State of the Endpoint Identifies Risky Users as Top Threat

For years, security pros have complained joked about over-zealous users who click on everything. With today’s release of the sixth annual State of the Endpoint study by Ponemon Institute, and commissioned by Lumension, the joke is reality for many and unfortunately it isn’t all that funny.

Negligent and/or careless employees who do not follow security policies are ranked the #1 threat to an organization’s IT security said 78% of the new study’s responding IT security professionals.

> Read More

Information Aversion – The Ostrich Effect

Are we hurting our cause when we describe, in gruesome detail, the potential outcomes of a data breach or other IT security breach? Are we inadvertently pushing real security further off when we chase on the latest whiz bang technology instead of focusing on making steady progress?

That’s what came to mind when I recently heard an NPR piece on Information Aversion.

> Read More

Three Lessons Learned From the NSA’s Use of Big Data and Security Analytics

Security analytics is the term being applied to the new methods being developed to counter sophisticated targeted attacks. The idea is simple but implementation requires skill sets that have yet to be acquired by most organizations. Gather as much data as possible, apply filters derived from security intelligence, and identify attacks in progress or already firmly established beachheads made by the adversary.

> Read More

To Layer or Integrate? That is the Question

Indeed, the debate over whether to mix a myriad of tools and technologies to create a bulletproof shield that hackers can’t invade or to take an integrated approach to in-depth defense to combat persistent threats is ongoing. But more cyber security analysts are speaking out about the benefits of integration.

Also known as layered defense,

> Read More

Compliance Is Bad for Security

There are two separate approaches to keeping data safe: compliance and security. The first is a legal/regulatory obligation; the second is not. If you ask a compliance author, whether that’s a government legislator or a bureaucratic regulator, what is the purpose of compliance, the reply will be ‘to ensure security.’ If you ask the same person,

> Read More

3 Executive Strategies to Prioritize Your IT Risk

Every company wants to know the best way to protect their company, but it can be difficult when faced with the evolving security challenges of today. I recently sat down with Richard Mason, VP & CSO at Honeywell, Roger Grimes, security columnist and author, to get their thoughts on risk management best practices. I hope these strategies will help companies prioritize their IT risk and think beyond the traditional IT standards.

> Read More

Push for Centralized Infrastructure and Branch Office Consolidation Will Prove Risky in 2013

My series of 2013 predictions began with more malware and then some thoughts on risk created by quick data center consolidations. Furthering the idea of consolidation, I also think centralized infrastructure and branch office trends will create additional risk in the new year.

Historically, our network infrastructures have been handled in a decentralized manner.

> Read More

For Want of a Nail …

… the kingdom was lost.

This real-life cautionary tale, told to me by my colleague’s brother (let’s call him Mr. X), concerns a risk-reward decision gone awry. X’s company is a good-sized global in international construction services company with over $1B in revenue and around 5000 employees; they have about 7000 servers and endpoints under management.

> Read More

Security Simplified at SecuritySCAPE 2012

All good things must come to an end, and unfortunately the same goes for SecuritySCAPE 2012. To everyone who participated, thank you. I hope you enjoyed the event and walked away with new knowledge, ideas and tools to combat the constantly changing threat landscape.

If you missed any of the sessions,

> Read More