Companies want to understand and implement threat hunting practices, but in reality - and with a limited budget - it is not always feasible to do so in-house, given the demand for resources and skills. That's where managed threat hunting enters. More often, organizations want to use that funding to shore up defense...
The insider threat. It could be the malicious insider who intentionally sets out to commit fraud, steal intellectual property or cause damage. Or else it could be the so-called "accidental insider" who makes a mistake or is taken advantage of by an external threat actor. Either way, the business impact is real, and...
Despite the harsh reality that card not present (CNP) fraud is a serious problem that which is only getting bigger, senior management is not giving this issue the attention that it deserves.
Some executives fail to recognize the correlation between fraud management and the organization's overall growth and...
Today's attack surface presents a growing challenge to CISOs looking to understand and reduce their cyber risk. When it comes to IT infrastructure, it's fair to say the perimeter has left the premises. Whether it's discovering short-lived assets (e.g., containers), assessing cloud environments or maintaining web...
While the DevOps model drives digital transformation and the rapid delivery of new software products and services, security teams struggle to keep pace. DevOps processes largely take place outside the purview of information security (InfoSec) and often without their involvement. This whitepaper explores the...
Not only do holiday sales start earlier every year, over the past 20 years we've witnessed the birth of new cyber holidays. Data from previous holiday seasons reveals that shopping behavior and fraud trends are not consistent throughout he holiday season but are in fact comprised of four sub-seasons, each with its...
November 1 ushers in a whole new era of breach notification requirements for Canada. What are the new standards, and how prepared are Canadian organizations? In this edition of Security Agenda, attorney Imran Ahmad of Miller Thomson LLP shares insights. Among them:
"In many ways, Canada had been playing catch-up to...
How Susceptible are Users to Active Threats?
With phishing still the #1 entry point for cyber-attacks, your defenses need to focus on the most pressing threats: active phishing campaigns that are probing your healthcare organization.
This report breaks down the Top 10 threats, with metrics showing how well users...
Although DoS attacks are not a recent phenomenon, the methods and resources available to conduct and mask such attacks have dramatically evolved to include distributed (DDoS) and distributed reflector (DRDoS) attacks that cannot be addressed by traditional on-premise solutions.
Cloudflare's advanced DDoS protection...
For too many organisations, software vulnerability management is just about "patch Tuesday." Vulnerability management has evolved significantly in the past few years. Organisations need to adopt a new strategy focusing on visibility, prioritised response, and mitigation.
When you look back at the wave of...
Building Security in Maturity Model, BSIMM: What is it and How Your Organization Can Leverage the Data
Do you ever wonder whether your software security program is the correct one for your organization? You spend time and money on processes, technology, and people. But how do you know whether the security efforts...
Benchmarking your software security initiative can tell you if you are keeping pace with your peers, or if you should accelerate your efforts to rise above the competition. The results of a benchmarking assessment can help you identify new security strategies and prioritize scarce resources to be most effective....
How has the fraud landscape shifted in the U.S. since the introduction of EMV payment card chip technology?
Well, we all know here has been a reduction in card-present fraud and an increase in card-not-present crimes. But what does this mean to an individual retail CISO?
Shamoun Siddiqui, CISO at retailer Neiman...
A key amendment to Canada's Personal Information Protection and Electronic Documents Act goes into effect on Nov. 1. What are the baseline standards for compliance, and how does this change impact risk transfer and mitigation?
While PIPEDA is not a new law and been on the books for a long time, what is coming is...
This survey report reveals that for many organizations, threat hunting is still new and poorly defined from a process and organizational standpoint. Most are still reacting to alerts and incidents instead of proactively seeking out the threats.
While the act of threat hunting cannot be fully automated, it heavily...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ddos.inforisktoday.com, you agree to our use of cookies.