Evolving your security operations strategy to fit the cloud

By Oliver Pinson-Roxburgh, Alert Logic

The decision to move to the cloud may seem an obvious one. It’s faster, more scalable, and more agile. However, security remains a concern, and rightly so. The foundational infrastructure delivered by cloud providers is secure, but guaranteeing the protection of the applications, workloads, and data you run on top of it is your responsibility—and it isn’t one to be taken lightly.

A traditional on-premises security operations strategy simply won’t cut it anymore. In its place, you need a cloud-specific security strategy to protect your critical data from an ever-growing variety of advanced threats. Outlined in this article are four elements for any security official to consider when making the jump to a cloud system. Continue reading

Advertisements

After the CIA leaks, cybersecurity should be everyone’s business

Last week, WikiLeaks dropped a bombshell on intelligence agencies by publishing a trove of classified documents dubbed “Vault 7.” The revelations gave a damning account of government surveillance powers and hacking capabilities.

It was also a testament to how vulnerable the increasing number of Internet-connected devices we own can make us. And if you think you shouldn’t worry about what hacking capabilities the feds have, think again. Three-letter-agencies aren’t the only ones who are looking for security holes in hardware and software.

As with every hack that makes noise, the Vault 7 leak is associated with new facts, old misunderstandings and some very important lessons. Here’s what you need to know about the latest batch of information that WikiLeaks has spilled into cyberspace. Continue reading

Why are public WiFi networks insecure?

Public WiFi network

If you follow tech and cybersecurity news, this is something that you see a lot: Public WiFi networks, the free wireless networks found at hotels, airports and cafes, are unsafe and can cut you some major cyberslack.

As is the case with most threats, when something is publicized a lot, people tend to become less sensible and ignore it. It becomes common belief that the danger will mostly apply to other people and not me. (This is one of the weirdest aspects of human nature, finding one’s security in the insecurity of others.) Continue reading

Dealing with social engineering at times of uncertainty

Protest

Human failure is the single biggest contributing factor to security incidents, hacks and data breaches. Social engineers, cybercriminals that invest in human errors rather than technical vulnerabilities, are always on the lookout for exclusive opportunities to incite strong feelings in their targets and prod them to make a fatal mistake.

The anxiety and uncertainty surrounding the immigration ban in the U.S. provides the perfect climate for social engineering attacks, a fact that is largely ignored while the political aspects of the ban are being highlighted and fanned with ample frequency by the media. Continue reading

Zeltser: How to meet future cybersecurity challenges

lenny-zelster

Cybersecurity is one of the most fluid and changing fields of the tech industry. Every year, new threats and challenges emerge, outpacing past records and expectations. In this respect 2016 was no different. But as online services become more and more prominent and critical to our daily lives and businesses, being able to respond to threats before they deal their damage becomes more critical.

Case in point: The October 21 DDoS attack against Dyn cut millions of users from popular services such as Twitter and Netflix. That is something that most people can shrug off. But what happens when our cars, homes, hospitals and power grids depend on the correct functionality of our digital and online systems?

Cybersecurity expert Lenny Zeltser believes that new approaches to fighting malware can give a leg up in fighting cyberattacks and help organizations stay ahead of cybercriminals. Continue reading

This is how you encrypt your entire life

encryption

Man in the middle attacks. Social engineering. Large scale data breaches. Government surveillance. Device theft. Those are just some of the threats standing in your way as you try to carry on a safe digital life.

APTs. Three letter agencies. Script kiddies. State-sponsored hackers. Cybercrime rings. Data-hungry corporations. Jealous coworkers. Disgruntled employees.

And those are just some of the sources that those threats might come from.

The point is, as more of our lives become digitized and stored on computers and online servers, our data becomes more valuable and makes us more vulnerable to cyberattacks. Continue reading

What is Full-Disk Encryption (FDE)?

Full-Disk Encryption

If you think someone without your desktop login won’t be able to access your computer’s files, think again. Anyone with mediocre IT skills can take your your hard disk, plug it as a secondary drive to another computer, and extract your files.

So how can you protect your files from hackers?

One option would be to encrypt your sensitive files manually or avoid storing them on your computer altogether and lock them away in a safe cloud. An alternative is to use Full-Disk Encryption (FDE), a technique that scrambles everything stored on your computer and makes it only accessible to the person with the decryption key. Continue reading