For IT Pros Only

Lets be clear: this is for IT people. Not because IT people are better looking and drive cooler cars than the general populace (which is true: most IT departments look like extras from the set of The Fast and Furious), but because unless you're familiar with things like the dark blackness that grips your soul when you discover that two NICs have the same MAC address on your network - you probably aren't going to appreciate this at all.

Get Your Cards Now
Data Security

21st Century Cyber Wars: Defense Lags Offense

We don’t often get to see data security and cyber attacks discussed in detail on a top-rated national talk show, but that was the case last week. John Carlin, Assistant Attorney General for National Security, talked to Charlie Rose about cyber espionage, attack attribution, insider threats, and prevention. Even for those of us in the data security business, some of what he had to say about US cyber security was eye-opening. Carlin explains that our…
Data Security

[Podcast] IoT Pen Tester Ken Munro: Security Holes (Part 1)

If you want to understand the ways of a pen tester, Ken Munro is a good person to listen to. An info security veteran for over 15 years and founder of UK-based Pen Test Partners, his work in hacking into consumer devices — particularly coffee makers — has earned lots of respect from vendors. He’s also been featured on the BBC News. You quickly learn from Ken that pen testers, besides having amazing technical skills,…
Data Security

IT Concerns Country to Country: Ponemon Institute Study

Varonis recently released the third and final part of a study about data protection and enterprise security with the Ponemon Research institute: Differences in Security Practices and Vigilance across UK, France, Germany and US. This report compares survey responses of more than 3,000 IT professionals and end-user employees in UK, France, Germany and US. The survey was conducted to determine the security gaps within organizations that can lead to data breaches and ransomware. Some key…
Compliance & Regulation, Data Security

The Federal Trade Commission Likes the NIST Cybersecurity Framework (and You Should Too)

Remember the Cybersecurity Framework that was put together by the folks over at the National Institute of Standards and Technology (NIST)?  Sure you do! It came about because the US government wanted to give the private sector, specifically the critical infrastructure players in transportation and energy, a proven set of data security guidelines. The Framework is based heavily on NIST’s own 800-53, a sprawling 400-page set of privacy and security controls used within the federal…
Data Security, Privacy

Are Wikileaks and ransomware the precursors to mass extortion?

Despite Julian Assange’s promise not to let Wikileaks’ “radical transparency” hurt innocent people, an investigation found that the whistleblowing site has published hundreds of sensitive records belonging to ordinary citizens, including medical files of rape victims and sick children. The idea of having all your secrets exposed, as an individual or a business, can be terrifying. Whether you agree with Wikileaks or not, the world will be a very different place when nothing is safe.…
Data Security

[Podcast] Six Degrees of Kevin Bacon (Security Edition)

Since security pertains to everyone, in this episode of the IOSS we challenged ourselves to tie security back to Kevin Bacon. You might have to give us a few passes, but the connection is still strong. Keira Knightley: Earlier this year, a man applied for credit account at Best Buy using Keira Knightley’s driver’s license information. If they didn’t catch him, it would have affected her FICO score. And speaking of FICO, they just created an…
Data Security

NSA Contractor Arrest Reinvigorates Interest in Insider Threat

Despite efforts to reform its security after the Edward Snowden breach three years ago, the NSA announced another security breach involving one of its own contractors, Harold Thomas Martin III. This latest bombshell suggests continued vulnerabilities at our nation’s spookiest agency. In an effort to better guard the government’s sensitive data, White House spokesman Josh Earnest said that in the last few years, the number of people with access to classified information has been reduced…
Data Security

When a Cyber Attack Is a Political Weapon

We’re not surprised when hackers attack companies to scoop up credit card numbers or to cause IT disruption. If they’re state sponsored, they may target organizations to pull out intellectual property – military secrets or other sensitive information — as part of a cyber-espionage program. But hackers associated with a party (or state) hacking into another political party’s IT system to pull out embarrassing material? We’re in uncharted territory. Before you start shouting at your laptop,…
Data Security

Zero Trust Security: Tough Love for Your Employees

“Users inside a network are no more trustworthy than users outside a network” That’s a quote from the Oversight and Government Reform Committee in the latest 231-page OPM breach report. The report highlights an important solution for preventing data breaches: implementing the Zero Trust Model. What is the Zero Trust Model? Developed in 2009 by Forrester Research, the Zero Trust Model enlists enterprises to inspect all network traffic, from the outside and on the inside.…
IT Pros

The Enemy Within: A Free Security Training Course by Troy Hunt

It takes a very long time to discover a threat on your network according to the Verizon DBIR: Which is mind-boggling given the most devastating breaches often start with an insider—either an employee or an attacker that gets inside using an insider’s credentials. Target, OPM, Panama Papers, Wikileaks. The list goes on and on. The truth is that many organizations are behind the curve when it comes to understanding and defending against insider threats. So…
Data Security, IT Pros

Five More Videos from RSA 2016

It’s been a few months since we last visited the RSA sessions from this year’s conferences. Much has happened since then: for starters,  more ransomware, Yahoo, increased GDPR awareness, news details on OPM, and state actors behaving badly. With that in mind, we reviewed the archived RSA 2016 videos and came up with five prescient sessions that help explains what’s going on now and into the future. In the Dark: An Introduction to the Hidden World of the…
IT Pros

How to setup your DNS Server like North Korea

I can only imagine it’s a high stress job doing IT support for Kim Jong Un as he’s the kind of manager who probably watches you over your shoulder, touches your screen a lot and drops dark hints about “disappearing” your family for three generations if the patches don’t get deployed properly. While we often hear lots about massive companies leaking data, state sponsored hacking and the latest about exotic encryption methods, most security issues…