NOMINATIONS NOW OPEN

Top IT Security Bloggers

  • Snowden joins “Against the Law” project to build spy-proof iPhones

    Sophos - Naked Security
    Here's a spy versus spy surveillance buster for your iPhone - but they have to build it first.
  • “Selfie war” paramedics accused of taking photos with unconscious patients

    Sophos - Naked Security
    The "sick game" included holding open the eyelid of a sedated patient and baring an elderly woman's breast for selfies.
  • Cybersecurity: A vertical industry application?

    Network World - Networking Nuggets and Security Snippets
    Cybersecurity has always been a horizontal technology practice that’s roughly the same across all industry sectors. Yes, some industries have different regulations, use cases or business processes that demand specific security controls, but overall every company needs things like firewalls, IDS/IPS, threat management gateways and antivirus software regardless.Generic security requirements will remain forever, but I see a burgeoning trend transforming cybersecurity from a set of horizontal technologies to a vertical industry application. These drivers include:
    Increasing business focus on cybersecurity. While it sounds like industry hype, cybersecurity has actually become a boardroom issue and corporate boards understand industry-specific risks much better than technology gibberish about malware and exploits. To accommodate these corporate executives, CISOs will need communications skills, as well as tools and technologies that help translate cybersecurity data into meaningful industry and corporate risk intelligence that can drive investment and decision making. Security intelligence vendors like BitSight and SecurityScorecard are already exploiting this need, offering industry-centric cybersecurity metrics for business use.
    CISO progression. The present generation of CISOs grew up through the ranks of IT and security with career development responsibilities such as network operations and firewall administration. Yes, the next generation of CISOs will still need some technology chops, but this role is moving closer and closer to business management. In fact, the best CISOs understand industry business processes, regulations and risk above and beyond technology.  Business-centric CISO resumes are a “nice-to-have” today but will evolve into a true requirement over the next few years. In the near future, cybersecurity executives will build their careers as financial services CISO, healthcare CISO or public sector CISO rather than vanilla CISO.
    Advancing regulations. While there are already a lot of industry regulations, such as FISMA, HIPAA/HITECH and NERC, additional industry regulations are bound to occur. This will happen quite quickly if a major data breach disrupts operations in a particular industry.   
    Industry-focused threats. Targeted threats can generally be traced back to cyber adversaries that specialize on a particular industry in a particular geography. This makes sense: Attacking a U.S. bank demands language skills and business process and regulatory knowledge that isn’t applicable for attacking banks in France or Germany.  These industry-centric threats are precisely why we have specific industry Information Sharing and Analysis Centers (ISACs). Cybersecurity professionals are often encouraged to “think like the enemy.” Increasingly, this demands industry-specific business and IT knowledge—not just a broad understanding of cyber adversary tactics, techniques and procedures (TTPs).
    IoT. This is the big Papi of change agents for cybersecurity, as industry IoT applications will radically alter business processes, technology elements and threats. And while we’ve created an uber technology category called IoT, the fact remains that IoT healthcare applications will be vastly different than those designed for energy, manufacturing, retail or transportation. As an example, think about the specific industry, business process and technology knowledge you would need to prevent, detect or remediate a Stuxnet-like attack. 

    As I previously mentioned, there will always be a need for horizontal security technologies, but CISOs will increasingly judge these technologies based upon two criteria: 1) best-of-breed security efficacy and 2) how well these point tools can be integrated into enterprise solutions that encompass vertical industry-specific requirements.To read this article in full or to leave a comment, please click here
  • TippingPoint Threat Intelligence and Zero-Day Coverage – Week of July 18, 2016

    Trend Micro - Cloud Security Blog
    I completely lost track of time all week. According to Wikipedia, “Father Time” is usually associated with an elderly bearded man with wings, dressed in a robe and carrying a scythe and an hourglass. Whatever he’s wearing or carrying doesn’t matter – he got me good! Yesterday, I thought it was Wednesday all day. While...
  • This Week in Security News

    Trend Micro - Cloud Security Blog
    Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for...
  • Edward Snowden's new case design detects if your iPhone is broadcasting its location

    Graham Cluley
    NSA whistleblower Edward Snowden has teamed up with hardware hacker Andrew "Bunnie" Huang to design an iPhone accessory that could help protect journalists working in dangerous parts of the world.
    Read more in my article on the Hot for Security blog.
  • Bathroom Snapchat video of suicide teen ruled criminal by court

    Sophos - Naked Security
    Teen committed suicide after classmate filmed him in a school toilet and posted it on Snapchat and Vine.
  • When the people selling you IT security solutions hack into their rival's database...

    Graham Cluley
    The Register reports:
    Five men working at UK-based IT security reseller Quadsys confessed today to hacking into a rival's database.
    Owner Paul Streeter, managing director Paul Cox, director Alistair Barnard, account manager Steve Davies and security consultant Jon Townsend appeared before the beak at Oxford Crown Court.
    "All pleaded guilty to obtaining unauthorised access to computer materials to facilitate the commission of an offence," the court clerk told us.
    This is punishable by a minimum of 12 months in prison or a fine on summary conviction, or up to five years or a fine on indictment.

    We all know that there are bad guys hacking into firms.
    We want to protect our firms from online criminals, so we bring in third-parties to help us do that, and purchase solutions and services.
    It's depressing to discover that some of those third party firms may have some rotten apples on their payroll, who don't know the difference between right and wrong, and think nothing of exploiting their technical skills to break the law if it helps them gain a commercial advantage.
    Let this be a warning to others. Just because you can do something doesn't mean that you should.
    Hacking into a rival's database to steal customer and pricing information might give you a short term advantage, but you are putting your personal future, and that of your business, at permanent risk.
  • Pokémon GO finally live in Japan after leaked email delays launch

    Sophos - Naked Security
    One leaked email, one mass freakout, and suddenly, the launch of Pokémon GO in Japan went on hold.
  • SoakSoak using compromised websites to spread CryptXXX ransomware

    Graham Cluley
    The SoakSoak botnet is compromising business websites so that they redirect visitors to the Neutrino exploit kit and CryptXXX ransomware.
    David Bisson reports.

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place