Home Podcasts Videos Guest Posts Q&A News This Week Bio Contact

PODCAST: Why securing ‘third-party’ risks has become so crucial

By Byron V. Acohido

In the past couple of years, third-party risk has grown from a topic only discussed by cybersecurity circles to a companywide concern. The tipping point may have been in 2014 when Target’s point-of-sale (POS) system was compromised, and the details of 110 million in-store customers were stolen.

How did the hackers do it? They were able to embed BlackPOS malware inside Target’s network by using log-in credentials handed out to a third-party heating, ventilation and …more

GUEST ESSAY: 6 ways to use a ‘secure code review’ to engrain security during software development

By Amit Ashbel, cybersecurity evangelist at Checkmarx

An application or update is days, or possibly just hours away, from release and you’ve been working hard to ensure that security tools and processes are integrated throughout the development process. You believe you’ve followed all the steps and your app is ready to go, right?

Wrong. You have one more step in the security process before you can give the green light: a secure code review.

Related podcast: How application security testing can …more

NEWS THIS WEEK: Anthem exposes medicare patients’ records; hackers easily break into voting machines; white supremisist hacks billboards

By Byron V. Acohido

In news this week, it turns out the HBO hack may have been far worse than the initial leaks of a few unaired TV show episodes suggested. A security company hired by HBO to scrub search results for the hacked files from search engines says hackers stole “thousands of Home Box Office internal company documents.” The disclosure came as part of a takedown notice sent to Google to force the search engine to take down links to …more

PODCAST: Dell SecureWorks discloses how faked personas fuel targeted attacks

By Byron V. Acohido

In the wake of phishing attacks involving Google Docs and DocuSign, corporate awareness of socially engineered cybersecurity threats is at an all-time high. Naturally, this has led to an increase in employee training and awareness.

This kind of action couldn’t be more necessary. According to Software Advice, 39 percent of employees admitted to opening emails they suspected might be fraudulent. And only 36 percent felt they were very confident in recognizing and resisting phishing attacks.

While …more

GUEST ESSAY: How to use deception and misdirection as defensive measures to protect your network

By Chris Pierson, general counsel and chief security officer at Viewpost

Misdirection has always been a facet of both offensive and active defense cybersecurity operations, but one that is increasing in interest and use these days.

Using decoy controls and tactics in actively defending a company is part of a well-coordinated cyber strategy and holistic cybersecurity program. On the other side of the coin, deception in an offensive mode also can be part of the tradecraft of nation-states and cyber criminals, …more

PROFILE: How a serial entrepreneur hopes to unleash full potential of the emerging cyber insurance market

By Byron V. Acohido

Serial entrepreneur and cybersecurity expert M. Ariel Evans is positioning her latest start-up to revolutionize the way insurance companies assess and price policies against cyber threats and how businesses protect themselves against cyber breaches.

An Israeli-American residing in Tel Aviv, Evans is now chief executive officer of InnoSec, a company that analyzes and manages risk from a cyber perspective. InnoSec’s cyber-risk management application, branded STORM, generates data to help companies manage cybersecurity risks and to allow insurance companies …more

NEWS THIS WEEK: Apple patches iOS vulnerabilities; Roomba’s plan to map homes raises concerns; tax breaks for cybersecurity training proposed

By Byron V. Acohido

In news this wekk, a company is offering to microchip employees, enabling them to open doors, log onto computers and purchase snacks with a swipe of the hand. Three Square Market, also known as 32M, said more than 50 employees are voluntarily getting implants Aug. 1 at what the company is calling a “chip party.” The chips are the size of a grain of rice and are inserted underneath the skin between the thumb and forefinger using …more