A CISO’s Guide to Obtaining Budget: Know Your Audience


ThinkstockPhotos-159289017-460x200

This episode of the “CISO’s Guide to Obtaining Budget” podcast series offers advice for CISOs and security leaders looking to bridge the gap and communicate more effectively and meaningfully with other executives. Listen now to learn how successful security leaders translate abstract technical issues into straightforward risks that any executive can understand and take action on.

via A CISO’s Guide to Obtaining Budget: Know Your Audience

A CISO’s Guide to Obtaining Budget: The Nature of the Problem


2017-12-27_14-04-21

This first episode of the “CISO’s Guide to Obtaining Budget” podcast series focuses on how organizations make decisions involving cybersecurity spending in a world where resource constraints are a near constant.

Continue reading “A CISO’s Guide to Obtaining Budget: The Nature of the Problem”

New Year, New Threats: Five Security Predictions That Will Take Hold in 2018


5 Security Predictions

On Dec. 31, we’ll close the books on a year that will go down in history — not due to world events, scientific discoveries or pop culture happenings, but because of the record numbers of personally identifiable information (PII) exposed through major data breaches and cybersecurity events that happened throughout the year.

via New Year, New Threats: Five Security Predictions That Will Take Hold in 2018

Most Organizations ‘Don’t Know What They Do Know’ When Assessing Application Security Risk


Ponemon Institute Study: Most Organizations ‘Don’t Know What They Do Know’ When Assessing Application Security Risk487552-630x330

It’s becoming virtually impossible to escape mobile apps. As a consumer, every time you go shopping, attend a major event, post content to social media or listen to the radio, you’re encouraged to download new, customized applications from content providers. Similarly, customer demand for new or updated functionality has shortened software release cycles and led to an explosion of software-based games, fitness applications and quickly evolving versions of popular social media content.

via Most Organizations ‘Don’t Know What They Do Know’ When Assessing Application Security Risk

IBM Cognitive Security – Watson for Cyber Security


Watson is here to help you secure your enterprise.

Watson for cyber security can draw security intelligence from millions of security blogs, online forums and white papers — so you can see threats unseen by other systems .

Source: IBM Cognitive Security – Watson for Cyber Security

Reaping the Benefit? New Botnet Exploits IoT Security Flaws


Last year, the Mirai botnet wreaked havoc, using compromised Internet of Things (IoT) devices to take down large internet providers in North America and Europe with a distributed denial-of-service (DDoS) attack. While Mirai has largely faded from view, Bleeping Computer reported that a new threat named IoT_Reaper is exploiting specific IoT security flaws and has already infected more than 2 million devices worldwide.

Source: Reaping the Benefit? New Botnet Exploits IoT Security Flaws

Board Directors Need to Get Involved With Cyber Risk Governance


Board directors are under a lot of pressure. They know that it’s only a matter of time before their organization suffers a cyber incident, and all eyes will naturally be on the directors themselves to see if they were properly exercising their risk oversight.

Source: Board Directors Need to Get Involved With Cyber Risk Governance

Q4 Security User Group Meetings — BigFix & Guardium & IAM


Could you be getting more value from your IBM Security Solution? Your local user group offers a chance to meet up with your peers working with the same technology. Even without diving into the (often confidential) details of your current project, bouncing ideas around with people having a different viewpoint can be valuable. Such discussions can give you a fresh perspective, new ideas and increased motivation. Join us to hear tips from our experts, network with other customers and share best practices for security.

Source: Q4 Security User Group Meetings — BigFix & Guardium & IAM

Malware Mines Monero on Vulnerable Servers


Exploiting Vulnerable Servers

According to We Live Security, a legitimate open source Monero central processing unit (CPU) miner called xmrig was released in May. Threat actors then copied the code and made very few changes to develop the malware.

They added some hardcoded command-line arguments representing the attacker’s wallet address as well as the mining pool URL. The fraudsters also shut down any other xmrig that may have been running to eliminate competition for CPU resources.

Source: Malware Mines Monero on Vulnerable Servers

Cybercriminals Could Easily Take Over Industrial Cobots, Researchers Warn


A string of security weaknesses in areas such as default configurations, authentication mechanisms and open source components could enable cybercriminals to easily take over robots used in industrial settings, researchers warned.An analysis of major industrial and collaborative robots, or cobots, by IOActive revealed close to 50 vulnerabilities that, if exploited, could harm the people who work with them.

The firm created a series of videos to demonstrate what tampering with cobots could look like, including swinging robotic arms that have had safety features and emergency settings disabled.

Source: Cybercriminals Could Easily Take Over Industrial Cobots, Researchers Warn