Compromised credentials are a leading cause of security breaches.  According to Verizon’s 2015 Data Breach Investigations Report, 95% of security incidents involved stealing credentials from customer devices, and using them to web applications.  So many stolen credentials are available to hackers, generally on the Dark Web, that passwords are no longer effective.

Although still in its infancy in the public sector, making the shift to DevOps methodologies is starting to catch on with many government agencies, including the U.S. Citizenship and Immigration Services, the EPA, and Nuclear Regulatory Commission.

As you may know, with DevOps, IT tasks and application deployment that would normally take months or years, now take weeks.

But Rome wasn’t built in a day.

CAD files are highly valued and frequently shared and exchanged. But CAD files often contain confidential information and IP which can have legal data protection obligations. To protect these files collaborators may use email encryption programs, network file share access control, secure file transfer protocol, mobile device management, enterprise and cloud-based content management, and so on.

The history of hacking shows that bad actors use good technologies for bad purposes.  Machine learning is no different: it has never been easier for white hats and black hats to obtain and learn the tools of the machine learning trade. Software is readily available at little or no cost, and machine learning tutorials are just as easy to obtain.

Last month's ICIT Winter Summit hosted a packed house of cybersecurity thought leaders from the industry and the public sector. The summit convened with an opening keynote on Securing the Cyber Frontline from Brigadier General (Ret.) Greg Touhill, former Federal CISO.

We all know that the Internet of Things (IoT) is here. But IT professionals responsible for enterprise communications networks aren’t exactly sure where IoT resides on their networks or whether these devices are secured. Rogue devices are everywhere (although not all are out to steal the blueprints to the Death Star) but according to a survey sponsored by ForeScout Technologies, only 30% are confident that they know what IoT devices are on their network.

Late last year, the government’s Commission on Enhancing National Cybersecurity published a detailed report, at President Obama’s request, to provide short- and long-term recommendations to strengthen cybersecurity in the public and private sector (you can read the full report on the NIST website).

The concepts of threat hunting and threat intelligence went mainstream in 2016 bringing with it a whole new paradigm to threat mitigation and cybersecurity. But what is threat hunting and what use cases does it serve?

On the same day that U.S. intelligence agencies issued a non-classified report citing that Russian state-sponsored influence campaigns sought to “undermine public faith in the U.S. democratic process…” using a blend of covert activity (such as cyber activity) with overt efforts (state-funded media, paid trolls, etc.) the Department of Homeland Security took steps to protect the bedrock of our voting system – the nation’s election infrastructure.

Got breach fatigue yet? Yes, it’s been another bad year for computer security. 2016 saw the announcement of the biggest breach ever – the Myspace hack. But, that was quickly eclipsed by the September Yahoo data breach which resulted in the exfiltration of extensive account information, included passwords, from 500 million users.