Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

CrowdStrike is elbowing its way into new security markets with a planned acquisition of attack surface management startup Reposify and a strategic investment in API security vendor Salt Security. [Read More]
By understanding current ROI it is easier to justify future cost because you know the value. But this is a problem: how do you measure or quantify RoI in cybersecurity spend? [Read More]
Ride sharing giant Uber is downplaying the impact from a devastating security breach that included the theft of employee credentials, access to the HackerOne bug bounty dashboard and data from an internal invoicing tool. [Read More]
Industry professionals comment on the new guidance from the US government asking for security guarantees from software vendors. [Read More]
The non-profit foundation is building a team to proactively identify and address security defects in the popular Rust programming language. [Read More]
The White House wants software developers that provide products and services to the government to guarantee that security requirements are met. [Read More]
Dig Security’s latest financing comes as venture capital investors rush to place bets on startups jostling for space in the cloud data security space. [Read More]
Microsoft says its security teams have detected zero-day exploitation of a critical vulnerability in its flagship Windows platform. [Read More]
The new sanctions designate Iran’s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence for engaging in cyber-enabled activities against the United States and its allies. [Read More]
Microsoft security teams share details on ransomware attacks linked to DEV-0270, a subgroup of Iran-linked Phosphorus. [Read More]

FEATURES, INSIGHTS // Risk Management

rss icon

Jeff Orloff's picture
The Defense Readiness Index is a reliable alternative for assessing a security team’s skill level, developing a roadmap for improving cyber competencies, and reaching the optimal level of cyber security readiness.
Gordon Lawson's picture
The surge of cyber attacks in 2021 was a wake-up call for consumers, who felt the firsthand effects that can result from a breach.
Torsten George's picture
Organizations need to look beyond preventive measures when it comes to dealing with today’s ransomware threats and invest in ransomware response, which improves their ability to prepare and quickly recover endpoints from ransomware attacks.
Landon Winkelvoss's picture
Many think open source intelligence is just another name for better googling. They are wrong. Good open source and threat intelligence are derived from three core capabilities.
Keith Ibarguen's picture
Vendor agnostic technology, married with actionable, globally-sourced, and continually evolving intelligence, augmented by humans, is needed to defend our enterprises.
Laurence Pitt's picture
There are areas where governments can learn from the private sector and vice-versa, which will help both sides adapt more quickly and effectively to a continuously evolving threat environment.
Torsten George's picture
Schools should take measures to identify and secure sensitive data, keep devices up-to-date, and ensure that their endpoint security controls are working.
Gordon Lawson's picture
The rise of social engineering tactics as well as risks associated with embedded vulnerabilities in contractor networks makes keeping this technology confidential and out of the hands of adversaries increasingly difficult.
Torsten George's picture
Cyber resiliency measures (i.e., architectural design, technologies, operational practices) assume that today’s threat actors can achieve a foothold in an organization’s infrastructure and in turn post-exploit activities must be contained and eliminated.
Landon Winkelvoss's picture
The security industry must commit to a risk-based approach that understands the specific attacks and actors targeting their industry and profile.