Slamming a Ukrainian energy provider for recently falling victim to a spear-phishing email and Excel macro attack might be easy. But security experts recommend all organizations use the incident to ensure they won't fall victim to copycat attacks.
What's it take to be a successful CISO? Mark Dill, former longtime information security director at the Cleveland Clinic, says it comes down to being patient, persistent and perceived as practical. He offers detailed career advice in this interview.
Adobe is warning Flash users to update their software immediately in the wake of zero-day attacks that can enable attackers to take full control of vulnerable systems. This year, Adobe has patched 316 bugs in Flash. Is it time for the plug-in to die?
To help train more cybersecurity professionals, academia must work with business and government to find enough qualified trainers and educators, says George Washington University Professor Diana Burley.
What's it like to be a CIO or CISO at an enterprise where everyone is a security expert? What are some of the unique challenges and advantages? Blue Coat Systems CIO Chris Birrell shares his experiences in this role.
Cybersecurity is becoming an issue in the U.S. presidential campaign, finally. That's good news because it's critical in our day-to-day lives. But are the candidates doing the issue justice in the way they address it?
As information security professionals consider new opportunities, they must carefully determine whether the corporate culture is a good fit, says former healthcare CISO Jeff Cobb, who recently made his own career transition to security consulting.
Security experts are warning that Internet-connected devices - including toys - should be treated as insecure and untrusted until proven otherwise. Have our collective information security shortcomings ever been more seasonally appropriate - or scarier?
Ireland's Cyber Crime Conference in Dublin drew a capacity crowd for a full day of security briefings, networking, hotly contested capture-the-flag and secure-coding challenges, as well as a chance to sharpen one's lock-picking skills.
More cybersecurity specialists are making the leap from long-time careers in law enforcement, the military and the government to the private sector, says Dale Meyerrose, a retired U.S. Air Force Major General, who explains why.
Too many security awareness and education programs fail because they're boring, says Lance Spitzner, research and community director for the SANS Institute's "Securing the Human" program. Read his suggested fixes.
As the unfolding investigation into the Paris attacks shows, just sharing threat-related data - without adding the crucial context that turns it into actionable intelligence - won't help organizations block attacks.
NICE's Rodney Petersen sees too many government agencies and businesses using old-school methods to identify and recruit IT security professionals. Consequently, they often fail to build their cybersecurity staffs.
Despite near-constant warnings from law enforcement officials and the information security community, too many organizations still aren't taking security seriously, experts warned at the Irish Cyber Crime Conference in Dublin.
In the wake of the Paris attacks, cybersecurity expert Brian Honan argues that now is not the time to make snap public policy decisions that attempt to promote or restrict either cryptography or surveillance.