For over 2000 years, governments, armies, businesses and lovers have been encrypting messages. For the same amount of time, the keys used to perform the encryption have been the weakest link in the chain. After 2000 years, technology has advanced such that the keys can be protected but many companies don't understand...
APIs ubiquitous in the enterprise today, being exposed to customers, partners and applications. But because they are relied on so heavily, they also are targeted by cybercriminals.
There are more attacks over APIs than on traditional web channels primarily because it's simply easier to attack these...
Access and analyze suspicious or malicious content without exposing your resources or your identity.
Reinforce your Open Source Intelligence (OSINT) skills with a combination of real-world research tips and techniques:
Leverage cross-functional open and dark web research techniques outlined by our military, law...
Cyber Threat Intelligence (CTI) isn't the exclusive domain of specialized organizations anymore. Yet many CTI practitioners - the analysts, researchers and threathunters who collect and manage Open Source Intelligence (OSINT) gleaned from the open, deep and Dark Web - report a lack of training, tools and internal...
Digital transformation is driving utilization of third parties, which can introduce significant risk to your organization. In fact, over 60% of breaches today are linked to a third-party. With this stat in mind, it's no wonder that a multitude of potential third-party cyber risk management (TPCRM) solutions have been...
A quarter of financial institutions experienced at least one spear-phishing or business email compromise attack in 2019 where user credentials were compromised and/or fraud was committed. These attacks also often resulted in intellectual property and physical damage.
Yet, nearly half of institutions surveyed state...
As COVID-19 spread in the spring of 2020, organizations around the world have scrambled to enable a remote workforce, acting in "firefighting" mode and laser-focused on business continuity. But as the new normal settles in, digital transformation is rising as a critical - if altered - priority, and security teams need...
Organizations can no longer simply hire vendors without proof of a strong cyber posture, and a comprehensive questionnaire can demonstrate that vendors' internal security policies are up to par.
Yet not all questionnaires are the same. The benefits of automated questionnaires can vary, depending on the...
The cost of not complying with the California Consumer Privacy Act (CCPA) is high. This leaves companies open to the possibility of substantial financial penalties through its users. IT professionals must understand why it's important for vendors to comply with CCPA, and why those that do not can be an unacceptable...
We typically think of supply chain attacks as stealthy attacks on hardware components, such as malware on laptops and network devices. But this particular supply chain attack was an attack on a service provider.
Download this case study to learn how to quickly mitigate third-party security risks.
According to the VMware Carbon Black Threat Analysis Unit (TAU), retail organizations may see a noticeable spike in attempted cyberattacks during the holiday season. This guide is an introduction to the world of cybersecurity-it's history, language and resources-so you can further educate yourself on this rapidly...
The "human factor" has become a key discussion point in the cyber security community; the humans behind both threats and security have been sorely overlooked. Even the CISO, the conductor at the head of every security team, has been an elusive figure.
Nominet interviewed 400 CISOs and 400 C-Suite executives on the...
When it comes to the organization's overall security posture, which includes the technology stack but also incorporates elements such as procedures, processes and human behaviors, the confidence of the security professionals we interviewed was far from strong. In fact, 70% expressed some sort of dissatisfaction,...
The UK Public Sector DNS Service is one of the NCSC's most widely deployed Active Cyber Defence capabilities across the public sector to date. The NCSC has partnered with Government Digital Services (GDS) and Nominet to provide the Protective DNS service.
Download this infographic for a statistical summary from...
Step out of the server room and into the boardroom.
The role of the CISO is evolving dramatically. Today's CISOs need to possess technical skills and business acumen, plus the ability to communicate complex issues to non-technical board members.
This eBook provides practical solutions to help you thrive as a...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ffiec.bankinfosecurity.com, you agree to our use of cookies.
