Essential Guide

Manage Learn to apply best practices and optimize your operations.

How to prepare for the emerging threats to your systems and data

This guide explores the exponential expansion of information security threats in recent years and how flexible and proactive InfoSec pros can defend their systems and data in this interconnected digital age.


It takes only a cursory glance at the news to realize that malware, data breaches and other information security threats have expanded exponentially in the last three to five years. Hardly a week goes by without a high-profile, multimillion-dollar hacking incident going public. We cover the dangers wrought by emerging threats in an era of the Internet of Things and state-sponsored hacking. We look closely, too, at how enterprise employees can, accidentally or maliciously, undermine the security of systems. 

The plethora of threats emerging from all directions requires flexibility on the part of those tasked with securing enterprise systems and resiliency in the systems themselves. In this Essential Guide we gather together articles on the major threats enterprises face today and what can be done about them.

1Emerging threats-

The sources of today's emerging threats

Threats seem to be emerging from everywhere today in this Internet of Things age. Here we present a collection of recent pieces that explore hacker exploits of major companies like Microsoft and everyday consumer goods and services like cars and banks. Read on to increase your awareness of what security professionals are up against in this complex digital and wireless age.


Does the Internet of Things really pose a security risk?

News roundup: The Internet of Things has taken the industry by storm, but are its risks warranted? Verizon doesn't think so. Plus: #GenMobile's lax security attitude; hacking airplanes; cybersecurity skills gap continues. Continue Reading


The hurdle at is IoT security

Despite its massive potential, the Internet of Things is ushering in new and unique security challenges. But who's responsible for tackling them? Continue Reading


Apple, Facebook and Microsoft targets of industrial espionage

A mysterious hacker group has hit a number of major U.S. companies with the intent of committing industrial espionage, according to new security research reports. Continue Reading


Wireless car hack raises cry for greater security measures

News roundup: A wireless car hack demonstration has pushed vehicle security legislation and DMCA exemptions into the spotlight, and prompted a manufacturer recall. Plus: Hacking Team update; DHS email issues; and smartwatches vulnerable to attack. Continue Reading


New banking malware threat emerges

RSA researchers say the costly Pandemiya banking malware was written entirely from scratch, a dangerous oddity in the world of malware. Continue Reading


Keep an eye on unsecure APIs to avoid IaaS risks

IaaS data security risks are a persistent problem for enterprises moving to the cloud, but there are specific issues to keep an eye on. Continue Reading


Compliance-centric security strategies can raise cyberthreat risk

While regulatory compliance is valuable and necessary for enterprises, cyberthreat experts say a compliance-centric security strategy may leave organizations with few resources to ward off emerging cyberthreats. Continue Reading

2Vicious malware-

Today's malware is more vicious than ever

Malware has evolving and your approach to thwarting it must too. Learn the latest about the types of malware you need to be on the lookout for.


From click fraud to ransomware: Dangers of malware's lifecycle exposed

New roundup: Sometimes the least of threats -- such as click fraud -- can end up being the bigger issues -- like ransomware. Plus: U.S. Navy won't let go of XP; U.S./China cyber code of conduct; and more! Continue Reading


PoSeidon, and how point-of-sale malware evolves

Point-of-sale malware, such as the recent PoSeidon malware, continues to evolve to avoid detection. So what's an enterprise to do? Expert Nick Lewis explains how the malware functions and what organizations can do about it. Continue Reading


Extortionware vs. ransomware: How two emerging threats compare

Enterprise threats expert Nick Lewis explains the difference between extortionware and ransomware in terms of what they are and how to defend against them. Continue Reading


What to do about password-snatching Trojans?

A variant of the Citadel malware emerged that compromises password management and authentication products. Enterprise threats expert Nick Lewis explains how to prevent and overcome the threat. Continue Reading


Defeat advanced malware with network traffic analysis

In this podcast learn how advanced malware works and why network traffic analysis is essential to protect your enterprise's network. Continue Reading

3Insider threats-

The threat from within

There are two kinds of insider threats today -- the intentional and the unwitting. The end result, though, is the same. Learn more about insider threats of both stripes, and what you can do now to reduce their potential for wreaking enterprise network disaster.


Four ways to stop accidental insider threats

Most insider attacks to enterprises are accidental, not intentional. SANS Faculty Senior Fellow Eric Cole, Ph.D., explains why security awareness training isn't enough to stop these threats. Continue Reading


Password woes include reuse and sharing

The high percentage of password reuse and sharing by employees leaves enterprises vulnerable to breaches, according to a recent survey from SailPoint Technologies. Continue Reading


People, not tech, key to insider threat programs

A panel discussion at RSA Conference 2015 outlined strategic methods enterprises can use to build and advocate for an insider threat program. Continue Reading


Enterprises overestimate insider threat detection

Enterprises may be increasingly aware of insider threats and believe they can find and stop them, but a new SANS Institute survey suggests they may be overconfident and lack the necessary insider threat-detection technology. Continue Reading


Incident response and employee training

Employees and enterprise daily practices are the front lines in the battle to keep the enterprise secure. Learn why from these stories on two major corporate hacking incidents; then read on to explore how training programs can help prevent an attack on your enterprise.


What we can learn about network security from the Sony hack

Following the Sony Pictures hack, several of the company's network security shortcomings were revealed. Expert Kevin Beaver explains how better network security may have prevented the extent of the breach. Continue Reading


What Shellshock shows us about network security risks

Shellshock had a tremendous impact on network security, affecting many popular vendors and products. Expert Kevin Beaver discusses what Shellshock means to network security, and the lessons that can be learned from the vulnerability. Continue Reading


How follow-on training increases employee security awareness

A continual security awareness training program is important for an enterprises' culture. Expert Mike O. Villegas gives some key topics to focus on. Continue Reading


Security awareness programs must include regulation compliance

Employees play an important role in achieving and maintaining regulatory compliance, explains compliance expert Mike Chapple. Continue Reading


Views on security

If a picture is worth a thousand words, then video's value to learning must be immense. This collection of videos touches on many of the subjects discussed above and provides valuable reinforcement of some important security lessons.


The Sony hack difference: Lessons learned about incident response

The Sony Pictures hack was a breach unlike others. John Dickson, principal at Denim Group, talked to SearchSecurity at RSA Conference 2015 about what enterprises should take from the attack.


Why your enterprise needs advanced malware detection now

Advanced malware is stealthy and deadly. Learn how defend your network and data against it with tools that provide advanced malware detection capabilities.


Spear phishing and other sophisticated attacks

Enterprises must protect themselves from sophisticated attacks that can escape notice by host-based detection systems. Here's how.


Putting insider threat prevention controls in place

Randy Trzeciak reviews recent data breach incidents and details the insider threat prevention controls that may have thwarted those attacks.

6Key terms-

Learn the key terms to understanding emerging threats

The emergence of new threats, not surprisingly, brings with it a slew of new terminology. Knowing these terms can help you better understand the threats your systems and data face now.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.