What business can learn from the Equifax data breach
Security professionals need a systematic analysis process to make sure they aren’t the next Equifax when customer data is compromised.
Stories by Ira Winkler
How safe are your passwords? Real life rules for businesses to live by
While people applaud easier password guidance from NIST, easier is not better. Here’s what you need to consider when creating a company password policy.
7 elements of a successful security awareness program
Action items for CSOs looking to bolster their security awareness programs.
WannaCry: Sometimes you can blame the victims
Last week’s big malware outbreak caused a lot of damage, but organizations that made good decisions ahead of time weren’t affected.
What prevents breaches: process, technology or people? One answer is PC, and one is right.
Many experts say that people are more important than process in the IT security world. That is politically correct, as opposed to actually correct.
At Dulles, a security awareness success story
The detention of Norway’s former prime minister, when stripped of politics, was an example of proper security awareness.
Security pros are their own worst enemy
Just when the world seems ready to listen to us, we give it a display of epic bickering.
Pokémon Go: Into the real world, with real crime
The game is getting its players off the couch, which already wasn’t safe from the bad guys.
Crying ‘Wolf!’ seems to work for security
Breaches that weren’t have gotten a lot of attention — and that’s not such a bad thing.
Charges against Iranian hackers are ignorant, cowardly and dangerous
Iranian and Chinese governments directed and funded attacks, so why are Iranian and Chinese citizens being charged instead of the governments that directed their actions?
Ouch! Apple’s free publicity could backfire
Apple is trying to position itself as a staunch defender of citizens’ privacy. But when you extend its arguments to their logical conclusion, it comes out looking like the company is incapable of protecting its secrets.
5 facts about Apple and the terrorist’s iPhone
The truth behind the hype and misunderstandings surrounding the case.
The CSI Effect comes to RSA Conference
The conference organizers didn’t expect the outrage that followed the scheduling of a session on the TV series <i>CSI: Cyber</i>. They should have, though.
The ‘sophisticated attack' myth
Sometimes I wonder whether any company will ever fall victim to an unsophisticated cyberattack. Because after every attack that comes to light, we hear that same excuse: It was a sophisticated attack.
Why <i>The Interview</i> won't play in Peoria -- for now
Maybe I should be outraged by Sony's decision not to distribute the movie <em>The Interview</em>, but I am merely saddened by it. I am saddened that a hacking incident with all the hallmarks of a simple case of extortion has been distorted so it looks like a terrorist threat.