• Your email, your data, your control

    In the U.S., we are willing to trade our privacy and security in exchange for convenience. Think about the last time you stored your password on a website, kept a credit card on file with a service provider or hosted your email free in the cloud. All of these actions raise security concerns, but many of us accept those risks as the price of convenience. The dramatic increase in applications is only exacerbating the problem of increased avenues for sharing – and potentially exposing – personally identifiable information (PII).

  • Tackling the growing web of data residency and privacy regulations

    Compliance professionals realize that privacy and data residency requirements can vary significantly by country, and have become material issues for any enterprise using cloud services where data leaves the country of origin or is in the possession of a foreign-owned cloud provider. For example, Microsoft recently found itself in a drawn out legal battle against the U.S. government, which argued that it had the right to search Microsoft’s data warehouses for data even though they were located outside of the country.

  • How employees put your company at risk during the holidays

    Most enterprises of any significant size have implemented security training programs, designed to teach employees how to avoid major security risks – phishing attacks launched from clicking on suspicious email, password requirements that are complex and ever-changing, and perhaps even two-factor authentication when logging in to certain systems.

    As the year comes to a close, and employees feel the pressure of both the holidays and year-end close, seemingly harmless behaviors can put an organization at risk. With hackers growing more sophisticated, and increasingly targeting major enterprises (case in point, Sony Entertainment, during the week of Thanksgiving), organizations must be extra-vigilant leading into the holiday season.

  • HIPAA security compliance: How risk tolerant are you?

    At the heart of HIPAA lies a set of core security tenets for which every affected organization is responsible. These fundamentals are absolutely non-negotiable – but the Security Rule as a whole actually allows for a certain degree of flexibility in how requirements are implemented. When it comes to HIPAA compliance, many organizations lose sight of the fact that they have the power to balance risk and keep costs down.

    What do organizations need to know to assess their own risk tolerance and implement a balanced, efficient, and effective security strategy?

  • Why now is the time for enterprises to implement context-based authentication

    Security and efficiency are constant concerns in enterprise IT. The popularity of BYOD has been a boon for improved productivity and collaboration, but it has also created a new set of challenges, increasing the potential for fraudulent logins from the personal devices that are being used to access critical and non-critical applications.

  • Cloud security: Do you know where your data is?

    While many companies continue their quest to convert their own datacenters into true self-service private or hybrid clouds, the growth of public cloud is also undeniable.

    For companies, the public cloud beckons with unprecedented agility and responsiveness. For users, the ease of spinning up an environment for a pilot project in a public cloud in a matter of minutes is compelling - especially when compared to month-long wait times many experience when requesting internal server resources from IT.

  • Big Data analytics to the rescue

    In the battle against cyber criminals, the good guys have suffered some heavy losses. We’ve all heard the horror stories about major retailers losing tens of millions of credit records or criminal organizations accumulating billions of passwords. As consumers, we can look at a handful of friends at a cocktail party and assume that most, if not all, of them have already been affected.

  • When should unauthorized computer access be authorized?

    Most would agree that computer protection laws are good and necessary. Computers, and the Internet as a whole, are great boons to humanity. We use them to do a lot more than just updating our Instagram and watching funny cat videos. They help us pay our bills, calculate tough equations, and store our personal and confidential information.

    At the highest level, they even help us create, connect with others, and educate the world. Unauthorized parties have no right to illicitly access our computer systems, steal our digital information, or prevent our digital communications. We need laws to protect our computers and online accounts.

  • Negotiating privacy in the age of Big Data

    Unlike traditional data collection that uses a statistical sampling to make predictions about the whole, the promise of Big Data is that you can now go beyond a small sampling. Historically, analysis was limited to testing out a hypothesis that was defined well before data collection occurred. That hypothesis informed us of what data should be collected and how much should be collected.

  • Software security in a market for lemons

    There is little doubt that it’s difficult to develop secure software. First, you need to be aware of the need for security, accepting it as an important element of software quality. This is generally not something we learn in school. Not that it matters much, given how many developers are skipping education only to dive straight into building software.

    Programming has always been something people can pick up, for better or worse. This is especially true today, with the ridiculous pace at which the Internet is growing and the seemingly permanent skills shortage. Because security awareness is not the norm, chances are that newcomers are going to miss it.

Videos      Podcasts


USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Dec 19th