By Katherine Teitler

January 20, 2016

Back in time

On this first day of a Donald Trump presidency, many people around the world are watching and wondering what is going to happen in corporate America. The speculation is no less prevalent in the security industry. After all, cybersecurity has become a “hot topic” in the last few years, gaining a great deal of public awareness and interest. With that heightened awareness—and the realities (dangers) of increased digital assets—the Obama administration made grand gestures towards improving cybersecurity policies and programs which promised $19 billion in funding, support, and increased public-private collaboration.

Read more ...

By Katherine Teitler

January 19, 2016

Change your mind

Security staff are infamous for declaring “security does not equal compliance” whenever the topic of compliance is mentioned by a non-security person. The reasoning behind this is sound: Compliance is a set of minimum requirements and auditable actions or technologies. In some cases, compliance mandates have little to do with security at all, making security staff feel like they’re working on projects that don’t further their cause—particularly frustrating when security is overworked and understaffed. 

Read more ...

By Katherine Teitler

January 17, 2016

All star

Cybersecurity staffing—and the industry shortage—is a frequent topic of conversation among security practitioners. In the private sector, companies compete for the best and brightest, often extending attractive benefits including high salaries, the ability to work from home (or other remote locations), flex time to participate in research and industry events, generous paid time off, intra-office competitions for recognition, and more. In the public sector, hiring challenges are no less prevalent, but government agencies face additional obstacles when trying to find, attract, and retain security talent. Lower salaries and perceived rigidity in the workplace contribute to government’s cybersecurity hiring struggles, but as nation state competition heats up, especially as we enter a new era of public administration in the U.S., government and civilian agencies need to develop alternative hiring strategies if the U.S. wants to compete on a global scale.

Read more ...

By Marcos Colón

January 13, 2016

Big data and the Internet of Things are two buzzwords that rang through the halls and show floors of security conferences across the nation for quite some time. Although ambiguous, the terms took the industry by storm. Then there's security analytics; another buzzword that security marketing heads have been pushing heavily. But none of these terms have earned as much attention in a short period of time as threat intelligence. Alas! Finally a phrase that seemingly captures it all. 

Read more ...

By Katherine Teitler

January 12, 2016

Take me to the river

As the results of the Anthem breach investigation make their rounds, the security industry is reminded once again that phishing is a highly effective attack method. Barriers to entry are low, and once an attacker invests the time and effort to create a convincing and effective phishing email, that same phish can be easily used again and again until a single user falls victim, opening doors for the attacker to waltz right through.

Read more ...

By Katherine Teitler

January 10, 2016

Empire state of mind

The Children’s Commissioner for England released a report last week stating the need for sweeping changes to terms and conditions on social networking sites, particularly those with audiences largely comprised of children and young adults. The report begins, “The internet is an extraordinary force for good but it is not designed with children in mind.” And while, according to the report, children as young as 3-4 years are now spending an average of 8 hours and 18 minutes per week online (!!), greater transparency around how users’ data is collected and consumed is warranted in general.

Read more ...

By Katherine Teitler

January 6, 2016

Get the party started

After planning to prepare to attend a security conference and deliberating your engagement strategy onsite, the next step in maximizing your security conference experience is thinking through how to get the most out of the information, ideas and advice provided during the event. Conferences can deliver an overwhelming amount of information, and it’s not unusual for attendees to feel sensory overload. Therefore, developing a method for handling all of that information is key to a better conference experience, both while onsite and afterward when you return to your office.

Read more ...

By Katherine Teitler

January 5, 2016

Get the party started

In part one of this series on “Maximizing Your Security Conference Experience in 2017” we explored how preparing to attend an industry conference can yield positive results in terms of extracting value onsite. It’s not enough, though, to create a plan then sit back and wait for it to unfold. 

Read more ...

By Katherine Teitler

January 4, 2016

Get the party started

Jumping back into work at the start of a new year propels many to evaluate plans and commit to better habits, greater value, and generally getting the most out of work and/or life. It’s good to take a step back and think through what worked during the past year, what didn’t, and muse on how to maximize one’s efforts. Self-reflection is an empowering tool, and though “be a better conference attendee” might not have made your list of New Year’s resolutions, security practitioners spend a lot of time at industry conferences; there’s much to be gained by attending conferences, yet most people don’t make optimal use of their own time (and possibly their company’s funding) during adventures out of the office.

Read more ...

Locky

Locky is ransomware that was first detected on Tuesday, February 16, 2016 as Trojan.cryptolocker.AF. It is a massive malware campaign which encrypts files and adds a .locky extension. Each extension is preceded by a unique 16 character file name.

Locky is spread primarily through spam or phishing campaigns. Each email contains a Word attachment masquerading as an invoice for the recipient. When the user opens the Word doc,text is scrambled anduser is prompted to enable macros to read the text. The macros are malicious, however.

Keep reading...

December 26, 2016

Colossal data breaches, massive distributed denial-of-service botnets taking down popular websites, and Russian hackers interfering with the U.S. election – a lot has happened in 2016, and InfoSec Insider has kept up with the news along the way. Rather than regurgitate the headline-grabbing news items that have dominated the information security industry, we’ve worked toward providing a relatable, outside-in view that encourages security practitioners to think about problems differently. As we continue to ramp up our efforts in providing you with a resourceful library of content you can rely on, we’ve decided to reflect on some of the top InfoSec insider articles of 2016, based on the engagement we’ve received from our readers.

Read more ...

Blank space

By Katherine Teitler

December 22, 2016

Many uncertainties await the world when the new United States administration takes office on January 20, 2017. The President-elect, while extremely vocal on the campaign trail, has been disconcertingly cagey in the weeks leading up to inauguration. As it pertains to technology and cybersecurity, Donald Trump held closed-door meetings with some of the tech industry’s top executives last week, but the Electronic Frontier Foundation (EFF) wasn’t satiated. Spurred on by Trump’s previous promises of increased surveillance, his condemnation of Apple during the encryption debate with the FBI, and his late-night Twitter rants challenging certain individuals’ rights to free speech, the EFF bought a full-page ad in Wired that urges technology companies to “unite with the Electronic Frontier Foundation in securing our networks against this threat.” 

Read more ...

Waiting on the world to change

By Katherine Teitler

December 21, 2016

The New Year is close upon us and many security firms and media outlets are busy publishing 2017 predictions or “the year in review.” Rather than following suit, I’d like to propose a New Year’s resolution to all security practitioners (and office workers, in general, really):

Read more ...

Someone like you (Van Morrison version)

By Katherine Teitler

December 20, 2016

Forming a threat intelligence team, as a supplement or specialized subset of the security team, requires not only a particular set of skills that may be outside security’s traditional core competency, but also more bodies to fill those roles. In security, where human resources are tight to begin with, thinking about where you’re going to find the best individuals to staff a threat intelligence team can quickly turn into a headache.

Read more ...

Marcher Trojan

The Marcher Android Trojan is a malware variant which first emerged in late 2013. Sold on underground forums, the early malware targeted predominantly Russian Android users. Marcher appeared as an overlay “payment” page in Google Play when the user tried to download or install an app, its intent to trick users into entering payment information. The payment information, along with other device information, would then be sent back to the attackers’ command and control (C&C) so the attackers could siphon money and monitor for the launch of other applications which could be configured to allow the attackers to steal more money. 

Keep reading...

Titanium

By Katherine Teitler

December 16, 2016

Operational resilience is the name of the game when it comes to how business leaders evaluate cybersecurity program effectiveness. While security practitioners are thinking about exploits, vulnerabilities, controls, and threat actors’ TTPs, what executives really want to know is, “When the company is the victim of an attack, what effect will that have on the rest of the company, how quickly can employees resume ‘business as usual,’ and what hard and soft costs will be incurred?” 

Read more ...

Let the sunshine in

By Katherine Teitler

December 14, 2016

“Security has a secret power: threat intelligence,” quipped Dave Ockwell-Jenner, Senior Manager, Security Threat & Operational Risk Management (STORM) at SITA, during MISTI’s recent Threat Intelligence Summit in New Orleans, Louisiana. True enough, if the ability to look into the future exists even somewhat, that ability is reliant upon intelligence, in security’s case, cyber threat intelligence.

Read more ...

Sever Message Block

A server message block (“SMB,” not to be confused with “small and medium businesses,” another common abbreviation) is an application layer network file-sharing protocol which allows systems within the same network to share and access files and resources easily. SMBs facilitate network communication between client applications and the server. 

Keep reading...

Teach your children

By Katherine Teitler

December 12, 2016

Last week in New Orleans, Louisiana MISTI held its second annual Threat Intelligence Summit. Event Chair, Tim Callahan, SVP & CISO at Aflac, kicked off the event by saying that threat intelligence “is our best defense against our adversaries,” noting that effective, successful security departments are “not hunkered down behind the perimeter” waiting to identify signs of cyber attacks that are few and far between. 

Read more ...

Event Search

Download Catalog Dark Blue 300x58

Subscribe to Newsletter LightBlue 2 300x58

Register Mobile Security Summit 300x58

Ransomware ad

MIS|TI Tweets

ACL MISTI Grey 300x58

Please choose your region

Submit
Select a Region
United States
United Kingdom/Ireland
Africa
Americas
Asia-Pacific
Europe
Middle East

By continuing to use misti.com you will be agreeing to the website Terms and Conditions, the Privacy Policy, and the Use of cookies while using the website.