How a virtual CISO could strengthen your security

With the ever-increasing number of cyberattacks for both financial gains and political purposes, companies, government agencies, and other organizations are forced to deploy and maintain an expanding depth of security controls. This has led to a breadth of oftentimes independent point solutions that aren’t driven by policies and processes and aren’t created by an experienced information security professional.

Many organizations just aren’t large enough to employ a chief information security officer (CISO), and even the ones that can afford it struggle to find qualified candidates. As a result, security falls by the wayside, becomes secondary to other IT operational concerns, and is more reactive than proactive.

That’s why virtual CISOs are growing more popular. These on-demand experts step in to evaluate, maintain, or repair your security, on-site or remotely, working as a flexible addition to your current IT team and offering the security management you may not be able to find yourself.

But not all virtual CISOs are created equal. To help you navigate the different types and functions—and whether they’re right for you at all—we’ve put together some background to guide your search. Continue Reading…

Tags: ,

Penetration testing: Do you need it?

In 2015, American businesses lost a total of $525 million to cyber attacks. Globally, that number shoots into the billions.

The risks of malicious cyber attacks have become more costly and more real. But there are steps you can take to ensure your network, devices, and data are as secure as possible. One of the best ways is penetration testing, in which you simulate attacks to uncover not only the weak points in your security, but the potential damage hackers could inflict through those vulnerabilities.

Some industries require penetration tests as part of compliance; others do them voluntarily. In either case, there are guidelines such as readiness, type, and value that need to be considered before moving forward. Continue Reading…

Tags: ,

Not your father’s antivirus: How new malware detection gives IT a leg up in cybersecurity

IT security is a fundamentally uneven playing field: You have to win every day, but attackers have to win just once. Cyber criminals spend mere pennies compared to the huge investments that organizations make on network defenses, specialized security and compliance systems, and employee education. And IT is always chasing a new target – yesterday’s biggest risk was a Trojan horse, today’s threat is ransomware, but tomorrow’s threat is unknown.

Even IT’s best methods – whitelisting, quarantining, and sandboxing – still can’t prevent the majority of attacks, and they often disrupt employee productivity or increase the burden on IT. So is there a way to prevent malware, like ransomware, even if it’s never been seen before? And can you do so without impacting user productivity? The short answer is yes. Here’s how. Continue Reading…

Tags: , , ,

Is your health care organization prepared for a cyber attack?

healthcare-itRansomware and cybercrime hacking have been two of the most common IT security threats in 2016, but many health care organizations aren’t ready to play defense: Only about 60 percent of surveyed organizations had the security capabilities in place to detect and remediate these attacks.

That’s problematic, of course, but is it surprising? After all, many health care organizations place more importance on HIPAA compliance than security, or they aren’t agile enough to protect themselves against the newest threat. Organizations tend to sink their energy into defending against the latest threat of the day, but lag on improving their entire security architecture. Continue Reading…

Tags: , , , , ,

Don’t lose sensitive data to phishing attacks. Here’s how to educate your employees.

cyber criminalWhat’s the most dangerous security threat? The one your users fall for.

Many of these threats rely on our psychology to trick us into handing over access to valuable and sensitive information. Put another way, criminals use our willingness to help, submission to authority, or ignorance against us. Continue Reading…

Tags: , ,

The SHI Summit: Cut the complexity out of mobile, security, and data center solutions

SHI Summit 2016 BannerWhy do we call it an IT ecosystem? Because everything is interconnected, and one weakness causes ripples up and down your IT environment.

Nothing that affects your network exists in a vacuum; for example, providing every member of the sales force with a tablet might cripple your network while confounding the network administrators and security architects maintaining a secure environment. Whether it’s adopting a mobile strategy, protecting the network from sophisticated security threats, or choosing the right data center solutions, any change will have repercussions throughout your entire environment. Continue Reading…

Tags: , , ,

How E-Rate funding can help schools and libraries secure their wireless networks

erate securitySchool districts across the country just wrapped up the application process for the next round of E-Rate funding, while libraries still have a few weeks until the deadline. As the adoption of mobile devices, tablets, virtual reality, and 3D printers adds pressure to their wireless capabilities, many are planning to expand their networks through the E-Rate program.

But as they do, they should keep in mind that schools and libraries can be breeding grounds for viruses and bugs – security bugs, that is. A growing wireless network poses additional challenges to IT staff, who must think about security as funding helps expand their network. Continue Reading…

Tags: , , , ,

This is why every organization needs adaptive and autonomous security

McAfee adaptive threat preventionMore than 300 new security threats are detected every minute. Ransomware and malware are growing at double-digit rates, and mobile malware grew 72 percent in the last quarter of 2015. In the face of advanced targeted attacks, full vector protection and a timely response are major challenges for security teams across every sector. Most organizations rely on a multi-vendor, siloed security infrastructure in which products don’t communicate with one another, allowing attacks to penetrate gaps and invade a network.

IT security staff shortages and a lack of automated processes create these inefficiencies and lapses in protection. Plus, existing security infrastructures lack integration of the inspection, intelligence gathering, analytics, and enforcement components of an enterprise security architecture. These essential elements constitute the underpinnings of cybersecurity best practices known as the protect, detect, and correct process of incident response.

What’s the solution? Integration. Instead of buying the entire “best of” list (the best end point protection, best firewall, best IPS), organizations should be adopting security systems that talk to each other, regardless of the vendor. Knowing how that works and why it’s necessary will help you further strengthen your IT security. Continue Reading…

Tags: , ,

What today’s IT security looks like in 3 charts

Internet Security Threat ReportThe 21st edition of Symantec’s Internet Security Threat Report (ISTR) was released in April, detailing emerging trends such as the increase in malware, the rise of mega data breaches, and an uptick in ransomware.

The data presented in the ISTR comes from Symantec’s Global Intelligence Network, which monitors threat activity in over 157 countries and is made up of 63.8 million attack sensors that record thousands of events per second.

The ISTR highlights some eye-opening security breakdowns: In 2015 alone, ransomware increased 35 percent, more than 100 million fake technical support scams had to be blocked, and vulnerabilities were found in 75 percent of all websites. And because the Internet of Things and smart devices are expected to grow to more than 20 billion units by 2020, the “insecurity of things” remains a huge risk.

A strong security strategy must be a top priority for organizations and their employees alike. Here are three areas in particular that deserve special focus. Continue Reading…

Tags: , ,

The ailments and issues that health care IT professionals are most concerned about

health care ITThe operating room is the convergence of intelligence and technology. The computers, devices, and software that make up the operating room and your doctor’s office, as well as the latest trends in health care, were on full display at HIMSS 2016 in Las Vegas earlier this month. This year’s conference was attended by more than 45,000 health care IT professionals who were ready, willing, and eager to learn how to collaborate better and improve patient care through IT solutions.

Throughout the conference I met with people from all areas of health care — from providers to payers to vendors. Here are three key takeaways. Continue Reading…

Tags: , , ,