Reactive Cybersecurity Strategy Is Not A Strategy
It’s encouraging that many organizations have become aware of security of their networks and computer resources. This awareness is sometimes triggered by breach or fraud headlines in tech journalism, which leads to concern and curiosity. It is immediately apparent when I’m speaking with a company that has suffered from an attack because their questions are [Read More...]
The Identity Context
This entry is part 3 of 3 in the series Identity Context: Defense’s Next PlayPart Three: The Identity Context All attacks involve some form of stolen identity. According to Mandiant’s threat landscape study, 100 percent of breaches they investigated involve stolen credentials. In our own studies — where we reverse-engineered malware and studied the source [Read More...]
Credit Card Number Theft: POS Malware and the Path of Least Resistance
It was December 2011 when we first read about payment card number theft that occurred at Subway sandwich shops. Now, we’re sorting through the theft of 40 million payment cards from Target. That number was revised to 70 million names and identifying information such as phone numbers. Researchers, most notably Brian Krebs, have done a [Read More...]
Digital Certificates: Strengthening Security in the Enterprise
Upon first glance, a utility meter might seem like the furthest thing from a security threat than you could imagine. After all, what harm could come from a device that measures the amount of electricity or gas your building consumes? The reality is, however, that in today’s ultra-connected world, this type of naive thinking could [Read More...]
Top 10 Holiday Scams to Steer Clear of this Season – Part 2
This is Part 2 of a two-part series. To read the first post, click here. Top 10 Holiday Scams to Steer Clear of this Season 6. Order shipment notification When doing your holiday shopping, always make sure that the email notification confirming your order shipment is directly tied to the official company of which you [Read More...]
Did Google Miss the Mark With Push To Make Passwords Obsolete?
On Saturday, Forbes discussed Google’s 2014 vision to make user-generated passwords obsolete. It’s an initiative that deserves praise and is long overdue. Someone is finally taking strong authentication and identity-based security seriously — particularly in the consumer space. It does, however, come with some caveats. Google is demonstrating that identity-based security solutions are available for [Read More...]
Is Your Mobile Device Secure?
Infographic Visualizes Truth on Mobile Security Our world is becoming faster and more portable every day. I can picture an 80-year-old version of myself mindlessly rambling about a time where you could only send 200 text messages a month, but only if your parents trusted you enough to upgrade your service plan. Meanwhile, my grandkids [Read More...]
Thomson Reuters Latest Casualty of Twitter Account Hacks
For quite awhile now, we have been following several stories related to the hacking of Twitter accounts. And this week, the newsfeed is inundated with information that the hackers have indeed struck again. And yet again, it’s the Syrian Electronic Army causing social media mischief. While the Associated Press was a major victim of social [Read More...]
Facebook vs. Salesforce Battle for Enterprise Identity or Straight Consumerization?
I recently read an interesting article by Ericka Chickowski, “Facebook vs. Salesforce: An Identity Smackdown?” at Dark Reading.
Mobile and Security – No Longer Mutually Exclusive
In December, Entrust and Forrester began work on a Technology Adoption Profile (TAP) whitepaper centering on mobile. As organizations have begun to accept the inevitable — the eventuality of mobile devices permeating networks and infrastructures — they are looking to address mobile security as a whole and not as siloed device types (e.g., corporate- and employee-owned). With this in mind, the report discusses bring-your-own-device (BYOD) and corporate-owned devices together.