Ask the Experts

Ask the Experts

Security awareness training and insider threats

• Ransomware recovery: How can enterprises operate post-attack?

  A report detailed how Maersk recovered its infrastructure from a NotPetya ransomware attack along with its chosen recovery option. Expert Nick Lewis explains how it worked.  Continue Reading

• Intel AMT flaw: How are corporate endpoints put at risk?

  A recent flaw in Intel's Advanced Management Technology enables hackers to gain access to endpoint devices. Discover how this flaw can be mitigated with expert Judith Myerson.  Continue Reading

• What caused the ClixSense privacy breach that exposed user data?

  A privacy breach at ClixSense led to user account details being put up for sale. Expert Michael Cobb explains how companies should be held accountable for their security practices.  Continue Reading

• Can an HTML5 document with a digital signature be authenticated?

  A digital signature on an HTML5 document cannot be authenticated the same way a PDF can. Expert Michael Cobb explains how enterprises should address this issue.  Continue Reading

• Will the Neiman Marcus data breach lawsuit set a precedent?

  The Neiman Marcus data breach lawsuit was appealed and it could set a precedent for the victims of data breach lawsuits in the future. Expert Mike O. Villegas explains.  Continue Reading

• How can enterprises prevent man-in-the-email attacks?

  A new global email scam has cost enterprises millions. Expert Nick Lewis explains how to defend against man-in-the-email attacks with proper training and little technology.  Continue Reading

• How does user behavior analytics compare to security awareness training?

  User behavior analytics is emerging as a technology to prevent malware infections and end-user attacks, but how viable is it? Expert Nick Lewis outlines the pros and cons.  Continue Reading

• How should CSIRTs respond to email extortion schemes?

  The 2014 Sony Pictures hack highlights the importance of responding appropriately to email extortion. Learn what steps executives should take to best manage the situation.  Continue Reading

• What is the best mobile malware protection against NotCompatible.C?

  A sophisticated variant of the NotCompatible malware has emerged that is difficult to detect and defend against. Expert Nick Lewis offers tips for handling NotCompatible.C.  Continue Reading

• Login credential security: How to defend against tabnapping

  Tabnapping can be used to capture user login credentials. Enterprise threats expert Nick Lewis explains how to defend against the risk.  Continue Reading

• How can drive-by download attacks be prevented?

  Expert Nick Lewis offers some strategies that enterprises can use to avoid the threat of drive-by download attacks and improve employee awareness of the risks.  Continue Reading

• Should enterprises enforce harsher penalties for phishing victims?

  The consequences of phishing attacks could fall on the victims as enterprises start to punish employees who fall for this age-old scam. Expert Joseph Granneman discusses why this approach may have merit.  Continue Reading

• What are the benefits of CERT's ITPM certification?

  CERT's ITPM certification is designed to help enterprises with their insider threat programs. Expert Joseph Granneman discusses the certification and its relevance.  Continue Reading

• How can enterprises alleviate the threat of privileged users?

  Privileged users pose a growing threat to organizations. Expert Joseph Granneman looks at this insider threat and shares ways to mitigate it.  Continue Reading

• Can internal threats be distinguished from outside malware coders?

  Differentiating between insider and non-insider malware threats can be challenging. Expert Nick Lewis offers pointers for distinguishing malware coders from internal threats.  Continue Reading