COVID-19 Creates Opening for OT Security Reform Commentary | 9/30/2020 | Post a comment Operations technology was once considered low risk, at least until the virus came along and re-arranged the threat landscape.

Attacker Dwell Time: Ransomware's Most Important Metric Commentary | 9/30/2020 | 2 comments How to bolster security defenses by zeroing in on the length of time an interloper remains undetected inside your network.

Shifting Left of Left: Why Secure Code Isn't Always Quality Code Commentary | 9/29/2020 | Post a comment Enabling engineers to share responsibility for security and empowering them to erase common vulnerabilities are good starting points.

Safeguarding Schools Against RDP-Based Ransomware Commentary | 9/28/2020 | 2 comments How getting online learning right today will protect schools, and the communities they serve, for years to come.

WannaCry Has IoT in Its Crosshairs Commentary | 9/25/2020 | Post a comment The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware.

Solving the Problem With Security Standards Commentary | 9/24/2020 | Post a comment More explicit threat models can make security better and open the door to real and needed innovation.

My Journey Toward SAP Security Commentary | 9/23/2020 | Post a comment When applications are critical to the business's core functions, the CISO and their staff better get the security right.

7 Non-Technical Skills Threat Analysts Should Master to Keep Their Jobs Commentary | 9/23/2020 | Post a comment It's not just technical expertise and certifications that enable analysts to build long-term careers in cybersecurity.

New Google Search Hacks Push Viruses & Porn Commentary | 9/22/2020 | Post a comment Three incidents demonstrate how cybercriminals leverage the scourge of black-hat search engine optimization to manipulate search results.

Permission Management & the Goldilocks Conundrum Commentary | 9/22/2020 | Post a comment In today's COVID-19 era, managing access has become even more difficult, especially for large organizations. Here's how to get it "just right."

5 Steps to Greater Cyber Resiliency Commentary | 9/21/2020 | Post a comment Work from home isn't going away anytime soon, and the increased vulnerability means cyber resiliency will continue to be critical to business resiliency.

IDaaS: A New Era of Cloud Identity Commentary | 9/20/2020 | Post a comment As identity-as-a-service becomes the standard for enterprise identity management, upstarts and established competitors are competing to define the market's future. Participate in Omdia's IDaaS research.

Mitigating Cyber-Risk While We're (Still) Working from Home Commentary | 9/18/2020 | 1 comment One click is all it takes for confidential information to land in the wrong hands. The good news is that there are plenty of ways to teach preventative cybersecurity to remote workers.

Time for CEOs to Stop Enabling China's Blatant IP Theft Commentary | 9/17/2020 | Post a comment Protecting intellectual property in the name of US economic and national security should be part of every company's fiduciary duty.

Struggling to Secure Remote IT? 3 Lessons from the Office Commentary | 9/17/2020 | Post a comment The great remote work experiment has exacerbated existing challenges and exposed new gaps, but there are things to be learned from office challenges.

8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels Commentary | 9/16/2020 | Post a comment Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?

Cybersecurity Bounces Back, but Talent Still Absent Commentary | 9/16/2020 | 2 comments While the demand for cybersecurity talent rebounds, organizations will need to focus on cyber-enabled roles to fill immediate skills gaps.

Taking Security With You in the WFH Era: What to Do Next Commentary | 9/15/2020 | Post a comment As many organizations pivot to working from home, here are some considerations for prioritizing the new security protocols.

Encrypted Traffic Inference: An Alternative to Enterprise Network Traffic Decryption Commentary | 9/15/2020 | Post a comment Finding threats in encrypted inbound network traffic is complex and expensive for enterprises, but a fascinating new approach could eliminate the need for decryption.

Simplify Your Privacy Approach to Overcome CCPA Challenges Commentary | 9/15/2020 | Post a comment By building a privacy-forward culture from the ground up and automating processes, organizations can simplify their approach to privacy and be prepared for any upcoming regulations.

Open Source Security's Top Threat and What To Do About It Commentary | 9/14/2020 | Post a comment With open source developers regularly churning out new tools, the risk landscape has become too fragmented to properly monitor.

Fraud Prevention During the Pandemic Commentary | 9/11/2020 | Post a comment When the economy is disrupted, fraud goes up, so let's not ignore the lessons we can learn from previous downturns.

Managed IT Providers: The Cyber-Threat Actors' Gateway to SMBs Commentary | 9/10/2020 | 4 comments Criminals have made MSPs a big target of their attacks. That should concern small and midsize businesses a great deal.

Ripple20 Malware Highlights Industrial Security Challenges Commentary | 9/10/2020 | Post a comment Poor security practices allowed software vulnerabilities to propagate throughout industrial and IoT products for more than 20 years.

7 Cybersecurity Priorities for Government Agencies & Political Campaigns Commentary | 9/9/2020 | Post a comment As election season ramps up, organizations engaged in the process must strengthen security to prevent chaos and disorder from carrying the day. Here's how.

Top 5 Identity-Centric Security Imperatives for Newly Minted Remote Workers Commentary | 9/9/2020 | Post a comment In the wake of COVID-19, today's remote workforce is here to stay, at least for the foreseeable future. And with it, an increase in identity-related security incidents.

VPNs: The Cyber Elephant in the Room Commentary | 9/8/2020 | 2 comments While virtual private networks once boosted security, their current design doesn't fulfill the evolving requirements of today's modern enterprise.

8 Frequently Asked Questions on Organizations' Data Protection Programs Commentary | 9/8/2020 | Post a comment Adherence to data protection regulations requires a multidisciplinary approach that has the commitment of all employees. Expect to be asked questions like these.

The Hidden Security Risks of Business Applications Commentary | 9/4/2020 | Post a comment Today's enterprises depend on mission-critical applications to keep them productive, help better serve customers, and keep up with demand. It's important that they also know the risks.

Fake Data and Fake Information: A Treasure Trove for Defenders Commentary | 9/3/2020 | Post a comment Cybersecurity professionals are using false data to deceive cybercriminals, enabling them to protect networks in new and innovative ways.

5 Ways for Cybersecurity Teams to Work Smarter, Not Harder Commentary | 9/3/2020 | 1 comment Burnout is real and pervasive, but some common sense tools and techniques can help mitigate all that.

Don't Forget Cybersecurity on Your Back-to-School List Commentary | 9/2/2020 | 1 comment School systems don't seem like attractive targets, but they house lots of sensitive data, such as contact information, grades, health records, and more.

Why Kubernetes Clusters Are Intrinsically Insecure (& What to Do About Them) Commentary | 9/2/2020 | Post a comment By following best practices and prioritizing critical issues, you can reduce the chances of a security breach and constrain the blast radius of an attempted attack. Here's how.

ISO 27701 Paves the Way for a Strategic Approach to Privacy Commentary | 9/1/2020 | Post a comment As the first certifiable international privacy management standard, ISO 27701 is a welcome addition to the existing set of common security frameworks.

Why Are There Still So Many Windows 7 Devices? Commentary | 9/1/2020 | 6 comments As the FBI warns, devices become more vulnerable to exploitation as time passes, due to a lack of security updates and new, emerging vulnerabilities.

From Defense to Offense: Giving CISOs Their Due Commentary | 8/31/2020 | 5 comments In today's unparalleled era of disruption, forward-thinking CISOs can become key to company transformation -- but this means resetting relationships with the board and C-suite.

Redefining What CISO Success Looks Like Commentary | 8/28/2020 | Post a comment Key to this new definition is the principle that security programs are designed to minimize business risk, not to achieve 100% no-risk.

The Inside Threat from Psychological Manipulators Commentary | 8/27/2020 | 2 comments How internal manipulators can actually degrade your organization's cyber defense, and how to defend against them.

How CISOs Can Play a New Role in Defining the Future of Work Commentary | 8/27/2020 | 1 comment Rather than just reacting to security issues in the COVID-19 era, CISOs are now in a position to be change agents alongside their C-suite peers.

The 'Shared Responsibility' Misnomer: Why the Cloud Continues to Confound Commentary | 8/26/2020 | Post a comment Under the "shared responsibility model," the security management of cloud offerings is split equally between the vendor and the customer. Easy enough, right?

Deep Fake: Setting the Stage for Next-Gen Social Engineering Commentary | 8/26/2020 | 2 comments Humans are susceptible to normalcy bias, which may leave us vulnerable to disinformation that reinforces our beliefs.

Three Easy Ways to Avoid Meow-like Database Attacks Commentary | 8/25/2020 | Post a comment The largest problem facing database security today is the disconnect between security teams and DBAs beginning from the moment of configuration and continuing throughout the database lifecycle.

The Fatal Flaw in Data Security Commentary | 8/25/2020 | Post a comment Simply stated: No matter how sophisticated your security software is, data cannot be simultaneously used and secured. But that may be changing soon.

Dark Reading Launches New Section on Physical Security Commentary | 8/24/2020 | Post a comment Partnership with IFSEC enables Dark Reading to cover new areas of security and expand its audience.

Post-Pandemic Digitalization: Building a Human-Centric Cybersecurity Strategy Commentary | 8/21/2020 | Post a comment COVID-19 won't be the last major disruption of its kind. Instead, it is a glimpse into what may be to come as digitalization continues to affect all aspects of our lives.

Twitter Hack: The Spotlight that Insider Threats Need Commentary | 8/20/2020 | 2 comments The high profile attack should spur serious board-level conversations around the importance of insider threat prevention.