After the complete collapse of network security at Sony Pictures - in the wake of its data breach - it's important that we highlight some of the organization's fundamental security mistakes. Here's a macro view of the lessons we must all learn.
Once a file enters the network, we often lack the tools to monitor the file's behavior. In essence, using the point-in-time model, the security professional cannot retry the file for guilt or innocence.
The response by Sony Pictures Entertainment executives to the hack attack against their company provides a number of great examples for how to not to handle a data breach. Here are 7 key mistakes they made.
When you're thinking about securing your data assets and web site, how do you really know the value of what you're protecting? Akamai's Terrence O'Connor shares how to determine the cost of a data breach.
Richard Spurr has been CEO of security vendor ZixCorp for more than 10 years. How has his approach to e-mail security evolved, and how does he see evolving threats and the marketplace changing in the year ahead?
Researchers are alarmed about the increasing sophistication of crimeware-as-a-service, an underground business model that pushes adaptable malware from a botnet. How can banking institutions defend their accounts?
As CEO of ForeScout Technologies, which focuses on continuous monitoring of networks, T. Kent Elliott says he has to anticipate the next generation of vulnerabilities. So what's the most significant emerging risk? The Internet of Things.
Users' fear of data loss on personal devices must be balanced with an organization's need to protect sensitive information, says ZixCorp's Nigel Johnson. He explains the evolution of mobile device management.
A report claiming that Las Vegas Sands Corp. was hit with a "wiper" malware attack back in February, similar to one that recently affected Sony Pictures Entertainment, illustrates why more organizations need to mitigate the risks of such an attack.
Security experts see the FIDO Alliance's release of two universal authentication specifications as a positive move in the effort to eliminate passwords. But the standards' impact will be minimal unless they're widely adopted.
A recent blog post by Managing Editor Mathew J. Schwartz, "Why Are We So Stupid About Passwords?" raised a number of issues about the ongoing risks involved in using passwords for authentication. Read the strong reaction to the commentary and join the conversation.
A new version of the Destover malware includes a legitimate certificate from Sony. But a researcher claims it's a hoax. Meanwhile, new evidence emerges that the hackers who attacked Sony Pictures Entertainment had criminal - not nation-state - intentions.
Security experts are sounding warnings that a flaw known as POODLE, revealed Oct. 14, can now be used to decrypt some Internet communications secured using TLS. Vendors have begun describing workarounds and issuing patches.