blog.malwarebytes.org blog.malwarebytes.org

Who is managing the security of medical management apps?

One truth that is consistent across every sector—be it technology or education—is that software is vulnerable, which means that any device running software applications is also at risk. While virtually any application-running device could be compromised by an attacker, vulnerabilities in medical management apps pose a unique and more dangerous set of problems. Now add to vulnerabilities the issue of data privacy, especially that of...

securityintelligence.com securityintelligence.com

Is Cloud Business Moving too Fast for Cloud Security?

As more companies migrate to the cloud and expand their cloud environments, security has become an enormous challenge. Many of the issues stem from the reality that the speed of cloud migration far surpasses security’s ability to keep pace. What’s the holdup when it comes to security? While there’s no single answer to that complicated question, there are many obstacles that are seemingly blocking the path to cloud security. In...

blog.malwarebytes.org blog.malwarebytes.org

Are hackers gonna hack anymore? Not if we keep reusing passwords

Enterprises have a password problem, and it’s one that is making the work of hackers a lot easier. From credential stuffing to brute force and password spraying attacks, modern hackers don’t have to do much hacking in order to compromise internal corporate networks. Instead, they log in using weak, stolen, or otherwise compromised credentials. Take the recent case of Citrix as an example. The FBI informed Citrix that a nation-state...

securityintelligence.com securityintelligence.com

Are Your Employees Really Engaging With Security Awareness Training?

Does your organization have a formal security awareness and training program? I’m constantly surprised at how often the answer is an awkward and uncomfortable “no.” Implicit in the awkwardness is the recognition that such a program is a critical piece of a strong security strategy. Without awareness and training, it’s likely that security will not be front of mind for your end users — but that doesn’t mean that...

securityintelligence.com securityintelligence.com

To Improve Critical Infrastructure Security, Bring IT and OT Together

As connectivity in the industrial internet of things (IIoT) continues to accelerate, efforts to secure industrial control systems (ICSs) struggle to keep pace. While many ICS security conversations have involved endpoint security, improving the state of ICS security demands attention to more than just endpoints. Attacks on critical infrastructure systems are proliferating. Nearly half (41.2 percent) of ICS computers suffered a...

securityintelligence.com securityintelligence.com

What Does Healthcare Cybersecurity Look Like in a Future of Connected Medical Devices?

As technology continues to transform the way healthcare is delivered, the industry is burdened by the growing cybersecurity risks inherent in the expansion of connected devices. Understanding that each connected device opens another pathway for threat actors, it’s incumbent upon device manufacturers to keep security foremost throughout the development life cycle. The question is, how can manufacturers ensure the security of the...

securityintelligence.com securityintelligence.com

From Naughty to NICE: Best Practices for K–12 Cybersecurity Education

In an effort to raise cybersecurity awareness and help both school districts and teachers develop security-based curricula, the National Institute for Cybersecurity Education (NICE), part of the National Institute of Standards and Technology (NIST), hosted two consecutive conferences this fall. These back-to-back conferences brought experts from industry and academia together to share creative strategies to help educators teach...

securityintelligence.com securityintelligence.com

How Can Government Security Teams Overcome Obstacles in IT Automation Deployment?

IT automation has become an increasingly critical tool used by enterprises around the world to strengthen their security posture and mitigate the cybersecurity skills shortage. But most organizations don’t know how, when or where to automate effectively, as noted in a recent report by Juniper Networks and the Ponemon Institute. According to “The Challenge of Building the Right Security Automation Architecture,” only 35 percent of...

securityintelligence.com securityintelligence.com

3 Creative Strategies to Narrow the Skills Gap

Confronting the skills gap is a challenge that has many in the cybersecurity industry confounded. With overworked security teams, an ever-expanding threat landscape and widening attack surfaces, the growing gap poses a serious challenge to the future of the security workforce. The International Information System Security Certification Consortium (ISC2) looked at the cybersecurity skills gap more completely in its recent report,...

securityintelligence.com securityintelligence.com

How Can Media Companies Be More Confident in Their Cybersecurity Strategy and Policy?

While many industries have matured their cybersecurity strategy and policy as the digital landscape has evolved, others — such as media companies — remain unsure how to advance. With more consumers relying on the internet for their entertainment and information consumption, media enterprises are tasked with providing a flawless user experience and continuous content delivery. But the industry is prey to a growing number of...

securityintelligence.com securityintelligence.com

Getting Your Organization Up to Speed With SAP GRC

In most complex systems, especially those like SAP that handle enormous amounts of transaction data, defining an approach to governance, risk and compliance (GRC) can feel overwhelming. But SAP GRC has never been more important. According to a new survey from ERP Maestro, “Studies indicate that data breaches were up by 44.7 percent in 2017 and nearly $2 billion [worth of] records containing personal and sensitive data were...