Author Archives: Kacy Zurkus

In many ways, parenting and security have a lot in common. No book exists that provides all of the answers. There is no silver bullet, and both roles can be overwhelmingly stressful. Getting into the mind of the enemy, though, might be a little easier done than understanding the inner workings of the teenage mind.

Parents are the blue teams that want to know how susceptible their children are to life’s many temptations and pitfalls. The red teams, all of the possible dangers that could hurt a child, are those who want to get in. The greater challenge is for the blue team to protect their domain by finding that one vulnerability that can be exploited without putting too many limitations and restrictions on users. 

To read this article in full or to leave a comment, please click here

Big data has proven to be a big asset for corporations who are trying to collect information and make informed business decisions, but if the proper strategies for protecting that data are not in place, the risks to the enterprise can be costly.

Earlier this year Cisco reported that worldwide mobile traffic is expected to grow eightfold from 2015 to 2020 reaching 30.6 exabytes, monthly. Planning for that data inflation raises a very important question: “How can organizations ensure their data is an asset and not a liability?” 

To read this article in full or to leave a comment, please click here

Well, it’s 2016, and a few years ago Garnter reported that “By 2016, poor return on equity will drive more than 60 percent of banks worldwide to process the majority of their transactions in the cloud.”

Enterprises across all sectors are either in the cloud, transitioning to the cloud, or thinking about making the idea of cloud a reality. 

For those who are preparing to make the move, there are a variety of concerns to consider and plan for in order to make for a smooth transition. In addition to deciding on the right cloud provider and whether to go with a private or a public cloud, CISOs also need to think about implementing solutions for controls on access, encryption, legal and compliance issues.

To read this article in full or to leave a comment, please click here

Easy to access, widely used, and outside of enterprise control, social media sites are gold mines for malicious actors. People share a lot of seemingly innocuous information, which is exactly the kind of data that hackers love to collect and use in phishing or spear phishing campaigns. 

A recent NopSec 2016 State of Vulnerability Risk Management Report found that organizations use inadequate risk evaluation scoring systems. The report claimed that social media — which often isn’t included in any risk evaluation system — is now a top platform for cybersecurity.

So, what’s the correlation between social media and the rise in malware?

To read this article in full or to leave a comment, please click here

Reduction in sales and damage to brand are potential bottom line impacts that auto manufacturers need to be concerned about when it comes to security risks and connected cars. 

According to a newly released IOActivereport , “Commonalities in Vehicle Vulnerabilities”, authored by senior security consultant Corey Thuen, “39 percent of vulnerabilities are related to the network. This is a general category that includes all network traffic, such as Ethernet or web.”

Using security best practices publications to design connected cars can mitigate up to 45 percent of vulnerabilities, yet OBD2 adapters, telematics systems and other embedded devices remain security problems in the modern vehicle.

To read this article in full or to leave a comment, please click here

While most of the decision makers would likely prefer to hear a simple yes or no when asking if they should pay, nothing in security is simple. By and large, the position of many leaders in the industry is that the ideal situation is not to pay.

Security experts across the industry would like to see all enterprises, large and small, be prepared for a hit so that they can recover their data without paying a ransomware fee. The question of whether to pay the ransomware fee is tricky, though, as sometimes organizations are left with no other options.

When asked whether companies should ever pay a ransomware fee, Ryan Manship, security practice director at RedTeam Security said, “The first thing about ransomware is that it’s in many ways like terrorism. The US has a policy not to negotiate with terrorists. Where does that come from? Why does it exist? The reality is, you can’t trust the bad guys. You can’t trust them to do what they say they are going to do, which is to give back access to your data.”

To read this article in full or to leave a comment, please click here

Because there are so many different kinds of third parties, identifying whether they do or don’t have the right infrastructure or security protocols can be a challenge. Moreover, doing the proper due diligence needed to vet third-party vendors can be costly and time consuming.

As so many organizations rely on a variety of different providers, third parties can become the gateways to the network. In order to mitigate the risk of a breach from a third party, enterprises need to design a vetting process and understand the language of the service-level agreemen in order to best evaluate their contracts.

[ ALSO ON CSO: How to achieve better third-party security: Let us count the ways ]

To read this article in full or to leave a comment, please click here

Because there are so many different kinds of third parties, identifying whether they do or don’t have the right infrastructure or security protocols can be a challenge. Moreover, doing the proper due diligence needed to vet third-party vendors can be costly and time consuming.

As so many organizations rely on a variety of different providers, third parties can become the gateways to the network. In order to mitigate the risk of a breach from a third party, enterprises need to design a vetting process and understand the language of the service-level agreemen in order to best evaluate their contracts.

[ ALSO ON CSO: How to achieve better third-party security: Let us count the ways ]

To read this article in full or to leave a comment, please click here

Angler, Magnitude, and Nuclear are a few of the most commonly used exploit kits criminals are using to deliver a variety of payloads from botnets to ransomware. Exploit kits are really just a means for malicious actors to get in the door. Once their payloads are installed, the payload is unique to the criminal, and the payload delivered has a profound impact on business operations.

The prevalence of exploit kits and the techniques favored by attackers changes quite often. Only a few years ago, Black Hole was the most popular exploit kit until its author, Dmitry “Paunch” Fedotov was arrested. In the years that followed his arrest, the use of Black Hole declined. Despite “Paunch” being sentenced to seven years in prison last month, exploit kit authors remain undeterred and vigilant in their derivatives.

To read this article in full or to leave a comment, please click here