Problem solve

Data security breaches

• Beat common types of cyberfraud with security awareness

  Hackers are taking deception to a new level, but security awareness programs are instrumental in helping employees detect various types of cyberfraud. Continue Reading

• Protecting against data security threats

  As data security threats evolve, knowing how to protect your data is more important than ever. Learn about the latest security threats and how to ward them off. Continue Reading

• What are the roles and responsibilities of a liaison officer?

  While liaison officer responsibilities vary depending on the company they work for, their strong organizational and communications skills make them critical to incident response. Continue Reading

• Combat the human aspect of risk with insider threat awareness

  When it comes to insider threat awareness and prevention, enterprises would be wise to marry a people-centric approach with a technology-centric approach. Continue Reading

• Should large enterprises add dark web monitoring to their security policies?

  Security expert Nick Lewis says dark web monitoring can help enterprises gather threat intelligence, but enterprises need to understand how to validate the data they find. Continue Reading

• Is there a viable breach notification tool?

  A breach notification tool from Firefox Monitor and Have I Been Pwned could help consumers understand more quickly if their email or other vital information has been hacked.Continue Reading

• How can a ransomware incident response plan be updated?

  With an increase in ransomware attacks involving cities, the need to update incident response plans has become clear. Learn what organizations should do if infected with ransomware.Continue Reading

• Data breach litigation: What enterprises should know

  Data breach litigation can be highly detrimental to an organization that just suffered a major security incident. Find out what kinds of legal action enterprises could face in the event of a data breach.Continue Reading

• Ransomware recovery methods: What does the NIST suggest?

  Knowing what ransomware recovery methods are available is important as the threat continues to grow. Expert Judith Myerson outlines what the NIST recommends for enterprises.Continue Reading

• How did sensitive data from file-sharing website Docs.com get leaked?

  Many users of the file-sharing website Docs.com were unaware that the sensitive data they uploaded was searchable. Expert Michael Cobb explains how this data leak happened.Continue Reading

• ASLR side-channel attack: How is JavaScript used to bypass protection?

  Researchers have developed an ASLR Cache side-channel attack that enables them to eliminate ASLR protections. Expert Nick Lewis explains how JavaScript code is used in the attack.Continue Reading

• How are forged cookies used in attacks on online user accounts?

  Yahoo claimed a vulnerability in its email service enabled attackers to use forged cookies to gain access to user accounts. Expert Michael Cobb explains what forged cookies are and how they are used in attacksContinue Reading

• How did thousands of MongoDB databases get hijacked?

  Thousands of MongoDB configurations were hijacked due to poor authentication practices. Expert Nick Lewis explains how organizations can properly configure their implementations.Continue Reading

• What is the impact of the Siemens SCADA vulnerability?

  Certain Siemens SCADA products were found to be vulnerable to local privilege escalation. Expert Nick Lewis explains how the SCADA vulnerability works and how to protect your systems.Continue Reading

• Insecure OAuth implementations: How are mobile app users at risk?

  Mobile apps using insecure OAuth could lead to over one billion user accounts being attacked. Expert Michael Cobb explains how developers can implement OAuth securely.Continue Reading

• Risk & Repeat: Cloudflare bug poses incident response challenges

  In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the recent Cloudflare bug that leaked an undetermined amount of customer data over several months.Continue Reading

• What caused the ClixSense privacy breach that exposed user data?

  A privacy breach at ClixSense led to user account details being put up for sale. Expert Michael Cobb explains how companies should be held accountable for their security practices.Continue Reading

• How do facial recognition systems get bypassed by attackers?

  Researchers found that facial recognition systems can be bypassed with 3D models. Expert Nick Lewis explains how these spoofing attacks work and what can be done to prevent them.Continue Reading

• Risk & Repeat: Second Yahoo data breach uncovered

  In this episode of SearchSecurity's Risk & Repeat podcast, the editors discuss the second major Yahoo data breach and what it means for both the company and its users.Continue Reading

• Data breach cost: What influences it the most?

  Malicious or criminal attacks take a longer time to identify and contain, research shows, leading to a higher cost per breach. We look at the numbers.Continue Reading

• How IAM can address unstructured content security risks

  The amount of enterprise unstructured content is growing every year. Expert Sean Martin explains why IAM is an important component of unstructured data management and security.Continue Reading

• Cyber Crime and Cyber Terrorism Investigator's Handbook

  In this excerpt of Cyber Crime and Cyber Terrorism Investigator's Handbook, authors Babak Akhgar, Andrew Staniforth and Francesca Bosco outline the classification, types and categories of cybercrime.Continue Reading

• Does the HHS Web portal affect data breach reporting?

  HIPAA data breach reporting now uses an electronic Web portal, so what does this mean for covered entities? Expert Mike Chapple explains.Continue Reading

• The Sony Pictures hack: A lesson in enterprise incident response

  The Sony Pictures hack was a breach unlike others. John Dickson, principal at Denim Group, talked to SearchSecurity at RSA Conference 2015 about what enterprises should take from the attack.Continue Reading

• Credit card protection tactics: Technology vs. standards

  In 2014 shoppers spent almost $300 billion dollars online (a number expected to grow in future years). There was a significant number of online fraud attempts, too—and about 78% of those were made through website applications. (In contrast, only 3% ...Continue Reading

• Point-of-sale security: Targeted malware, Windows XP cause problems

  Video: Sophos' Chester Wisniewski explains why targeted malware and the presence of Windows XP are the biggest threats to point-of-sale security.Continue Reading

• Target breach details: Was the retailer PCI DSS compliant?

  Expert Mike Chapple says a key detail in the Target breach suggests that the Fortune 500 retailer likely wasn't PCI DSS compliant.Continue Reading

• Breach detection systems: Deployment models that detect malware better

  Breach detection systems, a tier-two security technology, identify malware in transit and help you detect unknown breaches and side-channel attacks.Continue Reading

• How to adapt to latest EU data breach notification requirement changes

  For companies worried about the latest EU data breach notification requirements, expert Mike Chapple says to look to the PCI DSS framework.Continue Reading

• SB-46 analysis: How California data breach notification law changed

  The scope of California data breach notification law expanded thanks to SB-46. Expert Mike Chapple details some of the most pressing changes.Continue Reading

• IT security strategy 2.0: Adjusting for a shifting infosec landscape

  Seismic shifts in the infosec landscape can no longer be ignored. Ernie Hayden explains how to update an IT security strategy to account for change.Continue Reading

• To improve breach detection, revisit intrusion detection techniques

  To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.Continue Reading

• Aligning business and IT security: Learning from South Carolina breach

  Ernie Hayden details how South Carolina's Department of Revenue breach proves business and IT security are often out of alignment, and how to fix it.Continue Reading

• DLP management tools and reporting: Key considerations

  When it comes to DLP management tools, installation and maintenance of a single centralized management console to house all rules and alerts are key.Continue Reading

• Using DLP tools for data leakage alerting and preventive actions

  When evaluating DLP tools, it's important to determine data leakage alerting and preventive action needs for potential violations and blocking.Continue Reading

• DLP monitoring: Defining policies to monitor data

  DLP monitoring policies help define what data to evaluate, how data monitoring processes should occur, and what enforcement and alerting actions to take.Continue Reading

• Effective DLP products need data discovery and data fingerprinting

  Effective DLP products must be able to handle data discovery to identify and monitor sensitive data. Learn why these features matter.Continue Reading

• Assumption of breach: How a new mindset can help protect critical data

  By adopting the assumption-of-breach security model, CISOs and security pros can better protect critical data. Expert Ernie Hayden explains.Continue Reading

• Protect intellectual property with data breach prep, cost analysis

  Heidi Shey of Forrester Research says enterprises must protect intellectual property better or else face 'death by 1,000 cuts.'Continue Reading

• What risk does the Apple UDID security leak pose to iOS users?

  Expert Michael Cobb details Apple's Unique Device Identifiers, plus why iOS users should be concerned about the Anonymous UDID security leak.Continue Reading

• Verizon DBIR 2012: On Web app security, basics still lacking

  Expert Michael Cobb analyzes takeaways from the Verizon DBIR 2012 report regarding Web app security and the need for more basic security measures.Continue Reading

• PCI DSS lessons learned from Global Payments data breach

  Expert Nick Lewis discusses the Global Payments data breach, focusing on lessons to be learned for PCI DSS-compliant enterprises.Continue Reading

• Diagram outside firm role early in security incident response process

  Expert Nick Lewis provides criteria for selecting outside incident response firms and how to define security incident response process needs early on.Continue Reading

• NSTIC identity plan: Can identity brokers stop Internet identity theft?

  The new NSTIC identity proposal would have identity brokers handling enterprise merchant customer authentication. But can it work?Continue Reading

• Hacktivism examples: What companies can learn from the HBGary attack

  A few simple security best practices may have spared security company HBGary Federal from the recent attack by the hacktivist group Anonymous. Nick Lewis explains what happened and how to prevent such an attack against your company.Continue Reading

• Data breach procedures to stop Gawker-type Web password security leaks

  Following its recent security breach, Gawker.com has promised to boost its security, but, in this tip, threats expert Nick Lewis looks at what the site could've done to pre-empt the breach in the first place.Continue Reading

• Create a data breach response plan in 10 easy steps

  Having a solid data breach response plan in place can make the threat of a security breach less intimidating. In this tip, learn 10 steps to take that will lead to an effective data breach response plan.Continue Reading

• Preventing iPhone spying and other mobile management tips

  So you have an iPhone, you don't access the Internet, you use a PIN to authenticate and you never let the device out of your site. Michael Cobb explains why iPhone spying still isn't out of the question.Continue Reading

• Personally identifiable information guidelines for U.S. passport numbers

  Do U.S. passport numbers count as personally identifiable information? Learn more about guidelines for PII in this security management expert response from David Mortman.Continue Reading

• Data breach avoidance begins with security basics, panel says

  Investing millions in new security technology will not prevent a data breach if employees aren't educated and security policy goes unchecked, say experts.Continue Reading

• An inside look at security log management forensics investigations

  David Strom provides some examples of log data that provided key clues to enterprise data breaches.Continue Reading

• Data security best practices for PCI DSS compliance

  The glut of recent data breaches, such as the one at Heartland Payment Systems Inc., leaves some security pros wondering if PCI DSS is doing its job. Is it worth all the effort to become PCI compliant if breaches still seem inevitable? In this ...Continue Reading

• What are best practices for secure password distribution after a data breach?

  After an information security data breach, it might seem like a good idea to create new user IDs and passwords for all employees in the user directory. But is there an easier way to handle the aftermath of a data breach? Find out more in this IAM ...Continue Reading

• Is insider activity or outsider activity a bigger enterprise threat?

  According to Verizon's 2008 Data Breach Investigations Report, outsider activity is much more likely to be the cause of a data breach than insider activity. Does that mean security managers are spending too much time worrying about insiders? ...Continue Reading

• Web 2.0 and e-discovery: Risks and countermeasures

  Enterprise employees often love Web 2.0 services like wikis and social networking services, but the data employees may create with or provide to those services can put an enterprise at risk, especially when litigation calls for electronic discovery ...Continue Reading

• Security breach management: Planning and preparation

  All organizations face the risk of an information security breach. While it can be a gut-wrenching ordeal, learning how to manage a breach can make it much easier to contain the damage. In this tip, contributor Khalid Kark unveils several key ...Continue Reading

• Are Internet cafe users' email credentials at risk?

  Most browsers store all Web pages, including a user's message and other information, in a cache from which it is retrievable with relative ease. Expert Michael Cobb explains how to keep the personal data from getting into the wrong hands.Continue Reading

• Worst practices: Recognizing the biggest compliance mistakes

  With all of the compliance requirements and regulations organizations need to abide by these days, corporate compliance blunders are inevitable. In this tip, security management expert Mike Rothman highlights the biggest compliance mistakes seen in ...Continue Reading

• Is it possible to delete search data from a search engine's servers?

  Search engine history can be very sensitive, and can be used against the searcher if it falls into the wrong hands. Security threats expert Ed Skoudis addresses the possibility of deleting search history from a search engine's servers.Continue Reading

• What techniques are being used to hack smart cards?

  Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers.Continue Reading

• Why are there still various independent credit card security standards?

  PCI DSS has become the well-known information security standard for credit cards, but vendors can still have different approaches to card data security.Continue Reading

• How to prevent hack attacks against smart card systems.

  What are smart cards, and how can the security of a smart card itself be maintained?Continue Reading

• How can birth certificate fraud and passport fraud be prevented?

  Best practices for preventing birth certificate and passport fraud from expert Mike Rothman.Continue Reading

• Lessons learned from TJX: Best practices for enterprise wireless encryption

  The TJX data breach revealed all too well the weaknesses of the Wired Equivalent Privacy security model. The retailer's well-documented compromise of more than 94 million credit card numbers proved that intruders can easily take advantage of ...Continue Reading

• Encryption strategies for preventing laptop data leaks

  The majority of enterprise notebook computers contain sensitive information. Should those devices fall into the wrong hands, encryption can keep the data safe. Expert Lisa Phifer discusses the pros and cons of today's notebook data encryption ...Continue Reading

• PCI Data Security Standard compliance: Setting the record straight

  Helping executives understand what PCI Data Security Standard compliance is all about can be a challenge, especially when it comes to debunking the many myths that have been perpetuated over the years. Read this tip by contributor John Kindervag as ...Continue Reading

• How can a CSO determine if a company has a data security problem?

  In this SearchSecurity.com Q&A, security management expert Mike Rothman examines certain areas that a CSO should focus on, such as internal policy documents and penetration test results, to determine if a corporation has a data security breach ...Continue Reading

• CISSP certification can serve as introduction to regulatory compliance

  The CISSP is widely considered a valuable baseline certification for information security professionals, but its coursework can also be a valuable introduction to the complex world of regulatory compliance. As certification expert Peter H. Gregory ...Continue Reading

• Using privacy filters to guard computer screens

  In this SearchSecurity.com Q&A, security expert Joel Dubin offers different methods on how to protect your computer screen from roaming eyes.Continue Reading

• Meet the PCI DSS, avoid being the next TJX

  The seriousness of the TJX Cos. data breach became even more apparent last week, with the retail giant's admission that at least 45.7 million credit and debit cards were stolen by hackers who were able to penetrate the network over an extended ...Continue Reading

• The cost of data breaches: Looking at the hard numbers

  In this tip, Khalid Kark explains the many different factors that should be part of the data breach cost calculation -- and it's more than just losing money.Continue Reading

• Do information leak prevention products protect critical data?

  Can one product really protect your enterprise from an information leak? In this expert Q&A, Mike Chapple examines the content protection market and warns users to keep realistic expectations.Continue Reading

• Public wireless networks present a raft of dangers

  A company's end-users don't always have the luxury of a protected network, as many often leave the comfort of their guarded corporate environment and access the Internet from coffee shops, hotels, airports and other public areas. In this tip, Mike ...Continue Reading

• Should full disk encryption be used to prevent data loss?

  According to a Ponemon Institute survey done in August 2006, eighty-one percent of companies reported the loss of one or more laptops during a 12 month period. In this SearchSecurity.com Q&A, platform security Michael Cobb explains whether that ...Continue Reading

• How to get management interested in an information security program

  When it comes to firing up an information security program, are your execs sitting on their hands? In this expert Q&A, security management pro Shon Harris reveals how to speak the language of senior management.Continue Reading

• IT compliance success doesn't equal security success

  While compliance needs may help boost an information security department's budget, using the compliance card to receive more funding can cause more harm than good. In this tip, contributor Khalid Kark, Senior Analyst at Forrester Research explains ...Continue Reading

• What enterprise tools can scan files for sensitive data?

  Given the many recent high-profile data breaches, organizations seem keen on securing their sensitive data, including credit card and social security numbers. In this expert Q&A, SearchSecurity.com's Mike Chapple reviews tools that can scan ...Continue Reading

• Should log traffic be encrypted?

  Should you be encrypting your security log transmissions? "It depends!" explains Mike Chapple in this SearchSecurity.com expert Q&A.Continue Reading

• Database compliance demystified

  As security professionals grapple with both federal mandates and industry-specific guidance, many wonder how best to approach these issues in terms of data protection and security. In this tip, James C. Foster looks at specific regulations such as ...Continue Reading

• RFID security issues endanger companies and consumers

  As the holiday season approaches, credit card purchases will undoubtedly increase. However, before waving your RFID-enabled credit card at the checkout of your favorite store, research suggests you may want to think twice. In this tip, Joel Dubin ...Continue Reading

• Defensive measures for evolving phishing tactics

  From image spam to cross-site scripting, hackers certainly have a large arsenal of weapons to choose from. But as AT&T recently learned, hackers are putting a new twist on ever-dependable phishing schemes to gain access to confidential and sensitive...Continue Reading

• IT Infrastructure Library: Regulatory compliance benefits and training options

  The IT Infrastructure Library (ITIL) can assist organizations in their regulatory compliance efforts. This article explains how and outlines training options for security practitioners interested in becoming ITIL certified.Continue Reading

• Laptop crypto: Do it, but realize it's not a panacea

  Laptop encryption has its pros and cons. Find out how to use laptop crypto to keep your sensitive data secure -- even if it falls in the hands of the enemy.Continue Reading

• How can I protect the sensitive information that resides on my laptop?

  Learn how to safeguard data that resides in your laptop in this Network Security Ask the Expert Q&A.Continue Reading

• Telecommuting security: Protecting sensitive data inside and out

  The rash of laptop thefts in recent months has brought telecommuting and remote access security to the forefront of many information security professionals' minds. In this tip, Joel Dubin examines the mistakes made in the VA data theft case and ...Continue Reading

• How to recognize a Web site that uses Secure Electronic Transaction

  Learn how Secure Electronic Transaction works in this network security Ask the Expert Q&A.Continue Reading

• Regulatory compliance: Sun shines on SB-1386

  This case study reveals how Michelle Dennedy, Sun Microsystems chief privacy officer, tackled SB-1386 compliance by making it part of the corporate culture.Continue Reading

• Compliance guide for managers: Lessons learned and best decisions

  Compliance guide for managers: Lessons learned and best decisionsContinue Reading

• Checklist: 11 things to do after a hack

  Your network's been cracked, what do you do next? Contributor Jonathan Hassell recommends following these eleven steps to limit damage and preserve evidence.Continue Reading

• Separating fact from fiction: Security technologies for regulatory compliance

  This presentation by Burton Group analyst Diana Kelley explores what companies need to think about when creating policies for compliance.Continue Reading

• The 5 pillars of successful compliance

  Find out how to put the key benefits of what Pamela Fusco achieved at Merck & Co. to work in your own organization as she covers five key areas associated with security's role in compliance.Continue Reading

• What to tell senior management about regulatory compliance

  The IT Governance Institute offers actionable advice for implementing security governance as it relates to regulatory compliance.Continue Reading

• Does your organization need a CCO?

  Find out how tackling compliance -- particularly when regulations share common goals -- can be made easier by charging a corporate compliance officer (CCO) with oversight responsibility.Continue Reading

• Meeting the PCI Data Security Standard requirements mitigates threats

  Learn how how using five security best practices gets you closer to compliance with the PCI Data Security Standard and helps mitigate common threats to e-business.Continue Reading

• Getting your regulatory priorities in order

  Learn five key elements to help you avoid trouble, expend the least amount of effort and ensure your priorities are on target and in order for your regulatory compliance projects.Continue Reading

• How to stop hacker theft: Employee awareness, risk assessment policies

  In the first of a six-part primer on thinking like a hacker, security managers are encouraged to examine publicly available information and discarded data.Continue Reading

• What percentage of security breaches originate internally vs. externally?

  Continue Reading

• Compliance with California's new mandatory disclosure law

  Learn everything you need to know about California's new disclosure law.Continue Reading