When the Mirai botnet first made waves back in 2016 taking down DynDNS services using an Internet of Things (IoT)-powered botnet, cybersecurity experts warned that this was just the warm-up act. Mirai marked the first splashy real-world example of the kind of attacks that the bad guys could carry out when harnessing the power of IoT devices in a well-controlled botnet. And as predicted by experts following the rollout of Mirai, the hits just keep coming via IoT botnets.
The last year has proved out about security naysayers' warnings about the undisciplined use of cloud architectures. While many organizations work hard to secure data stored on cloud stores, the truth is that there's a lot of work to go. That fact is made abundantly clear by the growing number of incidents caused by extremely poor security hygiene within Amazon Simple Storage Service (S3) storage buckets that are holding very sensitive information.
Life in the SOC has grown a lot more complicated in the last few years as the major forces of cloud and software-defined networking (SDN) adoption have started to converge on enterprise IT in a very big way.
After several years of peeking through the programming as a very niche topic at RSA Conference, DevOps has broken through to the limelight this week. The show has featured a number of talks and panels that discussed the security implications of DevOps and the corresponding increased dependence on cloud platforms and containerization in delivering IT services.
Another year came and went and the breach statistics were once again smashed by a raft of data compromises and thefts across the private and public sectors. According to the Identity Theft Resource Center, the number of compromised records more than doubled from 2014 to 2015. And Ponemon Institute estimates that the cost of those breaches just keeps rising--6 percent over the past year.
Shadow IT. Just the name runs little shivers up the spines of IT executives—they like to turn it up a notch sometimes and call it rogue IT. Many IT executives look at shadow IT as a disease. It’s scary and risky for end users to go out and get their own SaaS solutions without IT approval or knowledge. It’s even scarier and riskier when the DEV team goes out and spins up a bunch of Amazon instances to essentially stand up an entire shadow data center for some project or other.
The consumer protection pros at the Federal Trade Commission (FTC) have been on high alert over the last decade for breach events that threaten consumer privacy due to the negligence of businesses.
Revelations by security researchers this week are showing just how prevalent malicious advertising, better known as malvertising, has grown on the biggest publishing sites on the web. According to reports out from Black Hat, this year has seen nearly a three-fold
Cloud security concerns are starting to dissolve away as security technology and risk management practices mature in cloud and virtualized environments.
As cloud initiatives shift from cost savings efforts to strategic transformations of IT and the business, CISOs are finding that in many ways they need to completely reimagine their security controls to keep up.
Perhaps the poor users have been maligned for all these years after all. Security pundits have long decried enterprise and consumer users' tendency to clickety-click their way right through important security warning screens without ever paying heed to the content of the warning. It's a propensity that leaves their machines vulnerable to misconfigurations, makes them easy targets for dangerous attacks that still require user input to download malicious content and otherwise clears the path for all nature of endpoint-oriented social engineering.
As we head into RSA next month, chances are high that software defined perimeter (SDP) will jockey for position there in the infosec alphabet-soup lexicon. A new piece out this week in the Wall Street Journal shows that a lot of very large enterprises have high hopes for this NIST-backed protocol as security teams struggle in the cloud era to balance management of risk with maintenance of their relevance to the business.
