The Password is Dead – 6 Best Practices for Multi-Factor Authentication
Compromised credentials are a leading cause of security breaches. According to Verizon’s 2015 Data Breach Investigations Report, 95% of security incidents involved stealing credentials from customer devices, and using them to web applications. So many stolen credentials are available to hackers, generally on the Dark Web, that passwords are no longer effective.
8 Principles for Securing DevOps
Although still in its infancy in the public sector, making the shift to DevOps methodologies is starting to catch on with many government agencies, including the U.S. Citizenship and Immigration Services, the EPA, and Nuclear Regulatory Commission.
As you may know, with DevOps, IT tasks and application deployment that would normally take months or years, now take weeks.
But Rome wasn’t built in a day.
Protect Sensitive CAD Data: 5 Steps to Reducing Data Leakage Risks
CAD files are highly valued and frequently shared and exchanged. But CAD files often contain confidential information and IP which can have legal data protection obligations. To protect these files collaborators may use email encryption programs, network file share access control, secure file transfer protocol, mobile device management, enterprise and cloud-based content management, and so on.
Using AI to Stay One Step Ahead of Cyber Criminals
The history of hacking shows that bad actors use good technologies for bad purposes. Machine learning is no different: it has never been easier for white hats and black hats to obtain and learn the tools of the machine learning trade. Software is readily available at little or no cost, and machine learning tutorials are just as easy to obtain.
Securing the Cyber Frontlines with the Right Workforce and Collaboration
Last month's ICIT Winter Summit hosted a packed house of cybersecurity thought leaders from the industry and the public sector. The summit convened with an opening keynote on Securing the Cyber Frontline from Brigadier General (Ret.) Greg Touhill, former Federal CISO.
Detect and Secure IoT and Rogue Devices, While Satisfying NIST RMF Security Requirements
We all know that the Internet of Things (IoT) is here. But IT professionals responsible for enterprise communications networks aren’t exactly sure where IoT resides on their networks or whether these devices are secured. Rogue devices are everywhere (although not all are out to steal the blueprints to the Death Star) but according to a survey sponsored by ForeScout Technologies, only 30% are confident that they know what IoT devices are on their network.
A Security Wish List for the New Administration Starts with Multi-Factor Authentication
Late last year, the government’s Commission on Enhancing National Cybersecurity published a detailed report, at President Obama’s request, to provide short- and long-term recommendations to strengthen cybersecurity in the public and private sector (you can read the full report on the NIST website).
Threat Hunting – Finding and Thwarting Mr. Robot
The concepts of threat hunting and threat intelligence went mainstream in 2016 bringing with it a whole new paradigm to threat mitigation and cybersecurity. But what is threat hunting and what use cases does it serve?
DHS Designates New Protections for U.S. Election Infrastructure
On the same day that U.S. intelligence agencies issued a non-classified report citing that Russian state-sponsored influence campaigns sought to “undermine public faith in the U.S. democratic process…” using a blend of covert activity (such as cyber activity) with overt efforts (state-funded media, paid trolls, etc.) the Department of Homeland Security took steps to protect the bedrock of our voting system – the nation’s election infrastructure.
The Threat Landscape – 2016 in Review, and What’s Ahead for 2017
Got breach fatigue yet? Yes, it’s been another bad year for computer security. 2016 saw the announcement of the biggest breach ever – the Myspace hack. But, that was quickly eclipsed by the September Yahoo data breach which resulted in the exfiltration of extensive account information, included passwords, from 500 million users.