3 Executive Strategies to Prioritize Your IT Risk
May 22nd, 2013
Every company wants to know the best way to protect their company, but it can be difficult when faced with the evolving security challenges of today. I recently sat down with Richard Mason, VP & CSO at Honeywell, Roger Grimes, security columnist and author, to get their thoughts on risk management best practices. I hope [...]
How to Avoid Dangerous Data Breaches While Outsourcing
May 20th, 2013
There’s plenty of talk about security threats from internal employees—but what about the threats associated with outsourcing? The stats may (or may not) surprise you. Forty-six percent of organizations do not evaluate the security and privacy practices of vendors before sharing sensitive or confidential information, according to a recent study conducted by the Ponemon Institute. [...]
Hiding Under the Covers
May 15th, 2013
“All warfare is based on deception” – Sun Tzu, The Art of War Attackers like stealth. Once they have compromised a system, one of their primary goals is to remain undetected. Initially, attackers used malware with pseudo Windows service names such as svchosts.exe, winlogin.exe, lsasss.exe, and others. Although these names appear to be innocuous, power [...]
Ten Bulletins This May Patch Tuesday; But Don’t Get Excited
May 14th, 2013
While 10 patches covering 33 vulnerabilities may seem like a high number, it isn’t all bad news for IT professionals this May Patch Tuesday. Only two of the 10 patches released today are critical and both impact Microsoft Windows and Internet Explorer. The two critical-rated patches address the IE 8 zero-day that made news after attacking a [...]
Market Impact of a Data Breach
May 13th, 2013
In my Changeup post the other day, I mentioned that my colleague Paul Henry had saved an organization an estimated $10M (or roughly 15%) in market cap by showing that an intrusion had no material impact. That got me to thinking: what *is* the typical market impact of a breach? And furthermore, how good are [...]
BYOD or BYOT (Bring Your Own Threat)…The Case for Mobile Devices as Endpoints
May 7th, 2013
Lumension recently conducted a survey of more than 1,600 IT professionals on Linkedin regarding their thoughts on BYOD and mobile security. You can check it out here. There is a lot of interesting information in this survey, with one of the main takeaways was for these respondents’ organizations, BYOD is really all about end-user satisfaction [...]
Changeup Information Sharing
May 6th, 2013
We were talking with the CIO of a major healthcare company the other day who told us that his day had gone sideways because of the re-emergence of the ChangeUp worm / Trojan. This was news to me. I mean, yes, I’m a little behind in my reading, but I’d not heard much about ChangeUp [...]
New School Cyber Crooks Using Old School Malware Tricks
April 29th, 2013
You can teach old crooks new tricks, but many cyber criminals are discovering that the old tricks are working just fine. Indeed, recent security headlines feature old school malware attacks, like the MiniDuke. And old school botnets with creative new names are bum rushing the Internet. At the same time, reflective memory injection (RMI) attacks, which blend [...]
CISPA, FISMA Passed the House. Now What?
April 24th, 2013
CISPA, the Cyber Intelligence Sharing and Protection Act, passed the US House of Representatives late last week and will move to the Senate for further debate. If this rings a bell, it should. Last summer, CISPA passed the House before stalling in the face of a Senate filibuster. Of course, it was not the only [...]
ZIP Codes Are … PII?!
April 15th, 2013
Mr. ZIP (or Zippy to his friends) was born back in July 1963 and the soon-to-be 50-year-old is finally getting some privacy … in Massachusetts at least. The Massachusetts Supreme Court recently determined that under Mass. Gen. Laws, ch. 93, § 105(a), “personal identification information” includes a consumer’s ZIP code and decided that collecting such [...]






FREE Scanner
Free eBook
Over 80% of IT Directors say that mobile devices represent a security threat.



