All tagged InfoSec
One fact will hold true in 2018, no matter what organizations do: cybercriminals will continue to reinvest their profits into building sustainable but illegal businesses. The underlying economics of cybercrime continue to give massive financial incentives to the attackers. Organizations should retaliate by adopting a “keeping up with the Joneses” mentality so that they’re always slightly more secure than organizations in the same market or vertical.
On December 12th, I moderated the #securityinsiderchat on Twitter, where more than twenty cybersecurity experts gathered to discuss their predictions for 2018. It’s always a pleasure and a privilege to learn from a diverse gathering of people and to read their ideas over the course of nearly 300 tweets. Plus, it’s an excellent opportunity to post animated cat gifs in the context of work.
Taking these three actions immediately — investing in both cyber liability insurance and cybersecurity, investing in a trusted consulting firm, and getting people emotionally invested in cybersecurity training — will not prevent the next breach. However, these actions make it exponentially more expensive for criminals to breach your organization and are the socially responsible course of action to protect both your organization’s reputation and the public.
Even software developers often lack formal security training, says Kayne McGladrey, director of information security services at Boulder, Colorado security consulting firm Integral Partners. And even those who do can face pressure to roll code out quickly from employers impatient to see new features and fixes in production, he says.
Consulting firms can suffer irreparable damage to their reputation if they lose client data due to a cybersecurity incident. This article examines the current threat landscape and provides strategic guidance to prevent professional services firms from becoming the next breach statistic.
This article discusses how businesses can apply three fundamental best practices for adapting current security programs to mitigate insider threats as applications and data migrate to the cloud.
People are only able to detect lies about 50% of the time, but we tend to trust people we know when they request access by email. What does this mean for IAM, IGA, and PAM programs?
This article will examine the costs and budgetary considerations for a new bad actor, lacking global resources, to set up a single privileged identity theft campaign to be able to launch insider attacks. The costs shown will assume corporate targets in the greater Seattle metropolitan area. This article will also briefly examine countermeasures.
The good news is that it is still possible to become an evil villain for an initial investment of under $1,500 USD, despite rising labor costs.
However, the biggest utility for my Pebble was two-factor authentication from my bank. My bank has had a somewhat tortured Consumer Identity and Access Management rollout over the years. They initially had single-factor authentication – a username and password. They briefly flirted with pictures, until they realized the Internet has an insatiable love of cats. They then deployed Knowledge-Based Authentication, safe in the knowledge that no-one would post their first spouse’s name, the name of their elementary school, and their favorite band on Facebook. Thus, they reluctantly deployed SMS-based two-factor authentication.
Password reuse by individuals is one of the great failings of IAM programs. The fundamental assumption of a successful IAM project is that an organization can correctly identify an individual user. Although this sounds like a low bar, many organizations are failing to clear it because of password breaches happening outside of the corporate firewall.
