Bugs for cash: Bounty hunters in the new wild west of security

By Michelle Drolet . 20 Apr 2016

How security researchers and programmers hunt software bugs for cash rewards   The business of bug hunting is a potentially lucrative one for both seasoned security researchers and amateurs with an interest in hacking. It’s an area that’s gaining legitimacy thanks to official bug bounty programs and hacking contests, but there’s still a seedy underbelly … Continue reading Bugs for cash: Bounty hunters in the new wild west of security

Hundreds of cloud apps still vulnerable to DROWN

By Michelle Drolet . 22 Mar 2016

Complacency in addressing known vulnerabilities puts users at risk   If you have even a passing interest in security vulnerabilities, there’s no chance that you missed the news about the DROWN vulnerability. It’s one of the biggest vulnerabilities to hit since Heartbleed, potentially impacting a third of all HTTPS websites. By exploiting the obsolete SSLv2 … Continue reading Hundreds of cloud apps still vulnerable to DROWN

DROWN attack sinks security for millions of websites

By Michelle Drolet . 8 Mar 2016

Security researchers reveal new technique to break TLS using SSLv2 server. The war to close down security vulnerabilities is never-ending, but the new “DROWN” vulnerability is one of the biggest to rear its ugly head in recent months. A group of security researchers from a number of different universities and research institutes just unveiled this … Continue reading DROWN attack sinks security for millions of websites

Create a data recovery plan and secure your network

By Michelle Drolet . 22 Feb 2016

Following the Center for Internet Security’s best practices.   We discussed building malware defenses the last time out, but today we’re going to focus on Critical Security Controls 10, 11, and 12 covering data recovery, secure network configuration, and boundary defense. It’s unrealistic to think that you can completely avoid cyberattacks and data breaches, so … Continue reading Create a data recovery plan and secure your network

10 Things I Know About…Hiring a vCISO

By Michelle Drolet . 15 Feb 2016

10. A hedge against a breach A virtual chief information security officer can serve as security consul or as an interim CISO to fill the gaps during a planned information-technology security policy review. Better to be safe than sorry.   9. High talent at low costs As a temp hire, a vCISO offers flexibility and … Continue reading 10 Things I Know About…Hiring a vCISO

5 cybersecurity trends to watch for in 2016

By Michelle Drolet . 4 Feb 2016

As threats evolve and grow more sophisticated, securing IT systems is more important than ever.   We may welcome in the New Year with open arms, but we must also prepare for the cybersecurity threats ahead of us. The 2015 Cost of Data Breach Study from IBM and the Ponemon Institute put the average cost … Continue reading 5 cybersecurity trends to watch for in 2016

Ransomware is only getting worse. How do you prepare for it?

By Michelle Drolet . 4 Feb 2016

Ransomware-as-a-service, help desks, third parties — all point to a mature yet illegal enterprise undergoing serious growth. Here are tips to protect yourself and your company.   Ransomware is big business. Over the last few years we’ve observed the steady rise of ransomware, with some trepidation. It is fast becoming a multi-billion dollar business, and … Continue reading Ransomware is only getting worse. How do you prepare for it?

5 Information Security Trends for 2016

By Michelle Drolet . 20 Jan 2016

Online security trends continue to evolve. This year, online extortion will become more prevalent. We also expect that at least one consumer-grade IoT smart device failure will be lethal.  Ransomware will make further inroads, since the majority go unreported. China will drive mobile malware growth to 20M, and cybercrime legislation will take a significant step … Continue reading 5 Information Security Trends for 2016

10 Things I Know About Business Security

By Michelle Drolet . 19 Jan 2016

10. Everything is connected. As the Internet of Things adds more and more devices to our networks, it creates more doors and windows for cyber criminals. Keep them locked. 9. Ransomware is on the rise. If you don’t want to end up paying to access your own data, then make sure that you protect it … Continue reading 10 Things I Know About Business Security

The challenges of third-party risk management

By Michelle Drolet . 17 Nov 2015

Vendors and other third parties should be treated with the same level of intense scrutiny as your own in-house risk compliance mandates.   How seriously is your company treating the risk of a data breach? Have you done due diligence on all of your vendors and third-party partners? Cyberattacks can have a devastating impact in … Continue reading The challenges of third-party risk management

Tags