Latest

►

Governance

Mitigating the Insider Threat at Scale

Tom Field  •  March 21, 2019

Enterprises are getting wiser to understanding the insider threat. But mitigating it? That remains a challenge - especially at a large scale. Mohan Koo of Dtex Systems talks about how to blend human and data analytics to address the challenge.

►

Fraud Management & Cybercrime

The Art of the Steal: Why Criminals Love Cyber Extortion

Mathew J. Schwartz  •  March 21, 2019

Criminals continue to target organizations and individuals with extortion schemes, in part via such cybercrime schemes as infecting targets with Ryuk and GandCrab ransomware, say Raj Samani, chief scientist of McAfee, and John Fokker, McAfee's head of cyber investigations.

►

Awareness & Training

Beyond Phishing: The New Face of Cybersecurity Awareness

Tom Field  •  March 21, 2019

As CEO of Terranova Security, an awareness training provider, Lise Lapointe sees an evolution of education programs that used to be merely phishing simulation tests. What are the most effective forms of training?

►

Education

Culture Change and Awareness: CSOs' Ultimate Duty

Mathew J. Schwartz  •  March 21, 2019

The ultimate responsibility of every CSO and CISO is to foster culture change and awareness, because that is every organization's single greatest data security and physical security control, says Andrew Rose, CSO of Vocalink, which is a MasterCard company.

►

Cybersecurity

Bot-Driven Credential Stuffing Attacks

Varun Haran  •  March 20, 2019

The threats from bad bots and the consequences of ignoring them continue to rise, says Patrick Sullivan, global director of security at Akamai.

►

Cybersecurity

Securing the Hyper-Connected Enterprise

Tom Field  •  March 20, 2019

In today's hyper-connected enterprise, organizations are at risk of two different types of attack. Larry Link, CEO of Cequence Security, explains how to defend at a platform level - without adding friction.

►

Application Security

The CISO's Role in AppSec

Tom Field  •  March 20, 2019

As CSO of CDK Global LLC, Craig Goodwin has been part of the rollout of a new API platform that he believes will revolutionize automotive purchasing. Goodwin offers his perspective on security's role in application DevOps.

Breach Response

Gearbest Database Leaks 1.5 Million Customer Records

Scott Ferguson  •  March 19, 2019

An unprotected database belonging to Chinese e-commerce site Gearbest exposed 1.5 million customer records, including payment information, email addresses and other personal data for customers worldwide, white hat hackers discovered.

►

Mobility

Redefining the Approach to Mobile Security

Tom Field  •  March 19, 2019

As the new director of mobile security strategy for Google, Eugene Liderman is focused on redefining the strategy and dispelling old security myths. He outlines the approach in this exclusive interview.

Application Security

NSA Pitches Free Reverse-Engineering Tool Called Ghidra

Mathew J. Schwartz  •  March 19, 2019

Here's free software built by the National Security Agency called Ghidra that reverse-engineers binary application files - all you have to do is install it on your system. So went the pitch from the NSA's Rob Joyce at this year's "Get Your Free NSA Reverse Engineering Tool" presentation at RSA Conference 2019.

►

Cybercrime

Inside the Cybercrime Support Network

Tom Field  •  March 19, 2019

As a former elected official, Kristin Judge saw first-hand the lack of resources for victims of cybercrime. And so she launched the Cybercrime Support Network, which serves small businesses and consumers.

►

Incident & Breach Response

Destructive Cyberattacks Surge

Mathew J. Schwartz  •  March 19, 2019

Destructive malware attacks, once rare, have been surging as attackers seek to cover their tracks and complicate life for incident responders, says Rick McElroy, head of security strategy at Carbon Black.