It seems there’s no shortage of enterprises that fall short when it comes to protecting their information and digital assets. Most of the time you will see this blamed on new attack techniques, advanced forms of custom malware, and the rise in recent years of state-sponsored snoops and criminals. Security professionals have it tough, as their adversaries are always improving their tactics, no doubt. And the technologies their organization uses to boost productivity and provide new services are always advancing in areas such as mobility, cloud, data analytics, and soon the Internet of Things.
It seems UK businesses are raising a white flag to online extortionists. One in three medium to large businesses is stocking up on Bitcoins to prepare to pay ransom in a ransomware attack, according to new research by Citrix.
Established companies like LinkedIn, Tumblr and MySpace are being run through the mill because of old security breaches that recently surfaced on the web. From a victim’s perspective, mitigation starts with a password reset, but what’s happening on the corporate side? How should companies react in full breach era to clean up the mess and regain clients’ credibility?
If no one trusted the Internet, what would that mean for online business—or even for business in general? Even as so many consumers and businesses rely on the web to conduct all kinds of transactions, fears about data breaches and loss of privacy has many people spooked about sharing personal information online.
We’ve been writing a lot about cybersecurity insurance - most recently in Cybersecurity Insurance: Closing the Widening Risk Gap. This is a fast-moving market, and one I think that will increasingly affect how enterprises help manage cybersecurity risks. And, in the long term, insurance may even help enterprises more cost effectively and efficiently reduce risk. But the road there is going to be filled with bumps and false starts – if that end state will be reached at all.
In reaction to the rising complexity and increased damage of certain cyber-attacks, more enterprises have been turning to threat intelligence as a way to stay tuned to the risks. Last year, Enterprise Strategy Group released a survey that found 72% of organizations planned to increase their threat intelligence programs this year.
Some argue that successful information security is a matter of getting the technology right. Others contend that it’s more about training and education. I think both views are valid, but neither is complete. Good information security is about technology design and deployment, to be sure. But it’s also about people and the right processes being in place.
The definition of corporate “endpoints” is constantly evolving, and securing those endpoints is becoming increasingly complex for enterprises. As the SANS Institute points out in its March 2016 Endpoint Security Survey, endpoints now include non-traditional computing devices or "things," and IT professionals are becoming aware of the fact that those endpoints require different thinking around security.
It seems no matter how hard enterprises try, no matter what investments in security controls and processes they make, and no matter how much they strive to harden their systems, data breaches, data manipulation, cyber extortion and other attacks on availability are going to happen. Just like taking precautions to protect themselves from fraud and theft, or natural disasters like hurricanes, tornados, earthquakes and fires. Industry takes steps to mitigate these risks, but can’t eliminate these risks. Cybersecurity is much the same.
The Internet of Things and quantified-self movements have led to an explosion of interesting gadgets for consumers and households, and we've detailed the types of IoT vulnerabilities and attacks in smart homes in our latest research paper. But the IoT is also laying the foundations of a new way of working. It’s about using information technology to reshape how, and where, we work.
Healthcare institutions remain among the most targeted organizations when it comes to hacker attacks and other security intrusions. These entities possess a wealth of data, including personal information that cyber criminals can use.
Data protection regulations from the European Parliament and Council have been set in place to safeguard the individual’s right to control how his personal data is used and prevent companies from getting tangled in a legislative web.
