CIO Asia

What is the cyber kill chain? Why it’s not always the right approach to cyber attacks

As an infosec professional, you’ve likely heard about using a cyber kill chain, also known as a cyber attack lifecycle, to help identify and prevent intrusions. Attackers are evolving their methods, which might require that you look at the cyber kill chain differently. What follows is a recap of what the cyber kill chain approach

What is the cyber kill chain? Why it’s not always the right approach to cyber attacks Read More »

Unlimited DDoS protection the new norm after Cloudflare announcement

Late last month, global distributed denial of service (DDoS) protection provider Cloudflare announced that it would no longer charge customers extra when they were under attack. The company claims to have nearly 10 million customers and a presence in 117 cities around the world, with enough capacity to handle more than 15 terabits of traffic

Unlimited DDoS protection the new norm after Cloudflare announcement Read More »

What is a fileless attack? How hackers invade systems without installing software

“We see it every day,” says Steven Lentz, CSO at Samsung Research America. “Something coming through, some exploit type, unknown ransomware. We’ve stopped several things with our defenses, either network-wise or at the end point.” The attacks that Lentz is worried about are fileless attacks, also known as zero-footprint attacks, macro, or non-malware attacks. These

What is a fileless attack? How hackers invade systems without installing software Read More »

Is universal end-to-end encrypted email possible (or even desirable)?

People expect their email to be private between them and the recipient, but in reality, the contents of your email are exposed during transmission. Full end-to-end encryption would  mean that only the receiver of the email can decrypt their messages, but sharing public keys and agreeing on a common encryption standard can be tricky for

Is universal end-to-end encrypted email possible (or even desirable)? Read More »

Two years after the OPM data breach: What government agencies must do now

The Office of Personnel Management breach in June 2015 was a big wake up call to our federal government, and, in its wake, a number of initiatives were launched to improve the government’s cybersecurity posture. Despite several concrete improvements, progress has stalled in some areas, as demonstrated by a series of assessments conducted since the

Two years after the OPM data breach: What government agencies must do now Read More »

With new dynamic capabilities, will whitelisting finally catch on?

Everybody knows and hates whitelisting. Employees are only allowed to install approved software on their desktops and laptops, so they’re always complaining and asking for exceptions. Management eventually gets fed up with it and stops the experiment. For mobile devices, enterprises have a number of tools at their disposal, including mobile device management. In addition,

With new dynamic capabilities, will whitelisting finally catch on? Read More »

Few firms will be ready for new European breach disclosure rules, fines

The new European General Data Protection Regulation goes into effect next May, with onerous notification requirements and high penalties, but a year might not be enough for firms to get ready.Recent surveys show that most companies are not prepared for the regulations. According to a recent SailPoint survey, 80 percent see GDPR as a priority,

Few firms will be ready for new European breach disclosure rules, fines Read More »