CSO OnlineLast week, Trustmark National Bank and Green Bank NA, filed a complaint in Chicago federal court accusing Target and Trustwave of failing to properly secure customer data, and enabling the theft of 110 million records, including 40 million credit cards.
Why you need to measure the right things in your incident reporting process to improve your security cultureCSO OnlineAs building an effective and measurable security culture increases in importance, the approach we take determines our success. Explore how to start by engaging people and using the right measurements to learn, inform, and grow. Find out why it starts with the incident REPORTING process.
CSO OnlineStats compiled by Netcraft show that 12,000 WordPress installations were compromised in February and used in Phishing campaigns that targeted Apple customers and PayPal users.
CSO OnlineDoug DePeppe has some especially strong feelings about protecting remote substations from cyber attacks. Here is his guest CSO blog to explain why.
CSO OnlineWe have an inherent bias toward prevention, even as we freely admit we can’t prevent a breach. That leads to the neglect of detection, response, and the role of culture in building a successful security program. Explore how and why to make the change, including insights to get started.
CSO OnlineBasecamp, a project management application, is the latest victim of an extortion scheme that promises DDoS attacks unless a ransom is paid. The service was down for several hours on Monday as attackers slammed the network with malicious packets.
CSO OnlineOver the weekend the Hash reported on a story published by Brian Krebs, and continued to chase open threads, resulting in new information. Here's a re-cap of the story, including additional commentary in order to address a reader's questions.
CSO OnlineThe playing field is tilted in favor of our adversaries. To win, we must defend all possible attack vectors, yet our adversaries need only exploit one.
CSO OnlineThere seems to be a global evolution in security talent worldwide - partly from want and partly from need. The technology, talent and techniques once necessary to support a sound security posture are changing as threats and business needs also change. My most recent trip to Latin America helps amplify these changes.
Sign up now »
Reduce complexity and increase trust for public cloud service providers and their customers.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.