The need for identity protection has never been stronger. Identity theft accounted for 74 percent of all data breaches in the first half of 2017, and costs associated with cybercrime are expected to reach $6 trillion annually by 2021. Any time an employee's username and password are compromised, your business is vulnerable. Eight-character passwords that changed every 90 days worked well a decade ago, but increasingly commonplace attack methods like password cracking, phishing, or screen scraping call for a new kind of protection.
Security risks and breaches have become part of the daily landscape as companies and organizations of every size and in every vertical and industry announce that they have been compromised. In 2016 reported security breaches were up 40%, and this year is on pace to surpass that steep rise. Over the past year alone, there have been high-profile breaches in the gaming, financial services, hospitality, food service, consumer packaged goods, and retail sectors. Many of those breaches occurred due to vulnerabilities in applications and on websites. For example, this past April, the IRS announced a breach attributable to a tool designed to fetch data for the Free Application for Federal Student Aid (FAFSA) form.
Tech advances like the cloud, mobile technology, and the app-based software model have changed the way today’s modern business operates.
They’ve also changed the way criminals attack and steal from businesses. Criminals strive to be agile in much the same way that companies do. Spreading malware is a favorite technique among attackers. According to the 2019 Data Breach Investigations Report, 28% of data breaches included malware.¹
While malware’s pervasiveness may not come as a surprise to many people, what’s not always so well understood is that automating app attacks—by means of malicious bots —is the most common way cybercriminals commit their crimes and spread malware. It helps them achieve scale.
Safeguarding the identity of users and managing the level of access they have to critical business applications could be the biggest security challenge organizations face in today’s assumed breach world.
Published By: Blackberry
Published Date: Jul 12, 2019
Law firms have received two dramatic wake-up calls about the vital importance of data
security in the last two years. First, there was the leak of 11.5 million documents from
offshore law firm Mossack Fonseca, known as the Panama Papers, which became public
Then came the massive cyberattack on prominent global law firm DLA Piper
in the summer of 2017.2
As we will explore, despite the industry’s aversion to media
coverage of such attacks, less-visible breaches involving the legal profession are being
reported worldwide in ever-increasing numbers.
Published By: Gigamon
Published Date: Sep 03, 2019
We’ve arrived at the second anniversary of the Equifax breach and we now know much more about what happened due to the August 2018 release of the GAO Report. New information came out of that report that was not well-understood at the time of the breach. For example, did you know that while Equifax used a tool for network layer decryption, they had certificates nine months out of date? This lapse gave the threat actors all the time they needed to break in and exfiltrate reams of personal data. As soon as Equifax updated the certs on their decryption tools, they began to realize what happened.
On the heels of the Equifax breach, we are reminded of the importance of efficient decryption for effective threat detection. That’s more important than ever today; Ponemon Institute reports that 50% of all malware attacks utilize encryption.
During this webinar, we’ll talk about:
-How TLS/SSL encryption has become a threat vector
-Why decryption is essential to security and how to effectively pe
Published By: Gigamon
Published Date: Sep 03, 2019
Network performance and security are vital
elements of any business. Organisations are
increasingly adopting virtualisation and cloud
technologies to boost productivity, cost savings
and market reach.
With the added complexity of distributed
network architectures, full visibility is necessary
to ensure continued high performance and
security. Greater volumes of data, rapidlyevolving threats and stricter regulations have
forced organisations to deploy new categories
of security tools, e.g. Web Access Firewalls
(WAFs) or Intrusion Prevention Systems (IPS).
Yet, simply adding more security tools may not
always be the most efficient solution.
Published By: Experian
Published Date: Aug 29, 2019
Card-not-present fraud is estimated to reach $19.3 billion by 2022. Online payment fraud will grow 13.7% from 2017-2022 – Juniper
Dive deeper into these data points with a focus on assessing the impact, challenges and opportunities presented by emerging payment mechanisms and regulation, as well as an in-depth assessment of sector-specific trends and outlook in regard to digital fraud. It provides essential reading for those wishing to understand where the key strategic focus should lie and how market forces are affecting the industry.
Published By: CheckMarx
Published Date: Jun 21, 2019
DevSecOps, modern web application design and high-profile breaches are expanding the scope of the AST market. Security and risk management leaders will need to meet tighter deadlines and test more complex applications by accelerating efforts to integrate and automate AST in the software life cycle.
As Italy’s businesses grew increasingly vulnerable to the threat of ransomware, data breaches, and other malicious malware attacks, service provider Telecom Italia sought an innovative solution to effectively and efficiently protect the network and data of its business users.
In this case study, you’ll read about how Italy’s largest service provider partnered with Cisco Umbrella to increase value for customers and accelerate their revenues with cloud security.
Today’s security appliances and agents must wait until malware reaches the perimeter or endpoint before they can detect or prevent it. OpenDNS arrests attacks earlier in the kill chain. Enforcing security at the DNS layer prevents a malicious IP connection from ever being established or a malicious file from ever being downloaded. This same DNS layer of network security can contain malware and any compromised system from exfiltrating data. Command & control (C2) callbacks to the attacker’s botnet infrastructure are blocked over any port or protocol. Unlike appliances, the cloud service protects devices both on and off the corporate network. Unlike agents, the DNS layer protects every device connected to the network — even IoT. It is the easiest and fastest layer of security to deploy everywhere.
Users are working off-hours, off-network, and off-VPN. Are you up on all the ways DNS can be used to secure them? If not, maybe it’s time to brush up. More than 91% of malware uses DNS to gain command and control, exfiltrate data, or redirect web traffic. Because DNS is a protocol used by all devices that connect to the internet, security at the DNS layer is critical for achieving the visibility and protection you need for any users accessing the internet. Learn how DNS-layer security can help you block threats before they reach your network or endpoints.
You are doing everything you can to avoid breaches. But what happens when a hacker manages to bypass your security? In this webinar we will show you how to build a strong security posture and a layered defence that will give you the ability to quickly respond to breaches. We will cover: - The evolving threat landscape and why prevention-only strategies eventually fail - How to build a strong first line of defence to reduce exposure to threats - Protect your last line of defence with retrospective security - A quick demo of how Cisco Umbrella and AMP for Endpoints work together to contain, detect and remediate threats in real time - An overview of how Incident Response Services can help you with the skills you need to manage a breach
"Cloud applications provide scale and cost benefits over legacy on-premises solutions. With more users going direct-to-internet from any device, the risk increases when users bypass security controls. We can help you reduce this risk across all of your cloud and on-premises applications with a zero-trust strategy that validates devices and domains, not just user credentials.
See why thousands of customers rely on Duo and Cisco Umbrella to reduce the risks of data breaches and improve security. Don’t miss this best-practices discussion focused on the key role DNS and access control play in your zero-trust security strategy.
Attendees will learn how to:
? Reduce the risk of phishing attacks and compromised credentials
? Improve speed-to-security across all your cloud applications
? Extend security on and off-network without sacrificing usability"
Regardless of whether your data resides on-premises, in the cloud, or a
combination of both, you are vulnerable to security threats, data breaches,
data loss, and more. Security is often cited as a concern for organizations
who are migrating to the public cloud, but the belief that the public cloud
is not secure is a myth. In fact, the leading public cloud service providers
have built rigorous security capabilities to ensure that your applications,
assets, and services are protected. Security in the public cloud is now
becoming a driver for many organizations, but in a rapidly evolving
multicloud environment, you must keep up with changes that might
impact your security posture.
This eBook outlines the three core recommendations for cloud security
across Amazon Web Services (AWS), Microsoft Azure, and Google
Public clouds have fundamentally changed the way organizations build,
operate, and manage applications. Security for applications in the cloud
is composed of hundreds of configuration parameters and is vastly
different from security in traditional data centers. According to Gartner,
“Through 2020, at least 95% of cloud breaches will be due to customer
misconfiguration, mismanaged credentials or insider theft, not cloud
The uniqueness of cloud requires that security teams rethink classic
security concepts and adopt approaches that address serverless, dynamic,
and distributed cloud infrastructure. This includes rethinking security
practices across asset management, compliance, change management,
issue investigation, and incident response, as well as training and
We interviewed several security experts and asked them how public
cloud transformation has changed their cloud security and compliance
responsibilities. In this e-book, we will share the top
Each year it seems pharmacy costs are taking a larger bite out of businesses like yours. We’re here to relieve some of the burden and help you reach your business goals by putting the sound advice you need right at your fingertips.
Even after decades of industry and technology advancements, there still is no universal, integrated storage solution that can reduce risk, enable profitability, eliminate complexity and seamlessly integrate into the way businesses operate and manage data at scale? To reach these goals, there are capabilities that are required to achieve the optimum results at the lowest cost. These capabilities include availability, reliability, performance, density, manageability and application ecosystem integration? This paper outlines a better way to think about storing data at scale—solving these problems not only today, but well into the future?
2017 and 2018 were not easy years to be a CIO or CISO, and 2019 isn’t showing any signs of being easier. With so many career-ending-level data breaches in 2017 (e.g., Equifax, Uber, Yahoo, to name a few) and with the stronger regulatory requirements worldwide, CIOs/CISOs have a corporate responsibility to rethink their approach to data security. Regulatory compliance aside, companies have a responsibility to their customers and shareholders to protect data, and minimize its exposure not only to external attackers but also to employees. The most common method of data breach in 2017 was a phishing email sent to a company’s internal employees (See 2017 Data Breach Investigation Report), This makes employees unwillingly complicit in the data breach. Over 80% of successful cyberattacks have a critical human element that enabled them. The average employee who opens the innocent-looking attachment or link, is unintentionally jeopardizing a company’s data. While there is no 100% protection, th
With the right plan in place, everything from growth and stability to a
whole new business model is within reach. Setting out a clear plan, with
achievable goals and a basic timeline, can put you on the fast track to
meeting and exceeding your business goals.
In this eBook, we’re curating the best industry expertise to help you design
and implement a business plan agile enough to grow or pivot with your
Published By: Flexential
Published Date: Jul 17, 2019
The hybrid cloud has arrived for the enterprise, but it comes with a complication: the speed of light. Between the cloud and the end user (including IoT devices that count as ‘users’), there is an emerging need for an intermediate environment that can satisfy real-time compute requirements without incurring the latency of reaching all the way to the cloud. ‘Edge compute’ is the phrase used to describe what covers this middle ground, but the optimal location for edge compute resources remains open to question.
Published By: Iovation
Published Date: Aug 02, 2019
We see a counterintuitive future whereby better security no longer means a more complicated or cumbersome user experience. We see a future in which users happily take control of their privacy, out-of-band mobile MFA is the norm, and nobody suffers the fallout from the last major credential breach. This future is free of sticky notes with scribbled codes and centralized credential stores. Indeed, it’s free of passwords altogether.
We get it: there are only so many hours in your day. If there were a competition for the busiest team at any company, the HR/Benefits team would reach the podium every time. But it’s time to stop procrastinating and add data to your toolbelt. In this guide, you’ll learn:
• How to find cost savings using a benefits data solution
• Real-world examples of how data helped employees lead healthier lives
• Why data is crucial for staying ahead of benefits industry trends
By the time most customers reach a human employee with a question, chances are they have
already researched online or tried to self-serve. This means employee transformation is required
to develop more sophisticated employees in the age of automation to solve more advanced
Because front-line jobs are becoming more complex, employees need to be tactical, technical, and
ready to emotionally handle these new types of interactions.
Recently, Lamont Exeter, head of Learning & Development at TTEC Digital, teamed up with Tim
Duranleau of SAP Litmos in a webinar to discuss ways that companies can combine learning
and technology to create more sophisticated employees. Below are some key highlights from
Credit Union Times is the nation's leading independent source for breaking news and analysis for credit union leaders. For more than 20 years, Credit Union Times has set the standard for editorial excellence and ethical, straight-forward reporting.