Risk management

A successful risk management plan helps enterprises identify, plan for and mitigate potential risks. Learn about the components of risk management programs, including penetration tests, vulnerability and risk assessments, frameworks, security awareness training and more.

Top Stories

News 02 Dec 2022
Experts argue 'sludge' could muck up cyber attacks

Network defenders can supplement their security postures with additional settings and policies that frustrate and discourage attackers, according to a new research paper. Continue Reading
Tip 18 Nov 2022
Top metaverse cybersecurity challenges: How to address them

As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them. Continue Reading

Guest Post 17 Nov 2022

Do companies need cyber insurance?

As cyber insurance costs rise, companies must determine whether they truly need cyber insurance to tackle their increased risk of cyber attacks. Continue Reading
News 10 Nov 2022

Flashpoint launches new 'ransomware prediction model'

Flashpoint's new model assigns a 'ransomware likelihood' rating for vulnerabilities contained in the VulnDB database, which contains more than 300,000 flaws. Continue Reading
Tip 10 Nov 2022

How to perform a cybersecurity risk assessment in 5 steps

This five-step framework for performing a cybersecurity risk assessment will help your organization prevent and reduce costly security incidents and avoid compliance issues. Continue Reading
Answer 04 Nov 2022

The 7 core pillars of a zero-trust architecture

Learn how Forrester's seven pillars of zero trust model can help IT leaders identify, organize and implement the appropriate cybersecurity tools for a zero-trust framework. Continue Reading
Tip 01 Nov 2022

Ideal CISO reporting structure is to high-level business leaders

CISOs usually report to a high-level executive, but reporting to a top-level business executive like the CEO rather than a technology executive protects the business best. Continue Reading
Feature 28 Oct 2022

Enterprise ransomware preparedness improving but still lacking

An Enterprise Strategy Group survey found enterprises are making strides in ransomware preparedness, but work remains to prevent and mitigate attacks. Continue Reading
Tip 25 Oct 2022

Top security-by-design frameworks

Following a security-by-design framework, or designing one specific to your company, is key to implanting security into every step of the software development lifecycle. Continue Reading
Guest Post 14 Oct 2022

The role of transparency in digital trust

To retain digital trust, organizations must be transparent in the aftermath of cybersecurity attacks and data breaches. Learn more about the roles of transparency in trust. Continue Reading
Feature 11 Oct 2022

LinkedIn scams, fake Instagram accounts hit businesses, execs

Even the most secure business and executive social media accounts that have strong passwords and multifactor authentication are vulnerable to cloning schemes. Continue Reading
Answer 30 Sep 2022

Top 6 benefits of zero-trust security for businesses

The zero-trust security model demands infosec leaders take a holistic approach to IT infrastructure security. Learn about the top six business benefits of zero trust here. Continue Reading
Tip 15 Sep 2022

Use shadow IT discovery to find unauthorized devices and apps

Shadow IT may be convenient for users, but it isn't for IT -- especially where security is concerned. Shadow IT discovery finds unmanaged devices and apps. Continue Reading
Tip 14 Sep 2022

How to connect cyber-risk and climate risk strategies

Every business faces two global systemic risks: cybersecurity and climate change. Learn how to integrate these two areas of risk management for greater business resilience. Continue Reading
Feature 09 Sep 2022

The ultimate guide to cybersecurity planning for businesses

This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks. Continue Reading
News 01 Sep 2022

Researcher unveils smart lock hack for fingerprint theft

An academic researcher demonstrated how IoT smart locks could become tools for attackers to covertly steal fingerprints and potentially access more sensitive personal data. Continue Reading
Tip 01 Sep 2022

Cybersecurity budget breakdown and best practices

Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
Tip 31 Aug 2022

Remote work cybersecurity: 12 risks and how to prevent them

Expanding attack surfaces, increasing vulnerabilities and overstressed staffs are among a litany of security risks whose ultimate cure requires more than an ounce of prevention. Continue Reading
Guest Post 24 Aug 2022

Cybersecurity governance: A path to cyber maturity

Organizations need cybersecurity governance programs that make every employee aware of the cybersecurity mitigation efforts required to reduce cyber-risks. Continue Reading
Tip 18 Aug 2022

5 reasons to integrate ESG and cybersecurity

Every business faces global systemic risks, yet most have failed to integrate cybersecurity with ESG programs. Here are five reasons why integration makes good business sense. Continue Reading
News 18 Aug 2022

Russian cyber attacks on Ukraine driven by government groups

Researchers with Trustwave say the cyber attacks against Ukraine are not the work of enlisted private hacking groups but Russian government intelligence agencies. Continue Reading
Tip 17 Aug 2022

How to create a threat profile, with template

Read five key steps on how to create a threat profile, and get started making them customized to your organization with our free template. Continue Reading
Tip 16 Aug 2022

How to ensure a secure metaverse in your organization

Before deploying your company's metaverse, follow these practices -- including inventorying vulnerabilities and developing T&Cs -- to proactively address metaverse security issues. Continue Reading
News 16 Aug 2022

For cyber insurance, some technology leads to higher premiums

Though cyber insurance demand is exceeding supply and companies might receive less coverage with higher premiums, experts say there are ways enterprises can reduce risk. Continue Reading
News 16 Aug 2022

Zero Day Initiative seeing an increase in failed patches

In a Q&A with TechTarget Editorial, Trend Micro Zero Day Initiative's Brian Gorenc and Dustin Childs discuss incomplete patches and the value of personal researcher relations. Continue Reading
Tip 16 Aug 2022

5 tips for building a cybersecurity culture at your company

As a company's cyber risks evolve, so must its culture. Here are five tips for creating a cybersecurity culture that protects the business and is meaningful for employees. Continue Reading
Tip 15 Aug 2022

Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
News 11 Aug 2022

Researchers reveal Kubernetes security holes, prevention

Researchers with Palo Alto Networks took the stage at Black Hat to explain how configurations and system privileges in Kubernetes clusters can allow container escape and takeover. Continue Reading
News 11 Aug 2022

Zero Day Initiative launches new bug disclosure timelines

The Trend Micro Zero Day Initiative's vulnerability disclosure policy will now mandate shorter disclosure windows for flaws believed to result from bypassed security patches. Continue Reading
News 10 Aug 2022

Chris Krebs: It's still too hard to work with the government

Former CISA Director Chris Krebs offered multiple areas of improvement to the U.S. government's cyber readiness during a Black Hat 2022 keynote. Continue Reading
Tip 05 Aug 2022

5 data security challenges enterprises face today

Data empowers enterprises to succeed. But with great power comes great responsibility -- to keep that data secure. Here are five challenges today's businesses must meet. Continue Reading
Feature 05 Aug 2022

Cybersecurity lessons learned from COVID-19 pandemic

Cybersecurity lessons companies learn from the COVID-19 pandemic include having work-from-home preparations and developing disaster recovery and business continuity plans. Continue Reading
Tip 02 Aug 2022

Data masking vs. data encryption: How do they differ?

Discover how the data security techniques of data masking and data encryption compare, while also learning about different types of both and their use cases. Continue Reading
Tip 29 Jul 2022

SSH key management best practices and implementation tips

SSH connects key systems and the people and processes necessary to keep them functioning. Learn how to use SSH key management best practices to protect your systems and network. Continue Reading
Feature 20 Jul 2022

VMDR: Inside vulnerability management, detection and response

VMDR offers automated asset identification, threat prioritization and patch management. But do companies need another vulnerability management tool? Continue Reading
News 13 Jul 2022

Supreme Court justices doxxed on dark web

Five conservative Supreme Court justices were reportedly doxxed by threat actors that claim to have obtained credit card numbers, addresses and other information. Continue Reading
Feature 08 Jul 2022

Top 7 types of data security technology

These seven types of data security technologies -- from encryption to masking -- will better protect customer and enterprise data from inappropriate and unauthorized access and use. Continue Reading
News 07 Jul 2022

Early detection crucial in stopping BEC scams

Cofense Intelligence studied hundreds of business email compromise attacks and found that most scams attempt to establish trust with targeted employees over multiple emails. Continue Reading
Feature 05 Jul 2022

How to define cyber-risk appetite as a security leader

In this excerpt from 'The CISO Evolution: Business Knowledge for Cybersecurity Executives,' learn how to define and communicate an enterprise's true cyber-risk appetite. Continue Reading
News 30 Jun 2022

SANS Institute: Human error remains the top security issue

The SANS Institute's annual report on security awareness found that human risk is still the biggest source of data breaches and security issues for enterprises. Continue Reading
Tip 29 Jun 2022

How to conduct a cyber-resilience assessment

It's a good cyber hygiene practice to periodically review your organization's cybersecurity plans and procedures. Use this checklist to guide your cyber-resilience assessment. Continue Reading
Tip 24 Jun 2022

Top 4 best practices to secure the SDLC

NIST's Secure Software Development Framework is a set of practices for mitigating software vulnerabilities. Learn about the top SDLC best practices included in this framework. Continue Reading
News 22 Jun 2022

Proofpoint: Social engineering attacks slipping past users

Executives, administrators and network defenders overlook the severity of many of the most effective social engineering tools, Proofpoint cautions. Continue Reading
Guest Post 21 Jun 2022

How to address security risks in GPS-enabled devices

GPS-enabled devices not only pose personal risks but also pose risks to organizations. Learn about the security risks associated with tracking devices and how to address them. Continue Reading
News 20 Jun 2022

Cleveland BSides takes heat for Chris Hadnagy appearance

The Cleveland BSides security conference is experiencing turmoil after booking a 'surprise' keynote speaker who was recently barred from DEF CON for misconduct. Continue Reading
News 17 Jun 2022

Hertzbleed disclosure raises questions for Intel

Hertzbleed, a family of new side-channel attacks, was first reported to Intel in the third quarter of 2021, and it's unclear why it was kept under embargo for so long. Continue Reading
News 08 Jun 2022

SANS lists bad backups, cloud abuse as top cyberthreats

A panel of experts from the SANS Institute took the stage at RSA Conference 2022 to weigh in on some of the biggest threats and risks facing security teams. Continue Reading
News 07 Jun 2022

Microsoft flags common pitfalls for cyber insurance

Cyber insurance is getting more expensive and tougher to acquire. At RSA Conference 2022, Microsoft's Cynthia James discussed the common mistakes made when obtaining coverage. Continue Reading
News 07 Jun 2022

Ransomware Task Force calls for better incident reporting

Michael Phillips, co-chair of the Ransomware Task Force and chief claims officer at Resilience, pointed to a 'data gap' that prohibits a complete picture of the ransomware problem. Continue Reading
News 07 Jun 2022

DNI Avril Haines: Cybersecurity is getting harder

During her RSA Conference 2022 keynote, the U.S. Director of National Intelligence discussed the increase in cyber threats, from nation-state attacks to commercial hacking tools. Continue Reading
Feature 01 Jun 2022

Implementing wireless security in the enterprise

Learn how to properly secure your enterprise wireless network while considering UX, zero trust and commonly overlooked architectural mistakes. Continue Reading
Feature 01 Jun 2022

How to design architecture for enterprise wireless security

Learn about a five-phase design methodology that will help your company plan for and create an enterprise wireless security architecture. Continue Reading
Tip 26 May 2022

Top 4 source code security best practices

Software supply chain attacks are on the rise. Follow these source code best practices to protect both in-house and third-party code. Continue Reading
News 26 May 2022

'Pantsdown' BMC vulnerability still present in Quanta servers

Eclypsium found that a critical security flaw first disclosed in 2019 remains exposed in many internet-facing servers, leaving networks at risk for remote code execution attacks. Continue Reading
Tip 25 May 2022

Prepare for deepfake phishing attacks in the enterprise

Deepfake phishing has already cost at least one company $243,000. Learn how cybersecurity leaders can train users to recognize this emerging attack vector. Continue Reading
Feature 24 May 2022

Why using ransomware negotiation services is worth a try

If stakeholders decide to pay ransomware demands, using a ransomware negotiation service could improve the situation's outcome and lower the payout. Continue Reading
Tip 19 May 2022

How to conduct a cyber-war gaming exercise

A successful cyber-war game can help organizations find weaknesses in their system but only if the right participants are involved and an after-action review is completed. Continue Reading
News 17 May 2022

North Korean IT workers targeting US enterprises

North Korean nationals are looking to land jobs at U.S. and European companies to collect sensitive data that could help the reclusive government's military programs. Continue Reading
Feature 02 May 2022

Do phishing simulations work? Sometimes

Phishing simulations are becoming increasingly popular to pinpoint which employees fall victim to scams, but their effectiveness and morality have been called into question. Continue Reading
Feature 28 Apr 2022

Case study: Why it's difficult to attribute nation-state attacks

If two attacks look similar, don't assume they're from the same attacker. It's difficult to attribute nation-state attacks, as evidenced by the notorious 2016 Odinaff malware. Continue Reading
Feature 28 Apr 2022

Tips for using a threat profile to prevent nation-state attacks

Is your organization concerned about state-sponsored attacks? Threat profiling can help prevent nation-state attacks. Get advice on how to create an effective threat profile. Continue Reading
News 28 Apr 2022

Phishing attacks benefiting from shady SEO practices

Cybercriminals running phishing operations are now making use of SEO specialists that break Google's rules to get themselves placed above legitimate search results to lure victims. Continue Reading
Feature 27 Apr 2022

How to conduct Linux privilege escalations

Learn how to conduct Linux kernel exploitation with Metasploit and manually, as well as how to identify vulnerabilities on Linux using enumeration scripts. Continue Reading
Feature 27 Apr 2022

Why companies should focus on preventing privilege escalation

If attackers can elevate privileges once inside a system, their access can be unlimited. Discover common privilege escalation techniques and how to mitigate them. Continue Reading
Tip 27 Apr 2022

Best practices for creating an insider threat program

A thorough insider threat program includes plan preparation, threat assessment, and plan review and renewal. Learn how to implement this three-step model to protect your company. Continue Reading
Feature 22 Apr 2022

An introduction to binary diffing for ethical hackers

Binary diffing is a useful tool in the ethical hacker's arsenal. This excerpt teaches aspiring penetration testers and red teamers how to get started. Continue Reading
Feature 22 Apr 2022

Unethical vulnerability disclosures 'a disgrace to our field'

The cybersecurity field needs more people who use their powers for good, the lead author of Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition says. Continue Reading
News 21 Apr 2022

Zero-day vulnerability exploitation soaring, experts say

Researchers with Mandiant and Google Project Zero say they observed significant increases in exploitation of zero-day vulnerabilities over the past year. Continue Reading
Tip 21 Apr 2022

7 best practices for Web3 security risk mitigation

Tech builders and businesses evaluating decentralized technologies should keep these seven Web3 security best practices in mind to help mitigate traditional and novel cyber threats. Continue Reading
Tip 20 Apr 2022

Traditional IT vs. critical infrastructure cyber-risk assessments

When it comes to critical infrastructure cybersecurity, the stakes are uniquely high. Assessing associated cyber-risk, in turn, is uniquely challenging. Continue Reading
Tip 20 Apr 2022

EDR vs. XDR vs. MDR: Which does your company need?

Explore the differences and similarities between EDR vs. XDR vs. MDR and the role they play to help improve behavioral analysis for better threat response. Continue Reading
News 15 Apr 2022

Corvus: Ransomware costs, ransom payments declining

Cyber insurance provider Corvus examined how the cost of ransomware attacks declined over the past year and a half and what it means for different industries moving forward. Continue Reading
Opinion 14 Apr 2022

Making sense of conflicting third-party security assessments

Third-party security assessments from different sources may not always agree, but that doesn't mean they can be ignored. Learn how Mitre ATT&CK can provide perspective. Continue Reading
News 12 Apr 2022

Ukraine energy grid hit by Russian Industroyer2 malware

The 2016 malware known as 'Industroyer' has resurfaced in a new series of targeted attacks against industrial controller hardware at a Ukraine power company. Continue Reading
News 05 Apr 2022

German authorities behead dark web Hydra Market

Police in Germany raided facilities hosting the infamous Hydra Market site as part of an international effort to crack down on dark web forums and marketplaces. Continue Reading
Feature 05 Apr 2022

How effective is security awareness training? Not enough

Annual security awareness trainings do little to improve security. Learn why they aren't helpful, and discover steps to improve your organization's training program. Continue Reading
News 29 Mar 2022

Rapid7 finds zero-day attacks surged in 2021

Cybercriminals are turning bugs into exploits faster than ever, according to Rapid7, which found that the average time to known exploitation dropped 71% last year. Continue Reading
Feature 29 Mar 2022

Cryptocurrency cyber attacks on the rise as industry expands

Consumers, businesses and governments are finding new ways to use cryptocurrency, but a recent string of cyber attacks has highlighted security risks and shortcomings. Continue Reading
Tip 25 Mar 2022

6 types of insider threats and how to prevent them

From disgruntled employees to compromised users to third-party vendors, here are six types of insider threats and best practices to mitigate the issues. Continue Reading
News 24 Mar 2022

North Korean hackers exploited Chrome zero-day for 6 weeks

Google researchers say a Chrome zero-day bug stemming from a use-after-free error was exploited by North Korean hackers against both media and financial targets earlier this year. Continue Reading
News 16 Mar 2022

LokiLocker ransomware crew bursts onto the scene

The mysterious LokiLocker ransomware group caught the attention of BlackBerry researchers, who say the outfit could become the next cybercrime group to menace enterprises. Continue Reading
Tip 15 Mar 2022

Top 3 Web3 security and business risks

The third iteration of the internet is quickly coming to fruition. With Web3 comes an evolution in business risks, however, as well as susceptibility to traditional risks. Continue Reading
News 14 Mar 2022

Cyber insurance war exclusions loom amid Ukraine crisis

Changes in insurance exemptions for acts of war reflect an increase in damages caused to enterprises related to state-sponsored cyber attacks. Continue Reading
Tip 11 Mar 2022

How to write an information security policy, plus templates

Infosec policies are key to any enterprise security program. Read up on types of security policies and how to write one, and download free templates to start the drafting process. Continue Reading
Answer 10 Mar 2022

Use microsegmentation to mitigate lateral attacks

Attackers will get into a company's system sooner or later. Limit their potential damage by isolating zones with microsegmentation to prevent lateral movement. Continue Reading
News 09 Mar 2022

Immersive Labs: Average cyberthreat response takes 96 days

Immersive Labs' Cyber Workforce Benchmark found that some critical threats, including a zero-day vulnerability, took an average of six months to fully address. Continue Reading
Feature 03 Mar 2022

How to stop malicious or accidental privileged insider attacks

How many permissions or privileges a user has will affect how big of an insider threat they are. Discover the issues surrounding privileged users and how to curtail these threats. Continue Reading
Guest Post 25 Feb 2022

4 tips for selecting cybersecurity insurance

Choosing a cybersecurity insurance provider can be a daunting and complex task. Follow this advice to select the best policy -- and provider -- for your business. Continue Reading
News 24 Feb 2022

New tech, same threats for Web 3.0

Emerging technologies are prone to old-school social engineering attacks and credential-swiping techniques, according to Cisco Talos researchers who analyzed the new platforms. Continue Reading
Tip 23 Feb 2022

Crosswalk cloud compliance to ensure consistency

Combining a risk management framework with security policies can be tricky, but crosswalking -- especially in the cloud -- can help address inconsistencies and maintain compliance. Continue Reading
Tip 22 Feb 2022

Top 6 critical infrastructure cyber-risks

Cyber attacks on critical infrastructure assets can cause enormous and life-threatening consequences. Discover the top cyber-risks to critical infrastructure here. Continue Reading
News 16 Feb 2022

Trickbot has infected 140,000-plus machines since late 2020

In October 2020, Microsoft reported that more than 90% of Trickbot's infrastructure had been disabled. The threat actor bounced back and began thriving soon after. Continue Reading
News 14 Feb 2022

CISA says 'Shields Up' as Russia-Ukraine tensions escalate

CISA said in its advisory that 'there are not currently any specific credible threats to the U.S. homeland,' but cited past Russian cyber attacks against Ukraine and others. Continue Reading
Feature 08 Feb 2022

Pros and cons of manual vs. automated penetration testing

Automated penetration testing capabilities continue to improve, but how do they compare to manual pen testing? Get help finding which is a better fit for your organization. Continue Reading
News 07 Feb 2022

Metaverse rollout brings new security risks, challenges

When companies and users decide to adapt the technologies of the coming metaverse, they will also expose themselves to a new class of security risks and vulnerabilities. Continue Reading
Tip 02 Feb 2022

How to find ransomware cyber insurance coverage in 2022

It's harder to buy cyber insurance coverage for ransomware attacks in 2022. Our expert reviews what to look for in a policy, how to qualify and how to get the most out of it. Continue Reading
Feature 31 Jan 2022

How to prepare for malicious insider threats

Stopping malicious insider threats is just as important as preventing external ones. Uncover what to look for and strategies to prevent insider threats before they cause damage. Continue Reading
Feature 31 Jan 2022

Include defensive security in your cybersecurity strategy

Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading
News 27 Jan 2022

Apple security update fixes zero-day vulnerability

Apple released a series of security updates for bugs that included a critical zero-day vulnerability in iOS and macOS that is being actively exploited in the wild. Continue Reading
Tip 26 Jan 2022

Build a strong cyber-resilience strategy with existing tools

Existing security protocols and processes can be combined to build a cyber-resilience framework, but understanding how these components relate to each other is key. Continue Reading
News 26 Jan 2022

New vulnerability rating framework aims to fill in CVSS gaps

The CVSS vulnerability scale doesn't always give a clear picture of the risk of a vulnerability, but experts hope the emerging standard called EPSS will provide more clarity. Continue Reading
Tip 18 Jan 2022

4 software supply chain security best practices

The increasing complexity of software supply chains makes it difficult for companies to understand all its components. Learn how to find vulnerabilities before attackers. Continue Reading

1
2
3
4

Networking

Juniper's CN2 supports Kubernetes networking on AWS
Juniper simplifies Kubernetes networking on Amazon's Elastic Kubernetes Service by adding virtual networks and multi-dimensional ...
Ensure network resilience in a network disaster recovery plan
A network disaster recovery plan doesn't always mean network resilience. Learn how factors like funding, identifying potential ...
Cisco teases new capabilities with SD-WAN update
Cisco SD-WAN 17.10 enhancements give enterprises the option of using security service edge providers Cloudflare and Netskope in ...

CIO

7 edge computing trends to watch in 2023 and beyond
As edge computing continues to evolve, organizations are trying to bring data closer to the edge. We identify the top trends they...
Stakeholders want more than AI Bill of Rights guidance
While organizations like The Brookings Institution applaud the White House's Blueprint for an AI Bill of Rights, they also want ...
Federal, private work spurs Earth observation advancements
Earth observation is a primary driver of the global space economy and something federal agencies are partnering with commercial ...

Enterprise Desktop

The enterprise endpoint device market heading into 2023
Modern enterprise organizations have numerous options to choose from on the endpoint market. Learn about some of the main ...
How to monitor Windows files and which tools to use
Monitoring files on Windows systems is critical to detect suspicious activities, but there are so many files and folders to keep ...
How will Microsoft Loop affect the Microsoft 365 service
While Microsoft Loop is not yet generally available, Microsoft has released details about how Loop can connect users and projects...

Cloud Computing

Amazon, Google, Microsoft, Oracle win JWCC contract
The Department of Defense Joint Warfighting Cloud Capability contract allows DOD departments to acquire cloud services and ...
HPE GreenLake for Private Cloud updates boost hybrid clouds
HPE continues investing in GreenLake for private and hybrid clouds as demand for those services increases. Meanwhile, competition...
Reynolds runs its first cloud test in manufacturing
The maker of popular household brands will decide whether an IoT system from DXC Technology will help reduce natural gas use in ...

ComputerWeekly.com

Government announces £490m education investment
New investment into classroom facilities and funding for specialist education providers is aimed at better development of STEM ...
Labour unveils plans to make UK global startup hub
The Labour Party has published a review into the UK startup landscape, which calls for a number of changes to help make the ...
CIISec, DCMS to fund vocational cyber courses for A-level students
The Chartered Institute of Information Security and the Department for Digital, Culture, Media and Sport plan to fund vocational ...

Close