggering a brief spike in the stock price of a US marijuana cultivation firm.
Google has debuted data loss prevention (DLP) for Gmail in Google Apps, closing a key gap between its compliance toolset and Microsoft's Office 365.
Cisco has flagged a monster security update for dozens of Cisco security products affected by eight OpenSSL flaws, including the FREAK SSL/TLS bug.
Distributed denial of service (DDoS) attacks are the most worrying type of online attack for businesses and reputational damage and unhappy customers are among the most feared outcomes of such an incident, a new customer survey has revealed.
David Braue | 06 Mar | Read more
The Australian government stepped up its push for mandatory data retention legislation, drawing out supporters and detractors as the controversial legislation pushed its way towards becoming law.
David Braue | 02 Mar | Read more
Managed security services (MSS) providers are set to enjoy growing demand from enterprise customers as increasing pressure to stay on top of security threats pushes them to enlist outside help, according to the newly appointed head of Dell SecureWorks.
David Braue | 16 Feb | Read more
We've barely begun 2015, yet some security predictions made at the end of last year are already being tested. One of those was a prediction by RSA that criminals will turn their attention to stealing personal health information, and the recent attack on US health insurer Anthem, is just one symptom that it might be happening sooner than our initial diagnosis.
Michael Lee | 12 Feb | Read more
Despite being an integral aspect of many, if not most, major attacks, social engineering tactics always seem to go underappreciated by enterprise security teams. However, it's often easier to trick someone into opening an email and exploiting a vulnerability that way, or convincing an unsuspecting assistant to provide a few useful bits of information, than it is to directly attack a web application or network connection.
George V. Hulme | 23 Jan | Read more
Security operations centers (SOC) have been around for a while, stretching back to the old room full of live camera feeds. The intent of a SOC is simple: provide the business with the ability to see what is going on in order to take action if necessary. The level of SOC sophistication varied depending on the risks and infrastructure complexity. Consider the humble stretch of road and an analogy for businesses in the very early days of the internet: In low risk, low traffic areas, it was often not necessary to have a constant additional surveillance of this road. Road rules -- basic perimeter-based network security measures like firewalls -- still applied, but it was considered sufficient for any out-of-the-ordinary incidents to be handled reactively.
Michael Lee | 20 Jan | Read more