Category: Security Intelligence

Read the original article: What Does Modern Even Mean? How to Evaluate Data Security Solutions for the Hybrid Cloud and Beyond There is a lot of talk about ‘modern’ data security. Organizations want a data security strategy that aligns with a…

Read more →

Read the original article: Perpetual Disruption Part 1: What is Good Cybersecurity Governance in Health Care? Disruption means constant change. This brings benefits to businesses and can improve customer loyalty. But, the costs tend to be new and large security…

Read more →

Read the original article: Cookie Hijacking: More Dangerous Than it Sounds Multifactor authentication (MFA) is a great way to prevent threat actors from using stolen credentials to access your network. But with remote work becoming the norm and the attack…

Read more →

Read the original article: Software Composition Analysis: Developers’ Security Silver Bullet Security experts are always looking for a silver bullet. New products promise to resolve all your issues. Typically, these products overpromise to expand market share. Most attacks we see…

Read more →

Read the original article: IBM Named a Strong Performer in The Forrester Wave™: External Threat Intelligence Services, Q1 2021 How can organizations keep up with today’s evolving threat landscape, highlighted by targeted phishing attacks, profit-seeking ransomware and advanced persistent threats…

Read more →

Read the original article: Clean Sweep: A 30-Day Guide to a New Cybersecurity Plan While the arrival of spring promises better days ahead, enterprises are also facing a cyberthreat landscape filled with both familiar threats and emerging attack vectors. As…

Read more →

Read the original article: Threat Actors’ Most Targeted Industries in 2020: Finance, Manufacturing and Energy IBM Security’s annual X-Force Threat Intelligence Index uses data derived from across our teams and managed customers to gather insights about the topmost targeted industries…

Read more →

Read the original article: Risk Management, C-Suite Shifts & Next-Gen Text Scams: Your March 2021 Security Intelligence Roundup This month in digital security, scam text messages may seem like an easy attack to dodge, but they’re getting smarter. Meanwhile, chief…

Read more →

Read the original article: Are Cloud-Native IAM Controls Good Enough for Your Enterprise? Organizations of every type and size are looking to the cloud for a multitude of benefits, including agility, quick time-to-value, cost savings and scalability. But enterprise-scale deployments…

Read more →

Read the original article: Consent Management: Picking the Right CIAM Strategy Practically everything consumers do online — shopping, paying bills and signing up for new services — requires some level of personal data sharing or changing privacy settings. Consumers need…

Read more →

Read the original article: 5 Cloud Security Must-Haves in 2021 Organizations undertaking the move to the cloud face a blizzard of sometimes confusing buzzwords. There’s hybrid cloud, multicloud, digital transformation, microservices and so much more. While these terms can be…

Read more →

Read the original article: Women in Cybersecurity: Why Diversity Matters March is Women’s History Month, so it’s a perfect time of the year to look back and see how far women in cybersecurity have come. From pioneering tech to achieving…

Read more →

Read the original article: Health Care Cybersecurity: Costly Data Breaches, Ensuring PII Security and Beyond As hospitals get smarter, threat actors have more routes inside. IBM’s recent research on the health care industry shows how smart tools, which could be…

Read more →

Read the original article: The Next-Gen Cyber Range: Bringing Incident Response Exercises to the Cloud At IBM X-Force, we keep our customers on the cutting edge of cybersecurity experiences, centered around incident response, and these include responding in cloud native…

Read more →

Read the original article: Loving the Algorithm: User Risk Management and Good Security Hygiene Cybersecurity awareness programs can be like painting the Golden Gate Bridge: by the time you think you are done with the current job you practically have…

Read more →

Read the original article: Reaching Strategic Outcomes With an MDR Service Provider: Part 5 This is the fifth in a five-part blog series on managed detection and response (MDR) as it drives strategic security outcomes for businesses. Now that you’ve…

Read more →

Read the original article: Retail Cybersecurity: How to Protect Your Customer Data In the early days of the pandemic, many retailers quickly launched e-commerce stores for the first time. Others expanded their offerings, such as adding online ordering with curbside…

Read more →

Read the original article: Dridex Campaign Propelled by Cutwail Botnet and Poisonous PowerShell Scripts IBM X-Force threat intelligence has been observing a rise in Dridex-related network attacks that are being driven by the Cutwail botnet. Dridex is delivered as a…

Read more →

Read the original article: Top 10 Cybersecurity Vulnerabilities of 2020 What cybersecurity vulnerabilities new and old should organizations look out for this year? Let IBM X-Force be your guide to today’s top cybersecurity threats with this detailed report.  First, scanning…

Read more →

Read the original article: Why the Demand for Application Development Security Skills Is Exploding Application development security is a key task when it comes to looking to the future of cybersecurity. A recent industry study shows it is the fastest-growing…

Read more →

Read the original article: Innovation Through Diverse Thinking: Amplifying Gender Diversity and Shrinking the Skills Gap Cybersecurity Help Wanted Those of us who work in the cybersecurity field continue to witness the capabilities of adversaries outpace the profession’s ability to…

Read more →

Read the original article: Cloud Native Tools Series Part 2: Understand Your Responsibilities As I mentioned in my first blog: traditional security just doesn’t work in the cloud. Businesses dependent on the cloud can make up for this by choosing native…

Read more →

Read the original article: Cloud Clarity: Adding Security and Control to the AWS Shared Responsibility Model Have your security team members ever made a mistake in the cloud? Human error happens and it can take on many forms. But, none…

Read more →

Read the original article: How Enterprise Design Thinking Can Improve Data Security Solutions “Design must reflect the practical and aesthetic in business, but above all … good design must primarily serve people,” said Thomas J. Watson, a man synonymous with…

Read more →

Read the original article: The Shift to E-Commerce: How Retail Cybersecurity is Changing With more people making purchases from home, now is a more important time than ever to secure your business against retail security threats. More and more customers…

Read more →

Read the original article: Don’t Speed Past Better Cloud App Security They say you can only have two of three — fast, good and cheap. When it comes to developing cloud-based applications, I think that a fourth criteria should be…

Read more →

Read the original article: A More Effective Approach to Combating Software Supply Chain Attacks Software supply chain attacks are not new, although, as we have seen recently, if executed successfully, they can have huge payoffs for sophisticated attackers. Detecting malicious…

Read more →

Read the original article: Cybersecurity Trends and Emerging Threats in 2021 The year 2021 is finally here, bringing with it the promise of a brighter future — but a long road ahead. In this piece, we’ll dive into five cybersecurity…

Read more →

Read the original article: ‘Clear and Present Danger’: Why Cybersecurity Risk Management Needs to Keep Evolving The phrase ‘future-proof’ is seductive. We want to believe technology prepares us for the future. But with threat actors and developers in an arms…

Read more →

Read the original article: Cybersecurity Gaps and Opportunities in the Logistics Industry Shipping and logistics is, in many ways, the backbone of our lives and businesses. What business doesn’t benefit from fresh food or a timely delivery? Unfortunately, this industry…

Read more →

Read the original article: Offboarding: A Checklist for Safely Closing an Employee’s Digital Doors Three years after I left my former job, I got an official letter telling me the organization suffered a data breach. My personal information was at…

Read more →

Read the original article: Developers vs. Security: Who is Responsible for Application Security? Call it the blame game or just a vicious circle. The long-standing tension between developers and IT security experts is not easing anytime soon. Each side blames…

Read more →

Read the original article: 2021 X-Force Threat Intelligence Index Reveals Peril From Linux Malware, Spoofed Brands and COVID-19 Targeting From the front lines of incident response engagements to managed security services, IBM Security X-Force observes attack trends firsthand, yielding insights…

Read more →

Read the original article: Security Automation: The Future of Enterprise Defense When it comes to giving cyber security experts the tools they need to take action, automation and machine learning (ML) can make a big difference. Many companies are working…

Read more →

Read the original article: 2021 X-Force Threat Intelligence Index Reveals Peril From Linux Malware, Spoofed Brands and COVID-19 Targeting From the front lines of incident response engagements to managed security services, IBM Security X-Force observes attack trends firsthand, yielding insights…

Read more →

Read the original article: How a CISO’s Executive Role Has Changed Ever since the role of the chief information security officer (CISO) was first created in 1994, the position has been treated like the pesky youngest sibling in the C-suite…

Read more →

Read the original article: Manufacturing Cybersecurity Threats and How To Face Them With manufacturing cybersecurity threats on the rise, what should companies know about protecting their digital assets in the future?  Risks to Security in Manufacturing The number of ransomware…

Read more →

Read the original article: Cyber Resilience Strategy Changes You Should Know in the EU’s Digital Decade For enterprises operating in Europe, the European Commission’s December 2020 EU Cybersecurity Strategy may dictate how you go about improving cyber resilience.    The…

Read more →

Read the original article: Braced for Impact: Fostering Good Cloud Security Posture Management Starting off on the right foot in digital defense today means having good Cloud Security Posture Management (CSPM). Although it can be challenging to adopt, this set…

Read more →

Read the original article: The Uncertainty of Cybersecurity Hiring Cybersecurity hiring is going through a weird phase. The pandemic, the remote work movement, budget changes and the rising aggression and refinement of cyber attacks are all major shifts. Through it…

Read more →

Read the original article: Firewall Services and More: What’s Next for IT? Firewall services, cloud network protection tools and other IT defense staples are seeing a lot of changes in 2021. IT landscapes are growing more complex, as are the…

Read more →

Read the original article: Solving 5 Challenges of Contact Tracing Apps Contact tracing apps are designed to help public health agencies connect the dots by linking confirmed carriers of novel coronavirus to recent, close-proximity interactions. In theory, this creates a…

Read more →

Read the original article: Unleash the Power of MITRE for a More Mature SOC The MITRE adversarial tactics, techniques and common knowledge (ATT&CK) framework brings pooled knowledge from across the cyber defense community, including revealing what threat actors are up to…

Read more →

Read the original article: Network Segmentation Series: What is It? This is the first in a series of three blog posts about network segmentation.  Many businesses are looking to augment their defenses by changing their approach to network security. Take…

Read more →

Read the original article: Beyond Text Messages: How to Secure 2FA Against Phone Authentication Scams If you or your employees access protected information with authentication codes sent to a cell phone, you might want to rethink your plan. Two-factor authentication…

Read more →

Read the original article: Why Every Company Needs a Software Update Schedule Software without the most recent patch is like an unlocked door for threat actors. They know the openings are there and can just walk in. But patching and…

Read more →

Read the original article: 5 Ways to Overcome Cloud Security Challenges During the second quarter of 2020 — for the first time in history — customers worldwide spent more on public cloud systems than on investments in non-cloud IT systems.…

Read more →

Read the original article: AI Security: Curation, Context and Other Keys to the Future Security leaders need to cut through the hype when it comes to artificial intelligence (AI) security. While AI offers promise, buzzwords and big-picture thinking aren’t enough…

Read more →

Read the original article: Hiring Cloud Experts, Despite the Cybersecurity Skills Gap The cybersecurity skills gap continues to be a real issue, but there may finally be a light at the end of the tunnel. For the first time, the…

Read more →

Read the original article: Smell the Attack? Sensory-Immersive Cyber Range Training for Industry 4.0 Humanity has been through a number of industrial revolutions since the 1760s, and is now at its fourth cycle of sweeping industrial innovation, known as Industry…

Read more →

Read the original article: Boost Your Organization’s Digital Security With Zero Trust Organizations are increasingly creating zero trust policies to augment their digital security postures. According to Infosecurity Magazine, 15% of organizations say they implemented a zero trust policy by…

Read more →

Read the original article: Employee Mental Health: Managing Stress and Trauma For many people working in cybersecurity, employee mental health could be a bigger part of our days. Our jobs entail a lot of putting out fires and being hyper-vigilant…

Read more →

Read the original article: Cloud Security Considerations to Watch Out for During Mergers and Acquisitions Staying vigilant through each phase of a mergers and acquisitions (M&A) process can help businesses overcome cloud threats. Threat actors have hit victims during M&As…

Read more →

Read the original article: Intro to DevSecOps: Why Integrated Security is Key in 2021 The unprecedented events of 2020 only accelerated the adoption of cloud-based business models. These highly scalable solutions and services have made work easier for employees calling…

Read more →

Read the original article: Cybersecurity Insurance Pros and Cons: Is it the Best Policy? Cyberattacks can cause major loss of revenue for businesses and other groups of all sizes. As a result, cybersecurity insurance is being discussed more and more.…

Read more →

Read the original article: Cloud Native Tools Series Part 1: Go Beyond Traditional Security Like anyone who works with their hands, cybersecurity experts need the right tools for the job. As we’ll see in this blog and the series to…

Read more →

Read the original article: Moving Threat Identification From Reactive to Predictive and Preventative In a previous post, we focused on organizations’ characteristics, such as sector, geography, risk and impact, when discussing the pillars of building a threat identification program. Now,…

Read more →

Read the original article: Remote Work Trends: How Cloud Computing Security Changed Looking back on 2020, we can honestly say it was a year like no other. We faced wildfires, hurricanes, a raucous election season and, of course, a pandemic…

Read more →

Read the original article: 5 Ways Companies Can Protect Personally Identifiable Information Protecting personally identifiable information (PII) is one of the key aspects of a security expert’s job. What does personally identifiable information include? Social Security numbers, birth dates and…

Read more →

Read the original article: How Doxing Affects Gen Z In the past, public and famous figures had to worry most about doxing. Two men were arrested in New York for doxing after posting home addresses and Social Security numbers of…

Read more →

Read the original article: Does a Strong Privacy Program Make for a Stronger Security Program? There is a saying in sociopolitical circles: “politics is downstream from culture.” Using that same line of thinking, poses a question: Is information security downstream…

Read more →

Read the original article: Link Previews Could Threaten Your Digital Security and Privacy Popular chat apps sometimes use link previews as a convenient shortcut. Link previews are pop-up boxes you might see on a chat app or other social media platform…

Read more →

Read the original article: School’s Out for Ransomware When I was growing up, snow days (days off for inclement weather or heavy snowfall) weren’t uncommon. We’d get 24 hours or so of freedom, then mother nature would eventually step in…

Read more →

Read the original article: How to Shut Down Business Units Safely A nimble organization needs to be ready for growth — and cuts. Sometimes business closure or shutting down a unit is needed, either as part of the evolution of…

Read more →

Read the original article: Consider the Human Angle in Your Threat Modeling When it comes to threat modeling, many businesses plan as if there were only a few possible scenarios in which cybersecurity or privacy-related incidents could occur. We need…

Read more →

Read the original article: A Look at HTTP Parameter Pollution and How To Prevent It With HTTP Parameter Pollution (HPP) attacks, threat actors can hide scripts and processes in URLs. First discovered in 1999, this technique can also allow threat…

Read more →

Read the original article: Reaching Strategic Outcomes With An MDR Service Provider: Part 4 This is the fourth in a five-part blog series on managed detection and response as it drives strategic security outcomes for businesses. More and more managed…

Read more →

Read the original article: CISO Success: It’s About More Than Tech Skills The chief information security officer (CISO) is a relatively new position in the C-suite. It’s about 25 years old or less, depending on whom you ask. But, it…

Read more →

Read the original article: Is the End of the Firewall in Sight? Is a firewall a thing of the past? People have been questioning the utility of firewalls for years. Columnist and editor Roger A. Grimes wrote that “firewalls need…

Read more →

Read the original article: Password Safety: Rethink Your Strong Password “Use longer, stronger passwords.” This is a directive we’ve been accustomed to hearing for decades. Many of us are using strong passwords with a combination of uppercase letters, lowercase letters,…

Read more →

Read the original article: The Importance of Mobile Technology in State Electronic Visit Verification (EVV) Programs Under the federal Electronic Visit Verification mandate, care providers for people with disabilities or the elderly confined to their homes will need to check in…

Read more →

Read the original article: Triage Attacks More Efficiently With AI for Cybersecurity Think of cybersecurity like your personal health. In cybersecurity, basic cyber hygiene foils most cyber attacks. With a shortage of cyber experts, just as in medicine, finding faster…

Read more →

Read the original article: Space Cybersecurity: How Lessons Learned on Earth Apply in Orbit The universe is getting smaller, and space cybersecurity is keeping up. On May 30, 2020, nearly a decade after the Space Shuttle program ended, people witnessed…

Read more →

Read the original article: What You Need to Know About Scam Text Messages in 2021 The threat of scam text messages may now seem distant, even quaint. With all the new, exotic and sophisticated attacks that have arisen in the…

Read more →

Read the original article: How is Enterprise Security Like Writing a Novel? Pen, paper and ink alone do not make a novel. In the same way, anti-malware, firewalls and SIEM tools alone do not make an enterprise secure. Too many…

Read more →

Read the original article: TrickBot’s Survival Instinct Prevails — What’s Different About the TrickBoot Version? October 2020 saw the TrickBot Trojan, a prominent cybercrime gang’s tool of choice, suffer a takedown attempt by security vendors and law enforcement. Unfortunately, the…

Read more →

Read the original article: Credential Stuffing: AI’s Role in Slaying a Hydra One data breach can lead to another. Because so much of the data stolen in breaches ends up for sale on the dark web, a threat actor can…

Read more →

Read the original article: For Attackers, Home is Where the Hideout Is Remember the good ol’ days of playing hide-and-seek? It’s hard to forget the rush of finding the perfect hiding place. I remember crouching into a tiny ball behind…

Read more →

Read the original article: QR Code Security: What You Need to Know Today QR codes are very common today, enough so that attackers are discovering ways of using them for profit. How can QR codes be used this way, and…

Read more →

Read the original article: Managing Cybersecurity Costs: Bake These Ingredients Into Your Annual Budget As businesses across all industries evolve, once discretionary expenses become operating costs.  Insurance coverage, for example, is pretty much ‘a must’ across many industries. The latest…

Read more →

Read the original article: Misconfigurations: A Hidden but Preventable Threat to Cloud Data Working in the cloud has many advantages. But to handle your information safely, you should know how to defend against the common problem of misconfigurations leaving cloud…

Read more →

Read the original article: Hybrid Cloud Adoption Brings Security on the Go Hybrid cloud environments are a common sight in today’s digital world. IBM’s Assembling Your Cloud Orchestra report found 85% of organizations already utilize a hybrid cloud and 98%…

Read more →

Read the original article: Preparing a Client Environment for Threat Management A key part of making any threat management program successful is ensuring it maps properly to the client’s needs. In the past, this has been challenging for many groups…

Read more →

Read the original article: 5 Cybersecurity Best Practices For Planning Ahead Putting best practices in place is the most efficient way to combat cybersecurity threats. But that’s easier said than done, as there are a lot of forces working against…

Read more →

Read the original article: Social Engineering And Social Media: How to Stop Oversharing You’ve done your due diligence, practice good security hygiene and have the best security tools available. Now, your security posture is strong. But, your plan is only…

Read more →

Read the original article: Peaks and Valleys: The Mental Health Side of Cybersecurity Risk Management There is one risk cybersecurity experts often overlook: burnout. We can build on threat detection and incident response capabilities and use cybersecurity risk management frameworks,…

Read more →

Read the original article: What is STRIDE and How Does It Anticipate Cyberattacks? STRIDE threat modeling is an important tool in a security expert’s arsenal. Threat modeling provides security teams with a practical framework for dealing with a threat. For…

Read more →

Read the original article: Cybersecurity for Healthcare: Addressing Medical Image Privacy Medical imaging devices have greatly improved patient care and become a critical part of modern medical treatment. But, these devices weren’t always connected in ways they are today. Today’s…

Read more →

Read the original article: Cybersecurity Ethics: Establishing a Code for Your SOC Since security intersects so much with privacy, cybersecurity ethics decisions should be on your mind at work.  Being part of a high-performing computer security incident response team (CSIRT) or…

Read more →

Read the original article: How Working From Home Has Changed Cybersecurity Awareness Training Some of the most surprising news coming out of 2020 — a year when it seemed like there was a major breaking story every day — is…

Read more →

Read the original article: Why Red Team Testing Rules the Cloud Red team testing is a key way to help prevent data breaches today. Most cyber defense focuses on spotting openings and fixing general risks in your environment. Red teaming…

Read more →

Read the original article: Biometrics: Choosing the Right Option for Your Security Do you know who your customers are? Not their demographics, but each customer as they enter your online portal and provide their name, address and credit card number.…

Read more →

Read the original article: How to Make Personalized Marketing Effective With Consumer Identity Programs Everyone is fighting for the attention of potential customers. It’s the work you’ve done; the creative energy expended by your team; and the amount of time…

Read more →

Read the original article: Best Practices for Securing Modern Data Architecture Today’s cloud-native data management platforms can help businesses unlock the potential of their data. These modern data management and storage platforms are designed to deliver lean, high-performance architecture for…

Read more →

Read the original article: ‘Tis the Season for Nonprofit Cybersecurity Risks to Reach New Heights The period between Christmas and New Year’s Day has long been the time people give to charities the most, making the charities themselves attractive targets…

Read more →

Read the original article: 5 IoT Threats To Look Out for in 2021 As we bring 2020 to a close, it’s time to look at 2021 and a new chapter in the book of cybersecurity. While there are no doubt…

Read more →

Read the original article: Cybersecurity Trends: Keeping Up With 2020’s ‘New Normal’ This year has seen major changes in cybersecurity trends. At times, 2020 seems to have come and gone in a flash. For many, it has dragged on for…

Read more →

Read the original article: 7 Cybersecurity Tools On Our Holiday Wish List The holiday season is upon us. After a difficult year, and facing an even more challenging year ahead, digital defense experts don’t have visions of sugar plums dancing…

Read more →

Read the original article: How to Not Fall for a Charity Scam This Holiday Season This holiday season, many people will turn to charities to give back. The last thing they want to do is give money to scammers instead…

Read more →

Read the original article: Fully Homomorphic Encryption: Unlocking the Value of Sensitive Data While Preserving Privacy They come in the mail — ominous-looking envelopes that are devoid of branding and obvious marketing embellishments. Plain white, marked with often-unrecognizable return addresses,…

Read more →