For anyone and everyone debating the value of secure coding, please read this article. For anyone questioning the current target of Federal dollars for cyber security, read this article. This is stocked full of fantastic insights.
This article is yet another example of the dangers of failing to protect PHI. Healthcare providers please beware. The threat is real.
The nature and value of cyber insurance has been a closely watched debate in IT Security circles for some time. Far too many organizations are hanging their hat and trusting their financial futures on having a large cyber insurance policy while ignoring the basic blocking and tackling of IT security best practices. This article demonstrates a potential outcome to such an attitude.
Given the massive growth of Docker over the last year, this tool kit is especially exciting. Cloud-based containerization is an area that needs significant IT security tools and Kali is a great platform from which to start.
The data available from an organization like the IRS is staggering and to know that it was so easily pillaged is a bit disturbing. Given the fact that we have no option but to provide the source data makes it all the more upsetting.
I love the balancing act that innovation versus risk compliance represents, especially in a vertical like financial services. There are so many great ideas that must be tempered and hardened in an insecure world. I also love that IT Security is beginning to recognize this problem and move the conversation forward. I worked hard when managing a security team to move our stock answer from “no” to a firm “yes, but…”. Be willing to compromise as long as integrity can be maintained.
The patch management and vulnerability management nightmares that come along with battling end of life software and operating systems are not worth the effort. Many organizations avoid upgrades under the guise of legacy software demands and shrinking maintenance windows. Stop! It is simply not safe and not worth it. You are raising your risk level in an era of unprecedented criminal activity and known attack vectors. Take the time to properly maintain your environments.
Given the potential nature of the sites being compromised, extortion can become a powerful tool for cyber criminals. Online activity is more than simply shopping for shoes or looking up sports scores. All of your online activity can be used against you. Be prepared and use precaution when surfing. This type of compromise is just the beginning.
This is a good general overview from the leadership team at (ISC)2.