A company's own employees are a significant factor in the majority of data breaches, either through malicious activity or avoidable mistakes, say two new studies, but companies aren't doing enough to address this issue.
Forget credit card numbers. The hot new data for the modern bad guy is the electronic health record, which is not only worth more on the black market, but is easier to get.
In the latest Internet of Things security blunder, personal weather station devices made by Netatmo were found sending users' Wi-Fi passwords back to the company over unencrypted connections.
Imagine it's the end of 2015 and you're about to read an expose from a fly on the wall at top closed-room board meetings across the enterprise discussing the state of information security. You're excited, right?
The critical Shellshock vulnerabilities found last month in the Bash Unix shell have motivated security researchers to search for similar flaws in old, but widely used, command-line utilities.
Simply being compliant is not enough to mitigate attacks and protect critical information. Organizations can reduce chances of compromise by shifting away from a compliance-driven approach. This guide provides the Top 20 Critical Security Controls (CSCs) developed by the SANS Institute to address the need for a risk-based approach to security.