Does your organization suffer from security fatigue? They probably do. That’s according to a new study from NIST.

Common symptoms of security fatigue include updating your password with a slight variation on the last one and a “weariness or reluctance to deal with computer security.”  All of which can cause computer users to feel and act recklessly.

Data dissemination and file sharing between agencies and law enforcement authorities is a natural part of government business. But what happens when those files leave the security of domain-controlled network drives and content management systems?

Our very own Chief Cybersecurity Technologist and Institute for Critical Infrastructure Technology (ICIT) fellow, Don Maclean, recently joined fellow fellows Robert Lord (Protenus), John Menkahart (Securonix), Dr. Ron Ross (NIST) and ICIT co-founder and senior fellow, Parham Eftekhari on Capitol Hill to discuss the risks and threats associated with cyber attacks on healthcare facilities.

Last year, we reviewed threat reports from numerous companies and organizations.  At the time, a couple of simple themes emerged: too many systems were unpatched, and phishing was a predominant means of intrusion.  These themes are still present a year later, but some new trends have arisen to keep them company.

Could user and entity behavior analytics (UEBA) be the missing piece of the puzzle that security teams have been waiting for in their bid to outmaneuver threat actors?

The Most Critical Skills Gap: Cybersecurity

Since Target’s hack back in 2013, cybersecurity has been top of mind for organizations, especially those with sensitive information. However, the talent pool of those who are skilled in intrusion detection, secure software development and attack mitigation is not growing at the same rate as the demand. Many reasons contribute to this disconnect, including a lack of training in higher education and a 53% increase in need.

Technology Is Monitoring the Urban Landscape

Incident response (IR) teams are overwhelmed. Larger attack surfaces, state-sponsored cyber terrorism, and the industrialization of cyber crime all create fires and headaches for IR teams.

Many organizations are quickly discovering that cyber threat hunting is the next step in the evolution of the modern Security Operations Center (SOC).

But what is “hunting"?

Sqrrl, a leader in big data analytics and cybersecurity, defines hunting as “the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.”

This All-Star Team Plans to Jumpstart 100 Cybersecurity Companies in 3 Years