Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The US Postal Service said Monday hackers stole sensitive personal information from its employees in a large data breach this year, and got some customer data as well.
Malicious actors are increasingly relying on false claims about massive data breaches to make it seem as if established firms have lost control of their critical data.
An unclassified computer network at the White House was breached recently and the main suspects are hackers allegedly working for the Russian government. Here is what some industry experts have to say.
A report released by the California Office of the Attorney General on Tuesday shows that the number of residents affected by data breaches in 2013 increased considerably compared to the previous year.
The Delaware River and Bay Authority (DRBA) published a data security event notice on Friday to warn people who have made purchases at Cape May-Lewes Ferry terminals and vessels that their payment card data might have been compromised.
Staples said Tuesday it is investigating the possible theft of customer credit card files, a day after a security website reported the likely data breach.
Researchers have found that the components of the FDT/DTM specification, designed to ease the management of industrial control systems (ICS) contains serious vulnerabilities.
Cybercrime costs are escalating for US companies and attacks are becoming more complicated to resolve, a study showed Wednesday.
Organization should know four things before going public about a breach: What happened, how it happened, what you are doing to prevent it from happening again, and what you are doing to protect people affected by the incident.
Several sophisticated threat groups have breached the systems of a major critical manufacturing company, the Department of Homeland Security (DHS) revealed in a report.

FEATURES, INSIGHTS // Incident Management

rss icon

James McFarlin's picture
Was the plan by the Securities Industry and Financial Markets Association (SIFMA) to create a new inter-agency working group comprised of data security regulators a reaction to the recent acceleration of nationwide data breaches?
Joshua Goldfarb's picture
Because of the large volume of even the highest priority alerts, analysts are not able to successfully review each event. And with a large number of false positives, analysts become desensitized to alerts and do not take them seriously.
Joshua Goldfarb's picture
When looking to measure the success and progress of a security program, it is important to think about what success and progress actually mean.
Joshua Goldfarb's picture
Proper visibility doesn’t have to mean a deluge of uncoordinated data sources. To security operations and incident response teams, the buzz and hype should be about “big value”, not “big data”.
James McFarlin's picture
With risks to national and economic security increasing, other avenues of cyber defense are receiving attention. Improving resilience and the promising application of predictive analysis to the prevention of cyberattacks before they occur are two such areas
Mark Hatton's picture
it’s hard to build continuity under inconsistent leadership. It’s also really hard to beat the hackers when the person responsible for keeping them at bay has less job security than an NFL coach with a losing record.
Marc Solomon's picture
With the right information, security professionals can quickly pivot from detection to a full understanding of the scope of the outbreak and take action to head off wider compromises
Joshua Goldfarb's picture
Getting to the root cause involves a level of understanding beyond that of simply identifying that a system in infected. We need to understand what specifically enabled or facilitated the infection.
Joshua Goldfarb's picture
Amidst recent headlines, I am concerned that as a security community, we are losing sight of an important principle that is very important to remember: not all intrusions involve malware.
Joshua Goldfarb's picture
An organization that keeps records of its security incidents should be able to study that data to understand the top ways in which it is generally becoming compromised.
view counter