Security awareness training and insider threats

Get advice and tips on how end user security awareness training can help prevent internal risks and external threats. Find out how training can protect users against phishing attacks, social engineering schemes and other threats that can lead to data breaches.

June 22, 2021 22 Jun'21
COVID, gift cards and phony acquisitions top BEC attack trends

New research from Cisco Talos shows cybercriminals are still using the COVID-19 pandemic for BEC attacks to steal millions, but in slightly different ways.
June 01, 2021 01 Jun'21
RSA Conference 2021: Focus on resilience

SearchSecurity will be at RSAC 2021, virtual edition, to provide pre-conference coverage and breaking news and analysis from the world's biggest infosec event.
April 08, 2021 08 Apr'21
Unpatched applications threaten SAP security

Cyberattacks are a significant threat to unpatched, unprotected SAP applications, according to a new threat intelligence report from SAP and Onapsis.
April 01, 2021 01 Apr'21
Man indicted in Kansas water facility breach

While the attempted tampering of a Kansas water facility occurred more than two years ago, the Justice Department this week indicted a 22-year-old former employee.

Bring yourself up to speed with our introductory content

passive attack

A passive attack is a network attack in which a system is monitored and sometimes scanned for open ports and vulnerabilities. Continue Reading
social engineering

Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices to gain unauthorized access to systems, networks or physical locations... Continue Reading
insider threat

An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

Risk-based vulnerability management tools in the cloud

As enterprises increasingly rely on cloud services, a risk-based vulnerability management approach can provide the best protection against cybersecurity threats. Continue Reading
How to perform a cybersecurity risk assessment in 5 steps

This five-step framework for performing a cybersecurity risk assessment will help your organization prevent and reduce costly security incidents and avoid compliance issues. Continue Reading
Malware researcher speculates on the future of ransomware

Abhijit Mohanta, author of 'Preventing Ransomware,' opines on the future of ransomware and discusses why this attack is favored among cybercriminals. Continue Reading

Learn to apply best practices and optimize your operations.

4 ways to build a thoughtful security culture

It's time companies paid more attention to their security culture, working toward building an effective security awareness program that everyone can understand and get behind. Continue Reading
Strengthening supply chain security risk management

In the wake of several supply chain attacks, Pam Nigro discusses how companies can work to reduce risk by broadening how to manage third-party vendors' access to company data. Continue Reading
How to manage third-party risk in the supply chain

From third-party risk assessments to multifactor authentication, follow these steps to ensure suppliers don't end up being your enterprise cybersecurity strategy's weakest link. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

6 ways to prevent insider threats every CISO should know

Too often, organizations focus exclusively on external risks to security. Infosec expert Nabil Hannan explains what CISOs can do to effectively assess and prevent insider threats. Continue Reading
Explore 5 business email compromise examples to learn from

Gift cards are for gifts, never for payment. Explore real-world examples of business email compromise to learn common attack patterns and red flags. Continue Reading
Technical controls to prevent business email compromise attacks

Technical controls are at the heart of preventing successful business email compromise attacks. Learn about those and extra considerations to keep your business secure. Continue Reading