Breaches and Leaks Soared 424% in 2018

Breaches and Leaks Soared 424% in 2018

Nearly 15 billion identity records circulated in underground communities in 2018, a 71% increase over the year as hackers targeted smaller organizations more widely, according to a new report (…).

breaches and Leaks, breaches, leaks, hackers, cybercrime, cybersecurity, cyber-criminals

Remote working may boost productivity, but also leave you vulnerable to attack

Remote working may boost productivity, but also leave you vulnerable to attack

New flexible working practices could pose a security risk to small businesses, with one in five of employees (21%) stating they are most productive when working in public spaces like a cafe or library, but only 18% concerned with the security implications this could have. SMBs therefore face the challenge of keeping their business secure, all the while adhering to the needs and expectations of the modern workforce (…)

vulnerable to attack, boost productivity, Remote working

CISO challenges and the path to cutting edge security

CISO challenges and the path to cutting edge security

Zane Lackey (…) serves on multiple Advisory Boards including the National Technology Security Coalition, the Internet Bug Bounty Program, and the US State Department-backed Open Technology Fund. (…) In this interview (…) he discusses CISO challenges, cloud security strategies, next-gen security, and much more.

CISO challenges, focus on bringing security capabilities

It’s time for a new cyber risk management model

It's time for a new cyber risk management model

An overwhelming attack surface, voluminous vulnerabilities, sophisticated threats, and new business requirements demand a new cyber risk management model.

cyber risk management model, risk management, attack surface, voluminous vulnerabilities, sophisticated threats

Why you should take an operational approach to risk management

Why you should take an operational approach to risk management

Combining two seemingly unrelated entities to make a better, more useful creation is a keystone of innovation. Think of products like the clock radio and the wheeled suitcase, or putting meat between two slices of bread to make a sandwich, and you can see how effective it can be to combine two outwardly disparate things.

operational approach to risk management

75% of Employees Could Cost a Business $7.91 Million

75% of Employees Could Cost a Business $7.91 Million

Seventy-five percent of professionals pose a moderate or severe risk to their company’s data, says (…) third-annual State of Privacy and Security Awareness Report, which also found that workers in the financial sector are more likely to be a risk with 85 percent of survey respondents falling into one of the two risk categories.

Employees Could Cost a Business, phishing emails

How to Protect Against Human Vulnerabilities in Your Security Program

How to Protect Against Human Vulnerabilities in Your Security Program

When it comes to cybersecurity, no doubt humans are the weakest link. No matter how many layers are added to your security stack, nor how much phishing education and awareness training you do, threat actors continue to develop more sophisticated ways to exploit the human vulnerabilities with socially engineered attacks. In fact, as security defenses keep improving, hackers are compelled to develop more clever and convincing ways to exploit the human attack surface to gain access to sensitive assets.
Protect Against Human Vulnerabilities, Security Program, secure email and web gateways, human vulnerabilities security program

Has your security evolved to counter Ocean’s Eleven of threat scenarios?

Has your security evolved to counter Ocean’s Eleven of threat scenarios?

In assessing how the cyber threat and mitigation landscape has evolved over time, I often think of the ways that “cops and robbers” movies have changed: In the old days, a typical scene would feature a bad guy walking into a bank with a note indicating that he had a gun, and that he wanted what was in the safe. He’d hand over the note to a teller, and then walk out with bundles of cash.
threat scenarios, cops and robbers, risk-based strategy, attack surfaces, stick-up men

There are many reasons why a certification can be a valuable career asset

There are many reasons why a certification can be a valuable career asset

career asset, certification

Many people who have experience with computers and information technology (IT), or even just have an interest in the field, have probably found themselves asking a simple question: Should I get certified or not?

There’s essentially no option to enter some professions without obtaining some form or certification or licensure. Most people intending to become a nurse, for example, or a tax accountant, would simply take for granted the requirement to clear certain hurdles that verify knowledge and skills before getting a job.

How to Use Security to Drive Sales

How to Use Security to Drive Sales

Security to Drive Sales

Making information security a priority within an organization isn’t easy. Security is usually seen as a specialized technical function within the organization and often isn’t aligned with organizational strategy or even day-to-day business tactics. Instead, information security teams are often siloed from the effects of their decisions and hyper-focused on detection, defense and mitigation. This is why companies’ security strategies often conflict with business operations. Does that new two-factor authentication system leave your sales team hanging out in the cold when they get locked out of your system in the middle of a demo? Too bad. The “S” in “IS” is for security, not sales.

6 Ways for SMBs to Improve Security, with Little Security Expertise

6 Ways for SMBs to Improve Security, with Little Security Expertise

Improve Security, Little Security Expertise

There is a children’s book, “Inside, Outside, Upside Down” featuring The Berenstain Bears, that teaches young children about spatial concepts. When it comes to securing your organization’s data, it may feel like you need to cover all of the spaces: inside, outside, and even upside down. It’s no wonder, since security risks exist everywhere: inside the network and outside the firewall, from employees accidentally leaking information via their mobile devices to outside phishing and malware threats trying to get in. With these increased cyber risks, companies of all sizes are constantly challenged with how to spatially navigate the security landscape.

The ins and outs of risk management

The ins and outs of risk management

Risk Management

With technological advancements rapidly increasing over the past couple of years, it’s unsurprising that data breaches have slowly crept up the list of small business owners’ biggest fears. For an SME (small-to-medium enterprise) that may not have even considered the possibility of this issue, the consequences of a breach could, in some cases, be fatal to the business. So you can see why the thought of not having protection in place is a scary one. So with an ever-increasing need for better risk management, what do you really need to know?

Criminals can build Web dossiers with data collected by browsers

Criminals can build Web dossiers with data collected by browsers

data collected by browsers, Criminals can build Web dossiers

Everybody knows by now that websites collect information about users’ location, visited pages, and other data that can help them improve or monetize the experience.

But just a small minority of Internet users realizes that browsers also collect/store information that can help attackers compile a “Web dossier” to be used for future attacks.

How to improve your security infrastructure when you’re on a budget

How to improve your security infrastructure when you’re on a budget.

security infrastructure, improve security

When you’re on a tight budget for cybersecurity, it can seem almost impossible to secure every part of your businesses’ network without going over budget with the latest technologies in place.

You may not be able to solve all your security needs immediately with a small budget, but the important thing is that you are working towards your security goals and taking steps to move the needle forward.

The new ISO 31000 keeps risk management simple

The new ISO 31000 keeps risk management simple

ISO 31000, risk management simple
Damage to reputation or brand, cyber crime, political risk and terrorism are some of the risks that private and public organizations of all types and sizes around the world must face with increasing frequency. The latest version of ISO 31000 has just been unveiled to help manage the uncertainty.

Why do we need a risk-based approach to authentication?

Why do we need a risk-based approach to authentication?

authentication

20 years ago, everyone worked at a desktop workstation hardwired into an office building. This made network security simple and organizations felt they could depend on the time-tested method of the trusted perimeter. Firewalls were relied on to keep out external threats, and anything within the network was considered secure and safe.

The Worst Passwords of 2017 Revealed

The Worst Passwords of 2017 Revealed

The Worst Passwords

For the second year in a row, “123456” remained the worst password.

The list was put together by SplashData, a company that provides various password management utilities that it compiled the list by analyzing more than five million user records leaked online in 2017.

In its 2017’s Worst Passwords of the Year list, “starwars” joins the list at #16.

5 Steps to Turn the NIST Cybersecurity Framework into Reality

NIST Cybersecurity Framework into Reality

NIST Cybersecurity Framework into Reality
The first version of the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF) was published in 2014 to provide guidance for organizations looking to bolster their cybersecurity defenses. It was created by cybersecurity professionals from government, academia and various industries at the behest of President Obama and later made into federal government policy by the Trump administration.

Five mental shifts we must make to achieve security beyond perimeters

Five mental shifts we must make to achieve security beyond perimeters

achieve security
Data centers aren’t exactly going extinct, but given the massive shift to public clouds, you need to make some significant adjustments if your mindset doesn’t already include or understand the cloud. The problem is that not every organization knows how to prepare for and embrace the cloud-driven future. It can take some major mental adjustments to shift mindset from on-prem environments based on the data center, which has a clear and definable perimeter, to the nebulous world of the cloud.

How CSOs Can Adapt to the Changing World of Digital Risk

How CSOs Can Adapt to the Changing World of Digital Risk

World of Digital Risk
Picture this, a large organization has been hacked, compromising the financial information of millions of people. News headlines detailing similar stories are now frequent, causing the job description of CSO to rapidly expand. In the past, the main responsibility of this role has been managing the physical security of an enterprise. But in today’s dominantly digital world, CSOs must expand their reach to not only monitor tangible risks, but also address the uninsured risks that live in the digital world.

Six data security questions that every board needs to ask

data security questions

data security questions
As data breaches become a constant headline, data security should be a major concern for company boards everywhere. Unless a board member has been hired specifically to provide oversight for cybersecurity programs, many boards may find themselves unprepared to perform the necessary level of due diligence.

6 Best Practices that Reduce Third-Party Cybersecurity Risk

Reduce Third-Party Cybersecurity Risk

Reduce Third-Party Cybersecurity Risk, cybersecurity risk
Cybersecurity threats are increasingly sophisticated and targeted. Hackers who want your information or want to disrupt your operations are looking for any way into your network. In an interconnected world, these hackers are increasingly looking to an organization’s supply chain partners, especially those with network access but without effective cybersecurity protection.

Why wait to be breached? Three reasons to secure your data now

secure your data

secure your data, iso 27001 training, information security training
“I’m working on it.”
“We don’t have room in this year’s budget.”
“Something else more important came up.”
“Well, we’ve not been breached before…”
“The risk of it happening is so small and it’s hard to quantify…”

These are some of the most common excuses companies give for delaying their security and compliance efforts. But, given the severe repercussions of just one breach – spiraling costs of damage-limitation, the brand-eroding reputational impact, falling share prices and lost jobs at the very highest level – putting off these initiatives is corporate insanity.

5 Basic Rules to Build an Effective Security Awareness Program

Security Awareness Program

Security Awareness Program
The Battle of Thermopylae, also known as “The Hot Gates,” fought in 480 B.C. is often put in the context that 300 Spartans held off a huge Persian army. In reality, the 300 Spartans were not alone during the battle. Alongside of them fought Athenians, Thebes, Thespians, and a variety of other united Greek forces. All told, until the last day or so, the Greeks had a force of between 7,000 and 10,000 soldiers at Thermopylae. The key difference is that the Spartan warriors were bred as warriors – they were professional soldiers. The Athenians, Thebes and Thespians were soldiers, but most of them had other, full-time jobs, and fought in the army when they were called upon.

5 Cybersecurity Vulnerabilities That People Still Forget About

 Cybersecurity Vulnerabilities

Cybersecurity Vulnerabilities
People are cautious of physical theft, but the security of digital assets is often ignored. The simplest actions can have devastating consequences for your data security. Outdated software, weak credentials, and malware all create opportunities for data exfiltration.

Studies show that many users believe they won’t be targeted by hackers and aren’t aware of the sheer number of risks posed by cloud and mobile data access. With cybercrime on the rise, it’s important that we all take a proactive approach to data security.

Here is just a handful of common attack vectors that hackers have taken advantage of in recent years:

The global impact of huge cyber security events

cyber security events

cyber security events
The past 12 months have seen a number of unprecedented cyber-attacks in terms of their global scale, impact and rate of spread. Already causing widespread public concern, these attacks only represent a small sample of the wide array of cyber threats we now face.

Europol’s Executive Director Rob Wainwright: “The global impact of huge cyber security events such as the WannaCry ransomware epidemic has taken the threat from cybercrime to another level. Banks and other major businesses are now targeted on a scale not seen before and, while Europol and its partners in policing and Industry have enjoyed success in disrupting major criminal syndicates operating online, the collective response is still not good enough. In particular people and companies everywhere must do more to better protect themselves.”

Salary Survey Extra: Deep Focus on ISACA CRISC

Salary Survey Extra: Deep Focus on ISACA CRISC
isaca crisc, crisc, crisc training, crisc certification, Certified in Risk and Information Systems Control Professional training, Certified in Risk and Information Systems Control Professional certification

Risky business used to be a Tom Cruise movie from the ’80s, but in 2017 it’s a pretty fair description of the just about any commercial endeavor. This is particularly true in the IT industry, where even the companies that consult about IT security sometimes get hacked. Anyone feeling great about Deloitte’s data protection consulting services this week?

When it comes to IT risk management, one certification stands out above the rest. The Certified in Risk and Information Systems Control (CRISC) credential offered by ISACA is your must-have qualification, and it’s also a perennial staple of our Salary Survey 75 list, checking in this year at No. 17.

The 5 cyber attacks you’re most likely to face

The 5 cyber attacks

The 5 cyber attacks
Don’t be distracted by the exploit of the week. Invest your time and money defending against the threats you’re apt to confront.

As a consultant, one of the biggest security problems I see is perception: The threats companies think they face are often vastly different than the threats that pose the greatest risk. For example, they hire me to deploy state-of-the-art public key infrastructure (PKI) or an enterprise-wide intrusion detection system when really what they need is better patching.

The fact is most companies face the same threats — and should be doing their utmost to counteract those risks. Here are the five most common successful cyber attacks.

TOP 5 advantages of achieving a professional certification

TOP 5 advantages of achieving a professional certificationprofessional certification

Advantage # 1:

It’s an accelerator to maximise your career potential and to reach your professional objectives.

An internationally professional certification is an accelerator, helping you maximise your career potential and to reach you professional objectives, for e.g. for an professional certified as an Auditor or an Assessor, it may provide the need qualifications to conduct audits and specific assessments in an organisation or even audits for a certification body; for a professional certified with the Foundation level, it will provide the qualifications related with the foundation concepts of a specific subject, and for an Officer, Implementer or Manager it may provide the needed qualifications for advising and participating in the implementation, management and/or maintenance of an specific framework adapted to the requirements of an organisation on a specific subject (for e.g. Privacy and Data Protection Framework, to comply with the requirements of the GDPR).

Understanding Cyber Insurance

Understanding Cyber Insurance

Cyber Insurance
Data breaches have led enterprises to invest more in cybersecurity programs. But what about consumers, who often feel the effects of a security breach?

Keith Moore, CEO (…), believes that consumers increasingly will take cybersecurity into their own hands and purchase cyber insurance policies.

6 Tips for CISOs Selling to the Board

CISOs Selling to the BoardCISOs, information security

There’s a shift taking place in the boardroom: With the recent high-profile cyberattacks like WannaCry and NotPetya, cybersecurity has been placed in the spotlight, making it a much more prominent topic than it was five years ago. Boardrooms are abuzz with questions about these breaches including “how did they happen?” or “what can we do to prevent them from happening to us?”

Monitoring logons the most effective way to detect a data breach

Monitoring logons the most effective way to detect a data breach

Monitoring logons, detect a data breach, Cyberattack, cybersecurity
Monitoring corporate logins is the most effective way to detect a data breach within an organisation, according to a new report on the ‘key indicators of compromise’ by IS Decisions.

Mismatched port and application traffic, increases in data reads or outbound traffic, geographical irregularities regarding the perimeter of the organisation, and data access at irregular times and locations are other key indicators identified. But the one common activity across nearly all attack patterns, necessary to perform basic hacks on network perimeters and endpoint devices, and move laterally across devices to access data unlawfully, is use of corporate logins.

Cyber Security Regulation. The Move Towards Board Involvement

Cyber Security Regulation

Cyber Security Regulation, cybersecurity Regulation
Regulators are the catalyst for stronger measures in cyber security, and new regulation from the EU is going to have a serious impact on organizations that process EU citizen data. After four years of diligence and debate, The EU Parliament approved the Global Data Protection Regulation (GDPR) on April 14, 2016. It will enter into effect on May 25, 2018, at which time those organizations in non-compliance will face heavy fines.

SIEM challenges: Why your security team isn’t receiving valuable insights

SIEM challenges

SIEM challenges, information security, cybersecurity
Today, many enterprises use security information and event management (SIEM) software to help detect suspicious activity on their networks. However, to be effective organizations need to surround a SIEM with security experts, advanced use cases, threat intelligence, and proven processes to investigate and respond to threats.

Integrating GDPR into your day to day IT practices

Integrating GDPR into your day to day IT practices

Integrating GDPR, General Data Protection Regulation requirements, Data Protection, privacy management
GDPR, four letters that when combined strike fear into the heart of any sysadmin. Luckily, there is quite some time before it comes into force, which means getting into the habit of complying should be natural by 25th May 2018. My default position on these types of regulations are to consider it from a consumer’s point of view, and think about how I would feel with someone holding personal data of mine for longer than necessary.

4 Best Practices for Backing Up Endpoints in Your Business

4 Best Practices for Backing Up Endpoints in Your Business

Backing Up Endpoints, risk management, information security
Follow these critical steps to minimize threats to data in highly mobile environments.

The risk of data loss can keep any IT manager up at night. Disappearing data can cause major expense and even serious damage to the credibility of a business and significantly affect the productivity of ­individual employees and workgroups.

Risk Management: How to Prevent Costly Supply Chain Incidents

Risk Management: How to Prevent Costly Supply Chain Incidents

risk management, iso 27005 risk manager, iso 31000 risk manager, supply chain security
Preventable corporate scandals, as seen by headline events related to Pepsi, Wells Fargo, Volkswagen, Chipotle and Wendy’s, result from a variety of risk management failures across a variety of industries. Notable scandals include cybersecurity failures at retail organizations and restaurants, quality control issues at manufacturers, and ineffective asset management and access rights at financial institutions.

How to Change Behavior for Stronger Security System Cybersecurity

How to Change Behavior for Stronger Security System Cybersecurity

Security System Cybersecurity, Cyberattack, cybersecurity, information security, cyber risk, cyber security
How Healthy Are Your Cybersecurity Habits?

There is a world of difference between knowing the right thing to do and actually following through and doing it. Think about doctors who repeatedly remind their patients to quit smoking, or to be careful with their cholesterol, to get regular exercise and adopt healthier eating habits instead of eating bacon with every meal. We know what we should do. Quite often, though, that knowledge is not enough to actually change our behavior.

You were probably aware of some fundamental cybersecurity best practices before you started to read this article. But let’s focus on two: passwords and firmware.

3 Questions to Improve Cyber Incident Recovery

Cyber Incident Recovery

Cyber Incident Recovery, Cyberattacks, cybersecurity, information security, NIST cyber security framework
The NIST Cybersecurity Frame-work focuses twice on the concept of improvement, doing so within both the Respond and the Recover functions. For improved response, NIST recommends that organizations incorporate lessons learned into their response plans and update their response strategies. When it comes to improved recovery, NIST echoes that guidance: Companies should incorporate lessons learned into their recovery plans and update their recovery strategies. Because of these similarities, it is helpful to consider this article in the context of our May 2017 Cyber Tactics column, “Been Hacked? Let That Be a Lesson to You.”

Emergency Preparedness Essentials: 5 Things CSOs Should Know

Emergency Preparedness Essentials: 5 Things CSOs Should Know

Emergency Preparedness, business continuity, disaster recovery
In order to ensure the safety and security of an organization’s personnel, a Chief Security Officer (CSO) must be able to identify, assess and develop appropriate responses to a wide range of potential and actual threats as they evolve in real time. This presents a Herculean challenge since security, while recognized as critical, is also preferred to be invisible in day-to-day operations. Substantial guidance in these efforts is available from the communities of law enforcement, the private sector and emergency planners. In particular, it is worth summarizing five central insights that can assist CSOs as they work to protect their organizations.

Building a strong cybersecurity program for the long haul

Building a strong cybersecurity program for the long haul

cybersecurity program, security awareness
Patch Tuesday is approaching and there is a chance it might be a boring one. Hopefully, I didn’t jinx things by saying that, but I think most of what we’ll see is a bit of volume on the third-party side. Before we get into the forecast, though, let’s talk about the recent roller coaster we’ve all been on.

The wannacry ransomware is a reminder to get serious about security

Get serious about security

get serious about security, ransomware, malware, security awareness, cyber attack

Wannacry Ransomware Attack

Ransomware is the word on everyone’s lips this week, following the massive WannaCry ransomware attack which spread quickly all over the world. Security experts estimate that over 200 000 systems across 150 countries were affected by the attack, in which hackers took advantage of a weakness in Microsoft’s Windows operating system to block any access to a computer system until a ‘ransom’ is paid in order to unlock the system again.

Investigations into the massive hack are still unfolding, but current thinking is that the attack originated in North Korea and made use of a set of top secret National Security Agency tools that were stolen and sold last year.

How to make cyber security a priority for your managers

cyber security as a priority

cyber security, ransomware, malware, security awareness, cyber attack
Both the business and technology industry are growing and making new advancements. These new improvements, such as converged systems and cloud storage systems, while strikingly beneficial, also bring with them new risks. One of the rising risks is cyber security. With many companies taking advantage of new technology and running their business online, they have become larger targets for cyber hackers.

A guide on how to prevent ransomware

A guide on how to prevent ransomware

prevent ransomware, malware, security awareness

Ransomware is fast becoming a major threat to computer systems in many organisations. It is an aggressive form of attack which criminals use to infect computers and block the victim from accessing their own data unless they pay a ransom. Ransomware is not a new threat but has become more widely used among criminals simply because it is highly profitable.

At its heart, ransomware is simply another form of a computer virus, albeit a very potent one. The methods it uses to infect a computer are the same ones other computer viruses employ.

IT job profile: So you want be a CISO

IT job profile: So you want be a CISOWant be a CISO, CISO, CISSP, CCISO, CISM, CISA, ISO 27001, Information security, Risk Management

Want be a CISO? Chief Information Security Officer (CISO) is a coveted position in many IT organizations. The high demand for qualified CISOs leads to tremendous competition for capable candidates and correspondingly high salaries. But what’s the real deal behind the scenes? Do you have what it takes to serve in a CISO role? If not, what qualifications do you need before you can join the information security big leagues?

Sitting in an organization’s senior-most security chair requires a unique mixture of professional experience and educational background. The CISO position is a career capstone for some and a way station to the CIO chair for others. Either way, arriving at this destination requires careful career planning. Most CISOs don’t get there by accident.

It’s Time to Change Your Perception of the Cybersecurity Professional

It's Time to Change Your Perception of the Cybersecurity Professional

Cybersecurity professional, cybersecurity careers, security education, security leadership, security talent gap, threat mitigation

To borrow from the Nobel Prize winning songwriter, the (security) times, they are a-changin’. When the commercial Internet was young – say in 1995 – IT structure was relatively simple. It consisted of just three layers: server, network and client. Each had its own security component.

Ah, the good old days. Growing complexity is one of today’s IT’s biggest security challenges. The more complex the system, the greater the attack surface (in general). It is much easier now to hide multi-pronged canattacks in different layers and parts of the IT infrastructure.

NIST CRIED: The Four Steps of Incident Mitigation

NIST CRIED: The Four Steps of Incident Mitigation

cyber security education, cybersecurity response, incident mitigation, NIST cyber security framework, risk mitigation

Mike Tyson notably said, “Everyone has a plan ‘till they get punched in the mouth.” So, how do you ensure the same doesn’t hold true for your company’s incident response plan when a real breach occurs?  Enter the NIST Framework category titled Mitigation.

Faced with an actual intrusion, companies would do well to focus on executing four immediate incident response steps.  Taken together, their initials form the acronym CRIED:

Cybersecurity Tips for the Break Room and Boardroom

Cybersecurity Tips for the Break Room and BoardroomBy Security Magazine on 5 January 2017
c-suite security metrics, cyber security education, cybersecurity awareness, cybersecurity leadership, security training, cybersecurity

Every day we are updated about the latest cybersecurity breaches – whether it’s Yahoo, Dropbox or LinkedIn, how many records have been stolen, or how much companies have paid in result from ransomware or financial fraud.

However, are employees and executives aligned with cybersecurity awareness? Are the risks and top discussions that happen in the break room similar to those that happen in the boardroom? The topics and concerns are farther apart than you could ever imagine.

4 Components of an Effective IoT Security Strategy

Internet of Things SecurityBy BizTech on 19 December 2016

IoT Security, information security, threat prevention
Recent breaches have shown the vulnerability of the Internet of Things, but IT departments can defend against hackers with a multifaceted approach to security.

While driving a Jeep Cherokee through downtown St. Louis in July 2015, Andy Greenberg felt a sudden blast of air from the vents. The radio mysteriously changed stations, music began blaring and the windshield wipers started. The situation went from perplexing to frightening when Greenberg stepped on the gas pedal but couldn’t accelerate as he watched an 18-wheeler approach in his rearview mirror.

Mitigating internal risk: Three steps to educate employees

Risk ManagementBy Help Net Security on 20 December 2016

cyber risk, risk management, security awareness
IT security is usually focused on how to prevent outsiders with malicious intent from causing harm to your IT systems and data. While this is a valid concern, people within organizations who simply do not understand the consequences of their everyday habits and behavior on company computers pose an equivalent if not greater risk.

Every person within a company that has access to information is a gateway for data exfiltration. This is why education for ALL employees that encourages following best practices for IT security safety is extremely important to implement within organizations. So where should you start? Take 3 easy steps.

Is Big Data becoming an important and possibly expensive form of currency ?

Big DataBy Cloud Tweaks on 19 December 2016

Big Data, Cloud Computing
When we think about currency in the world, we often go the pieces of paper money we all keep in our wallets or the numbers on the screen when we look at our bank accounts online. While this is the case for most people, anything that can hold value can be seen as a form of currency.

And in the “ever-evolving” world of technology, data is quickly becoming the next important and expensive currency in the world. Data is critical for almost anything from marketing a new product, helping a business run smoothly and much more.

The difficult path to cyber resilience

A Day in the Life of a Security ConsultantBy Help Net Security on 19 December 2016

cyber resilience

Global organizations are more confident than ever that they can predict and resist a sophisticated cyber attack, but are falling short of investments and plans to recover from a breach in today’s expanding threat landscape.

Organizational Resilience – the big concept these days


by António Relvas on October 27, 2016

What is Resilience in an organization? The definition that is widely accepted is that “organizational resilience” is the “ability of an organization to anticipate, prepare for, respond and adapt to incremental change and sudden disruptions in order to survive and prosper.

Ok, the above definition is a great one, but how to achieve resilience in an organization? This is the tricky part, and there are two ways (that can work).

Good Risk Management Practices. Are you at risk?

Risk Management

Risk management is about managing threats and opportunities. When is effective it is often unnoticed, but when it fails, the consequences can be dramatic, and this applies to everyone.

You are a risk manager and you may not know it, but we all make decisions and risk arise as a consequence of decisions we make. So, if you think about it for a moment, it becomes clear to you that when you make a decision, you anticipate and visualize the possible consequences of that decision in (near) future, and then you rethink the decision and decide.

The Goal of the Risk Manager

Risk management is the understanding, assessment (including prioritization) and treatment of risks, from highest to lowest, taking into account factors such as: the impact of a risk event may have; the likelihood of this risk event happens; and of course, the means involved for dealing with this risks.

The prioritization of risk management activities is essential, instantly identifying the risks with higher or lower impact and the likelihood of happen and of having impact on the business.

Often, a decision on risk management involves making choices between what we thought that may happen, based on past events (if possible), and what we