Problem solve
Get help with specific problems with your technologies, process and projects.
Data security breaches
What are the biggest hardware security threats?
Hardware security threats -- and strategies to overcome them -- are evolving as enterprises increasingly install autonomous capabilities for smart building and IoT projects. Continue Reading
Addressing the expanding threat attack surface from COVID-19
CISOs need to ensure they and their security teams are aware of the new threats created by many businesses expanding their attack surface with many employees still working remotely. Continue Reading
Security pros explain how to prevent cyber attacks
Even during pandemics, hackers use malware such as ransomware and phishing to exploit an organization's vulnerabilities. IT security pros discuss how they prevent cyber attacks. Continue Reading
-
6 tips to prevent a data breach and keep your enterprise safe
Experts offer six tips about how to improve cybersecurity protection and response plans to mitigate the fallout of data breaches and attacks on sensitive information. Continue Reading
How to create a ransomware incident response plan
The increase in recent attacks makes clear the need for a ransomware incident response plan. Here's how to limit the effect of such attacks, as well as what to do if infected. Continue Reading
Answering the top IoT risk management questions
Vulnerable IoT devices are commonly installed on enterprise networks, putting IT on the lookout for security issues. Here are answers to the biggest IoT risk management questions.Continue Reading
Beat common types of cyberfraud with security awareness
Hackers are taking deception to a new level, but security awareness programs are instrumental in helping employees detect various types of cyberfraud.Continue Reading
Protect against evolving data security threats
As data security threats evolve, knowing how to protect your data is more important than ever. Learn about the latest security threats and how to ward them off.Continue Reading
What are the roles and responsibilities of a liaison officer?
While liaison officer responsibilities vary depending on the company they work for, their strong organizational and communications skills make them critical to incident response.Continue Reading
Combat the human aspect of risk with insider threat management
When it comes to insider threat awareness and prevention, enterprises would be wise to marry a people-centric approach with a technology-centric approach.Continue Reading
-
Should large enterprises add dark web monitoring to their security policies?
Security expert Nick Lewis says dark web monitoring can help enterprises gather threat intelligence, but enterprises need to understand how to validate the data they find.Continue Reading
Is there a viable breach notification tool?
A breach notification tool from Firefox Monitor and Have I Been Pwned could help consumers understand more quickly if their email or other vital information has been hacked.Continue Reading
Data breach litigation: What enterprises should know
Data breach litigation can be highly detrimental to an organization that just suffered a major security incident. Find out what kinds of legal action enterprises could face in the event of a data breach.Continue Reading
Ransomware recovery methods: What does the NIST suggest?
Knowing what ransomware recovery methods are available is important as the threat continues to grow. Expert Judith Myerson outlines what the NIST recommends for enterprises.Continue Reading
How did sensitive data from file-sharing website Docs.com get leaked?
Many users of the file-sharing website Docs.com were unaware that the sensitive data they uploaded was searchable. Expert Michael Cobb explains how this data leak happened.Continue Reading
ASLR side-channel attack: How is JavaScript used to bypass protection?
Researchers have developed an ASLR Cache side-channel attack that enables them to eliminate ASLR protections. Expert Nick Lewis explains how JavaScript code is used in the attack.Continue Reading
How are forged cookies used in attacks on online user accounts?
Yahoo claimed a vulnerability in its email service enabled attackers to use forged cookies to gain access to user accounts. Expert Michael Cobb explains what forged cookies are and how they are used in attacksContinue Reading
How did thousands of MongoDB databases get hijacked?
Thousands of MongoDB configurations were hijacked due to poor authentication practices. Expert Nick Lewis explains how organizations can properly configure their implementations.Continue Reading
What is the impact of the Siemens SCADA vulnerability?
Certain Siemens SCADA products were found to be vulnerable to local privilege escalation. Expert Nick Lewis explains how the SCADA vulnerability works and how to protect your systems.Continue Reading
Insecure OAuth implementations: How are mobile app users at risk?
Mobile apps using insecure OAuth could lead to over one billion user accounts being attacked. Expert Michael Cobb explains how developers can implement OAuth securely.Continue Reading
Risk & Repeat: Cloudflare bug poses incident response challenges
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the recent Cloudflare bug that leaked an undetermined amount of customer data over several months.Continue Reading
What caused the ClixSense privacy breach that exposed user data?
A privacy breach at ClixSense led to user account details being put up for sale. Expert Michael Cobb explains how companies should be held accountable for their security practices.Continue Reading
How do facial recognition systems get bypassed by attackers?
Researchers found that facial recognition systems can be bypassed with 3D models. Expert Nick Lewis explains how these spoofing attacks work and what can be done to prevent them.Continue Reading
Risk & Repeat: Second Yahoo data breach uncovered
In this episode of SearchSecurity's Risk & Repeat podcast, the editors discuss the second major Yahoo data breach and what it means for both the company and its users.Continue Reading
Data breach cost: What influences it the most?
Malicious or criminal attacks take a longer time to identify and contain, research shows, leading to a higher cost per breach. We look at the numbers.Continue Reading
How IAM can address unstructured content security risks
The amount of enterprise unstructured content is growing every year. Expert Sean Martin explains why IAM is an important component of unstructured data management and security.Continue Reading
Cyber Crime and Cyber Terrorism Investigator's Handbook
In this excerpt of Cyber Crime and Cyber Terrorism Investigator's Handbook, authors Babak Akhgar, Andrew Staniforth and Francesca Bosco outline the classification, types and categories of cybercrime.Continue Reading
Does the HHS Web portal affect data breach reporting?
HIPAA data breach reporting now uses an electronic Web portal, so what does this mean for covered entities? Expert Mike Chapple explains.Continue Reading
The Sony Pictures hack: A lesson in enterprise incident response
The Sony Pictures hack was a breach unlike others. John Dickson, principal at Denim Group, talked to SearchSecurity at RSA Conference 2015 about what enterprises should take from the attack.Continue Reading
Credit card protection tactics: Technology vs. standards
In 2014 shoppers spent almost $300 billion dollars online (a number expected to grow in future years). There was a significant number of online fraud attempts, too—and about 78% of those were made through website applications. (In contrast, only 3% ...Continue Reading
DLP management tools and reporting: Key considerations
When it comes to DLP management tools, installation and maintenance of a single centralized management console to house all rules and alerts are key.Continue Reading
Using DLP tools for data leakage alerting and preventive actions
When evaluating DLP tools, it's important to determine data leakage alerting and preventive action needs for potential violations and blocking.Continue Reading
DLP monitoring: Defining policies to monitor data
DLP monitoring policies help define what data to evaluate, how data monitoring processes should occur, and what enforcement and alerting actions to take.Continue Reading
Effective DLP products need data discovery and data fingerprinting
Effective DLP products must be able to handle data discovery to identify and monitor sensitive data. Learn why these features matter.Continue Reading
Assumption of breach: How a new mindset can help protect critical data
By adopting the assumption-of-breach security model, CISOs and security pros can better protect critical data. Expert Ernie Hayden explains.Continue Reading
What risk does the Apple UDID security leak pose to iOS users?
Expert Michael Cobb details Apple's Unique Device Identifiers, plus why iOS users should be concerned about the Anonymous UDID security leak.Continue Reading
Create a data breach response plan in 10 easy steps
Having a solid data breach response plan in place can make the threat of a security breach less intimidating. In this tip, learn 10 steps to take that will lead to an effective data breach response plan.Continue Reading
Preventing iPhone spying and other mobile management tips
So you have an iPhone, you don't access the Internet, you use a PIN to authenticate and you never let the device out of your site. Michael Cobb explains why iPhone spying still isn't out of the question.Continue Reading
Personally identifiable information guidelines for U.S. passport numbers
Do U.S. passport numbers count as personally identifiable information? Learn more about guidelines for PII in this security management expert response from David Mortman.Continue Reading
An inside look at security log management forensics investigations
David Strom provides some examples of log data that provided key clues to enterprise data breaches.Continue Reading
Data security best practices for PCI DSS compliance
The glut of recent data breaches, such as the one at Heartland Payment Systems Inc., leaves some security pros wondering if PCI DSS is doing its job. Is it worth all the effort to become PCI compliant if breaches still seem inevitable? In this ...Continue Reading
What are best practices for secure password distribution after a data breach?
After an information security data breach, it might seem like a good idea to create new user IDs and passwords for all employees in the user directory. But is there an easier way to handle the aftermath of a data breach? Find out more in this IAM ...Continue Reading
Lessons learned: The Countrywide Financial breach
The data breach at Countrywide Financial Corp. seems like something out of a TV crime drama: Two men regularly copied customer data and secretly sold it as leads to other mortgage brokers. The tale suggests that data theft is, more often than not, ...Continue Reading
Security breach management: Planning and preparation
All organizations face the risk of an information security breach. While it can be a gut-wrenching ordeal, learning how to manage a breach can make it much easier to contain the damage. In this tip, contributor Khalid Kark unveils several key ...Continue Reading
Are Internet cafe users' email credentials at risk?
Most browsers store all Web pages, including a user's message and other information, in a cache from which it is retrievable with relative ease. Expert Michael Cobb explains how to keep the personal data from getting into the wrong hands.Continue Reading
What techniques are being used to hack smart cards?
Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers.Continue Reading
How to prevent hack attacks against smart card systems.
What are smart cards, and how can the security of a smart card itself be maintained?Continue Reading
How can birth certificate fraud and passport fraud be prevented?
Best practices for preventing birth certificate and passport fraud from expert Mike Rothman.Continue Reading
Lessons learned from TJX: Best practices for enterprise wireless encryption
The TJX data breach revealed all too well the weaknesses of the Wired Equivalent Privacy security model. The retailer's well-documented compromise of more than 94 million credit card numbers proved that intruders can easily take advantage of ...Continue Reading
PCI Data Security Standard compliance: Setting the record straight
Helping executives understand what PCI Data Security Standard compliance is all about can be a challenge, especially when it comes to debunking the many myths that have been perpetuated over the years. Read this tip by contributor John Kindervag as ...Continue Reading
CISSP certification can serve as introduction to regulatory compliance
The CISSP is widely considered a valuable baseline certification for information security professionals, but its coursework can also be a valuable introduction to the complex world of regulatory compliance. As certification expert Peter H. Gregory ...Continue Reading
Should full disk encryption be used to prevent data loss?
According to a Ponemon Institute survey done in August 2006, eighty-one percent of companies reported the loss of one or more laptops during a 12 month period. In this SearchSecurity.com Q&A, platform security Michael Cobb explains whether that ...Continue Reading
What enterprise tools can scan files for sensitive data?
Given the many recent high-profile data breaches, organizations seem keen on securing their sensitive data, including credit card and social security numbers. In this expert Q&A, SearchSecurity.com's Mike Chapple reviews tools that can scan ...Continue Reading
Should log traffic be encrypted?
Should you be encrypting your security log transmissions? "It depends!" explains Mike Chapple in this SearchSecurity.com expert Q&A.Continue Reading
Database compliance demystified
As security professionals grapple with both federal mandates and industry-specific guidance, many wonder how best to approach these issues in terms of data protection and security. In this tip, James C. Foster looks at specific regulations such as ...Continue Reading
RFID security issues endanger companies and consumers
As the holiday season approaches, credit card purchases will undoubtedly increase. However, before waving your RFID-enabled credit card at the checkout of your favorite store, research suggests you may want to think twice. In this tip, Joel Dubin ...Continue Reading
How can I protect the sensitive information that resides on my laptop?
Learn how to safeguard data that resides in your laptop in this Network Security Ask the Expert Q&A.Continue Reading
Telecommuting security: Protecting sensitive data inside and out
The rash of laptop thefts in recent months has brought telecommuting and remote access security to the forefront of many information security professionals' minds. In this tip, Joel Dubin examines the mistakes made in the VA data theft case and ...Continue Reading
Checklist: 11 things to do after a hack
Your network's been cracked, what do you do next? Contributor Jonathan Hassell recommends following these eleven steps to limit damage and preserve evidence.Continue Reading
What percentage of security breaches originate internally vs. externally?