Filter By:

Type

Topic

Recent Blogs & Podcasts

Insights Portal

 



January 2, 2018 | Threats & Incidents

 Developers Lack Confidence in the Security of Their Applications

Fewer than half of developers surveyed are confident in the security of the code they write and run. Approximately 60 percent of developers aren’t confident in the security of their applications, while only 31 percent feel confident that their code doesn’t contain vulnerabilities.

Read More »


January 2, 2018 | Leadership Skills

 Overview of IT/Security Compensation Incentives

With the growing cybersecurity skills gap, organizations are forced to be creative when it comes to retaining their employees. In a survey of more than 740 HR, compensation and benefits professionals in North America, the most common incentives offered to IT/security professionals are spot awards for individual or team achievements (37%), profit-sharing (20%), retention bonuses (18%), stock options (18%) and deferred compensation (16%).

Read More »


January 1, 2018 | Threats & Incidents

 Cyber Incidents the Most Feared Business Interrupter

Business interrupters can crop up in a variety of ways, but one thing is clear: cybersecurity incidents are at the top of the list. A survey of nearly 2,000 professionals around the world found that 42 percent fear cyber incidents the most among all business interrupters, outpacing fires (40 percent), natural disasters (39 percent), supplier failures (30 percent) and machinery breakdown (23 percent).

Read More »


January 1, 2018 | Threats & Incidents

 Ransomware Pay or Fight

While it can be a difficult decision to make, law enforcement and most security experts advise companies not to pay if they are hit with a ransomware attack. This chart walks through the various options organizations have whether they decide to pay or fight back, with all organizations strongly encouraged to report the incident to the FBI or local law enforcement.

Read More »


January 1, 2018 | Threats & Incidents

 Lack of User Awareness the Leading Enterprise Mobile Risk

Ernst and Young’s survey of 1,735 CIOs, CISOs and other executives found that the leading risk associated with the growing use of mobile devices within organizations is a lack of user awareness/poor user behavior (73 percent of respondents listed this). Another 50 percent said loss of a single device (which means loss of information and potentially identity) is a major risk, while 32 percent of respondents said the hijacking of devices is an enterprise risk.

Read More »


January 1, 2018 | Leadership Skills

 Cyber Skills Gap a Worldwide Problem

Hiring statistics vary based upon the geographic location of the surveyed individuals. Although North American respondents state that they are unable to fill open positions around 27 percent of the time, respondents in Asia have an easier time finding new hires, with only 22 percent of these respondents indicating that they are unable to fill open positions. Meanwhile, almost one-third of European cyber security job openings remain unfillable, with 30 percent of cybersecurity job openings remaining open and unfilled.

Read More »


December 28, 2017 | Privacy
By Rebecca Herold, IANS Faculty

 Benchmark Your Privacy Program Maturity

As privacy becomes increasingly important to regulators, consumers and organizations alike, determining optimal privacy program maturity is critical. In this Ask-an-Expert written response, IANS Faculty Rebecca Herold details the process of benchmarking a program's maturity using the 14 ISACA Privacy Principles and the AICPA/CID Privacy Maturity Model.

Read More »


December 27, 2017 | Security Analytics and Visualization
By Mark Clancy, IANS Faculty

 Anomaly Detection: A Market Landscape

Detecting anomalies across both users and networks requires a strong combination of network, endpoint detection and response (EDR), security and information event management (SIEM) capabilities and more. In this Ask-an-Expert written response, IANS Faculty Mark Clancy provides a rundown of market options, including their pros and cons.

Read More »


December 26, 2017 | Threats & Incidents

 40% of Organizations Don’t Review Third-Party Packages in Apps for Vulnerabilities

While the majority of C-suite executives consider security to be an important part of their responsibilities, IT leaders and developers don’t always prioritize identifying vulnerabilities in their own code or in third-party packages. Specifically, 40 percent of CTOs, CIOs and developers said they don’t do reviews of any kind to verify if there are vulnerabilities in third-party packages.

Read More »


December 26, 2017 | Key Infosec Reports

 39% of Firms Do Not Require Security Awareness Training for All Employees

Employee awareness is not a simple check-the-box exercise. Companies must invest in comprehensive, ongoing programs to minimize the weakest link syndrome. In this regard, workforce-wide cybersecurity training is only the first step. Reinforcing and testing the awareness training over time will also allow for optimization and point to where knowledge gaps exist. Post-test evaluations and ongoing improvements are also required to fully realize the benefits of cybersecurity awareness training.

Read More »