Latest news
If there were only one security thought you could have run through the minds of employees to help, it would be this: remember, attackers and competitors may be your audience. If employees looked at their behaviour online under that lens, and if you demonstrate to them how these information breadcrumbs are gathered up by attackers, I think they would naturally behave differently.
Despite a variety of anti-malware technologies, targeted custom malware attacks are causing a lot of financial damage on a global level. What type of shift do we need to counter such a unique and fast-changing threat?
Signature-based analysis of malware is necessary but not sufficient. We need to get earlier in the malware life-cycle. We need to study malware delivery networks, how they are run, and anticipate where the malware might be coming from. We also need to harden the workforce.
Most targeted attacks are successful not because of the technical brilliance of the attacker. Typically attackers get a foothold into the enterprise because an employee made a bad choice. Maybe they installed an executable, or browser plug-in. Maybe they were deceived into emailing out some sensitive information. We need to fundamentally rethink our approach to security and factor in the vulnerabilities created by well-meaning insiders that make bad choices.
What events and technological advances in the field of information security have shaped this year's program for RSA Conference Europe?
After reviewing all the session submissions this year to RSA Conference Europe, a few key themes emerged. The first is mobile security. There is significant operational concern about how to implement an effective mobile security strategy in the enterprise. At this year's conference you will see sessions on mobile security that range from mobile malware to BYOD management to creating a long-term mobile security strategy.
A second big topic was analytics. How do we get smarter about analyzing the massive volume of logs that we have internally? Can we anticipate an attack by mining threat information externally? You'll see quite a few sessions at this year's conference focused on this area. Outside of these topics, we have sessions this year that really span the breadth of our field: privacy, securing the human, APTs, forensics, GRC, authentication and more.
Spotlight
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
