Top IT Security Bloggers

Network World - Networking Nuggets and Security Snippets
  • Many Organizations Still Opt for “Good Enough” Cybersecurity

    Network World - Networking Nuggets and Security Snippets
    Late last year, ESG published a research report titled, Through the Eyes of Cyber Security Professionals, in collaboration with the Information Systems Security Association (ISSA).  As part of this report, 437 cybersecurity professionals and ISSA members were asked if they’d experienced a number of types of security incidents.  The research revealed that:
    39% of organizations experienced one or several security incidents resulting in the need to reimage one or several endpoints or servers.
    27% of organizations experienced one or several incidents of ransomware.
    20% of organizations experienced one or several incidents resulting in the disruption of a business application.
    19% of organizations experienced one or several incidents resulting in the disruption of a business process.

    It should be noted that between 23% and 30% of the survey population responded “don’t know” or “prefer not to say” when asked about different types of security incidents so the percentages represented above are likely much higher.To read this article in full or to leave a comment, please click here
  • Endpoint security in 2017

    Network World - Networking Nuggets and Security Snippets
    Just a few years ago, there were about 6 to 10 well regarded AV vendors that dominated the market. Fast forward to 2017, and my colleague Doug Cahill and I are currently tracking around 50 endpoint security vendors. Why has this market changed so much in such a short timeframe? New types of targeted threats regularly circumvented signature-based AV software over the past few years. This weakness led to system compromises, data breaches and panicky CISOs in search of AV alternatives. This in turn persuaded the fat cats on Sand Hill Road to throw VC dollars at anything that hinted at endpoint security innovation.OK, I get the need for more than signature-based AV, but there simply isn’t room in the market for 50 endpoint security vendors. Thus, it’s safe to assume we'll see a lot of M&A activity and outright business failures this year. To read this article in full or to leave a comment, please click here
  • Thoughts on incident response automation and orchestration

    Network World - Networking Nuggets and Security Snippets
    Just this week, I was reviewing several interviews I conducted with cybersecurity professionals on their organizations’ processes and tools for incident response (IR) automation and orchestration. Here are a few things that jumped out at me:1. IR is still often anchored by basic tools, manual processes, and key personnel. While trouble ticketing and ITSM tools are pervasive and fairly mature, too many enterprise organizations still “ham and egg” it through incident response. In other words, they rely on paper forms, spreadsheets, email handoffs and some socially challenged security analyst who’s really good a finding compromised systems and malicious network traffic. To read this article in full or to leave a comment, please click here
  • Cybersecurity pros to Trump: Critical infrastructure very vulnerable to cyber attack

    Network World - Networking Nuggets and Security Snippets
    Last week, President-elect Donald Trump received a comprehensive briefing on Russian hacking related to the 2016 Presidential election. In response, Trump released a statement that included the following:
    "Whether it is our government, organizations, associations or business, we need to aggressively combat and stop cyberattacks. I will appoint a team to give me a plan within 90 days of taking office.” 
    These “teams” tend to be made up of a combination of Washington insiders with intelligence and/or military experience, as well as an assortment of industry folks. For example, President Obama’s recent Commission on Enhancing National Cybersecurity, included former NSA director Keith Alexander, former IBM CEO Sam Palmisano, etc.To read this article in full or to leave a comment, please click here
  • 2017: The year of cybersecurity scale

    Network World - Networking Nuggets and Security Snippets
    It’s no surprise that lots of pundits and cybersecurity industry insiders claim that 2017 will be a challenging year full of nation state attacks, ransomware, and a continuing wave of data breaches. I concur with this common wisdom, but I also believe 2017 will be remembered as the year where cybersecurity analytics and operations encountered a wave of unprecedented scale. Now, I know that the need for security scalability is nothing new. Leading SIEM vendors can all talk about how they’ve had to rearchitect their products over the past few years to scale from thousands to millions of events per second (EPS) and somehow make sense of all this activity. To read this article in full or to leave a comment, please click here
  • Security data growth drives SOAPA

    Network World - Networking Nuggets and Security Snippets
    Happy new year, cybersecurity community! I hope you are well rested; it’s bound to be an eventful year.Way back when at the end of November 2016, I wrote a blog post about an evolutionary trend I see happening around cybersecurity analytics and operations technology. Historically, large enterprises have relied on SIEM products to anchor their security operations centers (SOCs). This will continue, but I see SIEM becoming part of a more global cybersecurity software architecture called SOAPA (security operations and analytics platform architecture). To read this article in full or to leave a comment, please click here
  • Looking Back to Look Forward on Cybersecurity

    Network World - Networking Nuggets and Security Snippets
    By now, everyone in our industry has provided 2017 cybersecurity predictions and I’m no exception.  I participated in a 2017 infosec forecast webcast with industry guru Bruce Schneier, and ESG also published a video where I exchanged cybersecurity prophecies with my colleague Doug Cahill (note: I am an ESG employee).Yup, prognosticating about the future of cybersecurity has become a mainstream activity, but rather than simply guess at what will happen next year, I think it is useful to review what actually happened over the past few years and extrapolate from there.To read this article in full or to leave a comment, please click here
  • High-demand cybersecurity skills in 2017

    Network World - Networking Nuggets and Security Snippets
    As I’ve written many times, the cybersecurity skills shortage is the biggest cybersecurity issue we face today. Not only are there too few bodies to fill the cybersecurity jobs, but a recent series of research reports from ESG and the Information Systems Security Association (ISSA) indicates that many currently employed cybersecurity professionals are overworked, not managing their careers proactively, and not receiving the proper amount of training to stay ahead of increasingly dangerous threats. Yikes!So, the skills deficit is clear, but which types of cybersecurity skills are in the highest demand? In the recently published ESG/ISSA research report, Through the Eyes of Cybersecurity Professionals, 371 cybersecurity professionals were asked to identify areas where the organizations they worked for had the biggest skills gaps. The results are as follows:To read this article in full or to leave a comment, please click here
  • New Research Reveals Cybersecurity Skills Shortage Impact

    Network World - Networking Nuggets and Security Snippets
    When it comes to the cybersecurity skills shortage, I am somewhat of a “Chicken Little” as I’ve been screaming about this issue for the last 5 years or so.  As an example, ESG research conducted in early 2016 indicated that 46% of organizations indicate that they have a problematic shortage of cybersecurity skills today (note: I am an ESG employee).So, ESG and other researchers have indicated that there aren’t enough infosec bodies to go around but what about those that have jobs?  How is the cybersecurity skills shortage affecting them and the organizations they work for?Earlier this week, ESG and the Information Systems Security Association (ISSA) published the second report in a two-part research report series investigating these issues.  This new report titled, Through the Eyes of Cyber Security Professionals, uncovers a lot more about just how deep the cybersecurity skills shortage cuts.  For example:To read this article in full or to leave a comment, please click here
  • Why CISOs succeed and why they leave

    Network World - Networking Nuggets and Security Snippets
    Earlier this year, ESG and the Information Systems Security Association (ISSA) published a research report titled, The State of Cyber Security Careers. The report was based on a survey of 437 cybersecurity professionals, the clear majority of which were ISSA members.Two-thirds of these cybersecurity professionals worked at an organization that employed a CSO or CISO. These individuals were then asked to identify the most important qualities that make a successful CISO. Here is a sample of the results:
    50% of respondents said strong leadership skills were most important
    47% of respondents said strong communication skills were most important
    30% of respondents said a strong relationship with business executives was most important
    29% of respondents said a strong relationship with the CIO and other members of the IT leadership team was most important
    23% of respondents said strong management skills were most important

    Based upon this list, it’s clear that successful CISOs need to be strong business people who can work with business and IT executives. This is an important consideration since many security professionals are deeply rooted in the technology rather than the business aspects of infosec.To read this article in full or to leave a comment, please click here

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place