Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Guest Blog Post

 

GUEST ESSAY: 5 cyber attacks you will need to defend this week

By David Balaban

Computer infections continue to pose a major threat to every one of us. Distinguishing between the most pervasive types of threats is the first step in protecting your particular device. Here is a quick rundown of what lurks out there:

Mass mailed phishing campaigns. A mass mailing you and thousands of others may receive could be part of a wide-scale phishing attack. The attacker may know or guess that you patronize a particular company, and send you an authentic looking email.

That’s what happened in a recent phishing campaign targeting Delta Airlines customers. A variety of social engineering tricks were used to get victims to click a link. Needless to say, the link dropped malware.…more

GUEST ESSAY: The case for CISOs to lead through influencing behaviors

By M. Eric Johnson

How do you lead when you’re not in charge? Increasingly, managers are finding themselves in positions where they are asked to lead without having direct control.

Growing and shifting organizations often mean fewer managers with positional power. Matrixed organizations put managers in multiple leadership and follower roles. Major corporate initiatives like quality, security, diversity and sustainability often are led by managers with little direct authority.

In all of those situations, successful leaders must establish credibility, build trusted relationships, and persuade others to take action.

Related video: Howard Schmidt discusses getting organizations to be proactive about security

In any gathering of security executives, the conversation often turns to the challenges of leading without direct control. Yes, security executives can implement technologies …more

GUEST ESSAY: Here’s how ‘software containers’ are providing the latest ‘must-have’ security layer

By Rani Osnat

Container technology enables organizations to build, deliver and run enterprise applications faster and more easily, efficiently and cost effectively than ever before. Compared to virtual machines (VMs), containers are much smaller, start up much faster, and have better performance.

Osnat

Related article: Why companies need fresh security solutions as mobile device usage ramps up

Fast forward to 2017, and software containers are becoming the platform of choice to build cloud architecture due to their significant benefits: speed of development, speed of deployment, flexibility, scalability and the cost-effective use of computer resources. However, they also introduce new risks. They run on a shared kernel (meaning they share an operating system …more

GUEST ESSAY: New federal rules — NISPOM Change 2 — address insider threats

By Thomas Jones

As we have seen in the headlines, insider threats are a constant challenge for government agencies. But the problem comes with one silver lining. Each time a successful insider threat strikes, it pushes agencies to bolster their cybersecurity programs.

The National Industrial Security Program Operating Manual (NISPOM) Change 2 is an example of just that. Released by the U.S. Department of Defense in May 2016, NISPOM Change 2 mandates federal contractors implement an insider threat program. One key requirement went into effect on May 31, mandating contractors hold insider threat employee awareness training for all cleared employees before being granted access to classified information and annually thereafter.

Consequences, rewards

Jones

The requirement is …more

GUEST ESSAY: 6 ways to use a ‘secure code review’ to engrain security during software development

By Amit Ashbel

An application or update is days, or possibly just hours away, from release and you’ve been working hard to ensure that security tools and processes are integrated throughout the development process. You believe you’ve followed all the steps and your app is ready to go, right?

Wrong. You have one more step in the security process before you can give the green light: a secure code review.

Related podcast: How application security testing can dovetail into ‘DevOps’

Ashbel

If you’re wondering what a secure code review is, it’s the process organizations go through to identify and fix potentially risky security vulnerabilities in the late and final stages of development. They …more

GUEST ESSAY: How to use deception and misdirection as defensive measures to protect your network

By Chris Pierson

Misdirection has always been a facet of both offensive and active defense cybersecurity operations, but one that is increasing in interest and use these days.

Using decoy controls and tactics in actively defending a company is part of a well-coordinated cyber strategy and holistic cybersecurity program. On the other side of the coin, deception in an offensive mode also can be part of the tradecraft of nation-states and cyber criminals, too.

Why discuss these aspects now? With the world’s cybersecurity professionals focused on responding to ransomware attacks, chasing the next worm, patching servers, or running after users clicking on phishing emails that change their Google Drive settings, one must ask the question: Are at least some of these attacks cover for or …more

GUEST ESSAY: A look at how security technology has kept pace with the rising use of business data

By Nir Polak

IT systems have never been more powerful or accessible to businesses. However, the scope and scale of cyber crimes continues to outpace tech innovation.

For years, the challenge for internal IT and security teams has been to use existing company data to construct an integrated picture of oddities and unexpected actions on their network. Recent advancements in machine learning and behavior or anomaly-based analytics that leverage existing enterprise logs have provided security teams with much more accurate intelligence than ever before.

Related podcast: How machine learning helps plug security gaps

Polak

In the past, security expertise was embodied in signatures, representing particular and specific types of malware. In time, …more