Keeping Up With the Cloud Security Evolution

We're all familiar with the many benefits of moving to the cloud, but taking the steps to do it can be daunting. At the end of the day, however, if you take time to understand the risks posed by the cloud and implement a comprehensive strategy for managing them, you can—with confidence—take full advantage of all the benefits that come from running fast in the cloud.

Keep reading...

Ransomware is a Slippery Slope for Enterprises Large and Small

By Katherine Teitler 

May 20, 2016

Ransomware is the hot, new buzzword in security. It is also a serious, escalating problem. Hospitals in Kentucky, Maryland, Ottawa, and California (among others) have had data held hostage in recent months; the U.S. House of Representatives blocked access to third-party email apps after ransomware attempts (or maybe unconfirmed attacks?) were perpetrated; a Lansing, Michigan electricity utility was knocked offline and rendered inoperable for a week following a ransomware strike; and the folks behind the biggest online banking fraud, Dridex, have added ransomware as a secondary attack method once the banking Trojan executes.

Keep reading...

Provided by Pulse Secure

May 19, 2016

Naysayers often dismiss a hybrid/IT cloud as disruptive. It is not the hybrid/IT cloud that is the problem. The problem lies with poor network execution, security protocols, and management. The biggest barriers to a seamless hybrid cloud are inadequate compliance; lack of encryption; insufficient risk assessment; poor data redundancy; data leakage and other threats. 

Keep reading...

Working from Home Doesn’t Mean Eating Corn Nuts all Day

By Katherine Teitler 

May 18, 2016

Not even spring breakers, coffee makers, movers and shakers, or working-from home fakers…” This is the voiceover from a Kraft Macaroni & Cheese commercial. Even a company that manufacturers processed foods with no discernable nutritional value pits “movers and shakers” against work-from-home employees, as if, inherently, anyone who regularly works outside of an office is lazy and has questionable ethics. It’s 2016 and the ability to connect with others worlds apart has never been greater, so why do people still hold such a misconception about remote employees?

Keep reading...

Mobile devices aren't going away; mobile security needs to evolve just as rapidly

By Katherine Teitler 

May 17, 2016

All organizations know that flexibility, productivity, and personalization were drivers of the BYOD movement that started to take hold five, six years ago. Nowadays, the term is barely used, but B'ingYOD is commonplace at 99% of organizations, according to a new study conducted by IBM and sponsored by ISMG. Mobile device usage is ubiquitous, and even office-based employees reap the benefits of the ability to logon at any time from a tiny computer toted around in his or her pocket. According to the report, for which two hundred C-level security and technology leaders across all industries and geographies were surveyed, 63% of organizations allow personally-owned and enabled mobile devices and another 55% deploy corporate-owned but personally-enabled devices. Only 5% of organizations reported that mobile devices are not allowed.

Keep reading...

Honeypot

Honeypots are proactive security measures set up specifically to attract or detect malicious intrusions into a company’s networked systems for the purpose of catching and learning adversarial behavior. A honeypot is typically a dedicated computer or computers, applications, and data, not connected to an organization’s network, and serves as a lure to would-be attackers. Fake data is planted in the honeypot, which, were it real, could be very valuable to attackers. 

Keep reading...

Companies with Robust Security Postures Will Win Customers and Profits

By Katherine Teitler 

May 13, 2016

TalkTalk, a UK based telecommunications provider has at once publicly disclosed that the firm saw a 56% decline in last year’s profits and total revenues increased by 2.4% in the 12 months preceding March 31, 2016. The decline in profits is undoubtedly due to the aftereffects of a cyberattack in which the names, phone numbers, and email addresses of a reported 157,000 customers were lost. In addition, during the same incident 21,000 bank account numbers were accessed. As a (justifiable) knee-jerk reaction, more than 100,000 subscribers flew the coop, switching service to providers like Sky, BT, and Virgin Media. Yet in its Q4 leading up to March 31st, the company experienced its lowest ever “churn,” meaning that customer turnover was nominal and retention relatively stable, the company’s chief executive said in a statement. 

Keep reading...

Mobile Apps May Not be as Scary as Portrayed in the Media

By Katherine Teitler 

May 12, 2016

Yesterday, mobile security firm, Wandera, released findings from the company’s research into the state of mobile application security. The report, “Assessing the Security of 10 Top Mobile Apps,” is an attention-grabber. We all use mobile devices and we all download apps, some of them for work, some of them for pleasure, and security professionals know that mobile is risky business. While the 2015 Verizon Data Breach Investigations Report cautioned that certainly mobile presents security risks and challenges, it’s not yet one of the most commonly exploited weak spots in the ecosystem.

Keep reading...

APTs Aren’t the Threat You Might Think

By Katherine Teitler 

May 10, 2016

Advanced persistent threat. The term started sneaking into infosec nomenclature about ten years ago and reached its peak during 2010-2013, instigated by Stuxnet and trending steadily upward through the release of Mandiant’s APT1 report. Since then, security SMEs have debated the concept of advanced persistent threats (APTs), noting that often the skill required to perpetrate such an attack, nation state or otherwise, is far from advanced. Yet “APT” has held on, popping up in the FUD-based media headlines over the years. Just this month APTs have appeared in big, bold font on Forbes, Sophos, and ZDNet, to name a few.  

Keep reading...

Phishing

Phishing is a social engineering technique through which an attacker spoofs (i.e., imitates) a known source in an attempt to fool a victim into providing information or performing an action, like clicking on a link or opening an attachment. The purpose of phishing is to gain personal or sensitive information that can be used to spread malware, steal login credentials, access credit card details, learn more information about the user’s network (technological or social), or generally cause harm to the victim and/or a secondary target. 

Keep reading...

Challenges of Cloud Integration

In today's dynamic business environment, organizations face pressure to reduce cost, improve process efficiency, and drive financial growth. The "faster, cheaper, better" approach also flows down to technology. With the rapid advances of cloud technologies, IT directors and managers must balance the flexibility these services provide with the challenges posed by integrating and securing them with the internal corporate network.

Keep reading...

By Katherine Teitler 

May 6, 2016

OSINT—or open source intelligence—is a wondrous thing. As security professionals know, this nearly endless sea of information provides both opportunities and drawbacks. Threat intelligence vendors, though, harness the vastness of the web to unearth tidbits of information, often scattered in disparate locations and formats, and use it to correlate then analyze data which helps uncover cyber threats and trends.

Keep reading...

What the WhatsApp Ban Means for How You Approach Security

By Katherine Teitler 

May 5, 2016

WhatsApp, a popular encrypted messaging app, was briefly shut down throughout Brazil earlier this week after a regional judge ordered the country’s telecom providers to temporarily block the app. The court order was, for all intents and purposes, retribution against the service and its parent company, Facebook, for failing to hand over data to the state as part of an ongoing drug trafficking investigation.  Five telecom carriers reportedly complied with the shutdown before an appellate court overturned the original order.

Keep reading...

The FBI compels a California woman to unlock her iPhone with her fingerprint and legal eagles fly off the handle

By Katherine Teitler 

May 3, 2016

Spy movie aficionados know that the most secure rooms and hiding places are protected by biometric authentication, requiring thieves to go to great lengths to gain entry. When the tables are turned, however, and the government needs access to information about said criminals, all they need to do is ask! 

Keep reading...

Active Directory

Active Directory is an important aspect of enterprise management. The tool was developed in the late 1990s, previewed in 1999, and publicly deployed with Windows 2000. Initially meant to centralize domain management, its capabilities were upgraded in 2003 and again in 2008. 

Keep reading...

Becoming the best infosec leader, even under difficult circumstances

By Katherine Teitler 

April 29, 2016

Recently I was having a conversation with a good friend, a good friend who also happens to be a leadership and communication expert. We were discussing the topic of leadership in the security industry and how, while there are many bosses and executives, there are few truly excellent leaders in security today. It makes sense; many senior-level security professionals have come up through the technical ranks and haven’t received any leadership training. Add to it that security professionals are often not treated like other executives, which creates a separation between what’s expected of security leaders compared to the business side. Humans, when treated negatively, often react accordingly. It’s a cognitive bias we all possess, and it means that security executives, who are often the bearers of bad news or the dissenting voice among the crowd, are frequently viewed as the antagonist, which creates less-than-friendly relations with other business units and undermines security leadership efforts.

Keep reading...

The Indestructability of Data in the Cloud

Business leaders are often too trusting of the cloud. While on the other side, cloud providers claim they are secure – but that doesn't actually mean that your data is protected! Many consuming organizations, especially business stakeholders, have placed trust in their providers, often doing so blindly and without taking the necessary due diligence to understand what data assets they are sending to the cloud.

Keep reading...

Or, Won’t Get Fooled Again.

By Katherine Teitler 

April 27, 2016

Last week, Evelyn de Souza, Data Privacy Leader at Cisco Systems, and Andrew Hay, CISO of DataGravity, presented a preview of the combined knowledge they will share at MISTI’s Cloud Security World in June. Cloud security, depending on how you look at it, can either be considered “just another part” of information security, or it can be viewed as its own area of focus which requires distinct policies and protections. 

Keep reading...

Top Lies About Cloud Security

Are you more secure now that you've moved your data, server, or services to a cloud infrastructure? You're obviously more secure in the cloud than in your own data center, right? Hear Cloud Security World Co-Chairs Evelyn De Souza and Andrew Hay as they present the top 5 lies that you have likely been told about moving to the cloud.

Keep reading...

Access Control

Access control is the assignment of permissions to systems and network resources. Based on the entitlements created, access control is how a subject (person or entity) communicates and interacts with objects (networks, applications, programs, files, databases, etc.). 

Keep reading...

Event Search

Download Catalog Dark Blue 300x58

Subscribe to Newsletter LightBlue 2 300x58

ACV17 300x58

MIS|TI Tweets

ACL MISTI Grey 300x58

Please choose your region

Submit
Select a Region
United States
United Kingdom/Ireland
Africa
Americas
Asia-Pacific
Europe
Middle East

By continuing to use misti.com you will be agreeing to the website Terms and Conditions, the Privacy Policy, and the Use of cookies while using the website.