• Infosec: More than reindeer games

    As CEO of XMAS Inc., the leading manufacturing and shipping enterprise, you face extraordinary pressure to deliver joy on Christmas morning to billions of kids around the world. In fact, it’s hard to think of any other top business leader who is responsible for so many children’s dreams each year—and whose executive compensation package consists entirely of cookies and milk. With only a single workshop located in a hostile climate, a limited number of legacy employees, one used vehicle, no financing and an extraordinary supply of sugar you’ve been able to accomplish more than what any of your competitors—all with far greater resources—will achieve over the course of their entire careers.

  • 5 working days left until the deadline for compliance with PCI DSS 3.0 kicks in

    Maintaining credit and debit card information on behalf of financial services clients demands the highest levels of security and customer confidence, and adhering to standards like PCI DSS plays a crucial role in this. Unfortunately, given the fact the financial sector remains a key target for cyber-criminals – pummeled by both nation state hackers trying to harm enemies’ core financial structure and criminals out to steal money – the time has come to put protections in place around that data itself.

  • Will 2015 be the year of risk-based security?

    As 2014 comes to a close, many of us are beginning to look ahead at the expected trends for the coming year. For those of us in cybersecurity who are at the forefront of protecting organizations from an increasingly dynamic threat landscape and the harsh realities of cybercrime, placing big bets and declaring predictions regarding what we will see in 2015 has become both sport and tradition.

  • Your email, your data, your control

    In the U.S., we are willing to trade our privacy and security in exchange for convenience. Think about the last time you stored your password on a website, kept a credit card on file with a service provider or hosted your email free in the cloud. All of these actions raise security concerns, but many of us accept those risks as the price of convenience. The dramatic increase in applications is only exacerbating the problem of increased avenues for sharing – and potentially exposing – personally identifiable information (PII).

  • Tackling the growing web of data residency and privacy regulations

    Compliance professionals realize that privacy and data residency requirements can vary significantly by country, and have become material issues for any enterprise using cloud services where data leaves the country of origin or is in the possession of a foreign-owned cloud provider. For example, Microsoft recently found itself in a drawn out legal battle against the U.S. government, which argued that it had the right to search Microsoft’s data warehouses for data even though they were located outside of the country.

  • How employees put your company at risk during the holidays

    Most enterprises of any significant size have implemented security training programs, designed to teach employees how to avoid major security risks – phishing attacks launched from clicking on suspicious email, password requirements that are complex and ever-changing, and perhaps even two-factor authentication when logging in to certain systems.

    As the year comes to a close, and employees feel the pressure of both the holidays and year-end close, seemingly harmless behaviors can put an organization at risk. With hackers growing more sophisticated, and increasingly targeting major enterprises (case in point, Sony Entertainment, during the week of Thanksgiving), organizations must be extra-vigilant leading into the holiday season.

  • HIPAA security compliance: How risk tolerant are you?

    At the heart of HIPAA lies a set of core security tenets for which every affected organization is responsible. These fundamentals are absolutely non-negotiable – but the Security Rule as a whole actually allows for a certain degree of flexibility in how requirements are implemented. When it comes to HIPAA compliance, many organizations lose sight of the fact that they have the power to balance risk and keep costs down.

    What do organizations need to know to assess their own risk tolerance and implement a balanced, efficient, and effective security strategy?

  • Why now is the time for enterprises to implement context-based authentication

    Security and efficiency are constant concerns in enterprise IT. The popularity of BYOD has been a boon for improved productivity and collaboration, but it has also created a new set of challenges, increasing the potential for fraudulent logins from the personal devices that are being used to access critical and non-critical applications.

  • Cloud security: Do you know where your data is?

    While many companies continue their quest to convert their own datacenters into true self-service private or hybrid clouds, the growth of public cloud is also undeniable.

    For companies, the public cloud beckons with unprecedented agility and responsiveness. For users, the ease of spinning up an environment for a pilot project in a public cloud in a matter of minutes is compelling - especially when compared to month-long wait times many experience when requesting internal server resources from IT.

  • Big Data analytics to the rescue

    In the battle against cyber criminals, the good guys have suffered some heavy losses. We’ve all heard the horror stories about major retailers losing tens of millions of credit records or criminal organizations accumulating billions of passwords. As consumers, we can look at a handful of friends at a cocktail party and assume that most, if not all, of them have already been affected.

Videos      Podcasts


Email scammers stole $215M from businesses in 14 months

Posted on 29 January 2015.  |  In 14 months there have been nearly 1200 US and a little over 900 non-US victims of BEC scams, and the total money loss reached nearly $215 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Jan 30th