EXCLUSIVE

Security Services April 14, 2021

An Update: The COVID-19 Vaccine’s Global Cold Chain Continues to Be a Target

In December 2020, IBM Security X-Force released a research blog disclosing that the COVID-19 cold chain — an integral part of delivering and storing COVID-19 vaccines at safe temperatures — was targeted by cyber adversaries. After that first report, we…

How AI in Cybersecurity Addresses Challenges Faced by Today’s SOC Analysts

Today’s security operations centers (SOC) have to manage data, tools and teams dispersed across the organization, making threat detection and teamwork difficult. There are many factors driving complex security work. Many people now work from home with coworkers in far-away…

Security Intelligence & Analytics April 16, 2021

Combating Sleeper Threats With MTTD

During the SolarWinds Orion supply chain compromise, threat actors lurked in the victim’s network for more than a year. Discovered by FireEye in December 2020, the earliest traces of a modified SolarWinds Orion go back as early as October 2019.…

Risk Management April 16, 2021

Ransomware Attacks in 2021: Information Meets Emotion

“If you want to go quickly, go alone, but if you want to go far, go together.” This African proverb opens the Sophos 2021 Threat Report, and in view of recent cybersecurity events, its meaning is very important when it…

Security & Analytics April 15, 2021

How to Design and Roll Out a Threat Model for Cloud Security

Today’s cloud security requires a new way of looking at threat models. Making a threat model can support your security teams before problems start. It helps them develop a strategy for handling existing risks, instead of detecting incidents at a…

Data Protection April 15, 2021

Why Security Pros Can’t Ignore Big Data Monopolies

The rise of the cloud didn’t free us from concerns over who stores our data. Where matters, and major cloud providers and big data monopolies host a huge percentage of the world’s data. Thousands of organizations that store and manage…

Timeline

State and Local Government Cyberattacks Timeline

State and local governments face malicious actors who target personal information and key services, endangering both citizens and critical infrastructure. Explore this timeline for a sense of the evolving landscape, attack patterns and prevention best practices.

Explore the timeline

AI Security: How Human Bias Limits Artificial Intelligence

For cybersecurity experts, artificial intelligence (AI) can both respond to and predict threats. But because AI security is everywhere, attackers are using it to launch more refined attacks. Each side is seemingly playing catch-up, with no clear winner in sight. …

Application Security April 14, 2021

The IT-OT Connection: How the Two Work Together

Where hardware meets software, attackers can sneak in. More and more, threat actors are targeting Industrial Control Systems (ICS) and Operational Technology (OT). IBM X-Force found that the number of attacks against those types of assets increased by over 2,000%…

Data Protection April 14, 2021

Don’t Stop At ‘Delete:’ How Privacy Needs Are Shaping Data Destruction

It’s just part of the job: at some point in a device’s lifecycle, data must be destroyed. While deleting files may mean users and apps can’t access them, simple deletion isn’t enough to truly destroy the data. To be most…

Security & Analytics April 13, 2021

Turning Down the Noise: Adding Context to the SIEM With Modern Data Security

Let’s say I tell you that my daughter crawled today. However, you don’t know if my daughter is an infant or 30 years old. If you ask, and I tell you my daughter is an infant, you still don’t know…

Security & Analytics April 13, 2021

Wake Me Up Before You Know Know … About the Latest Third-Party Data Breach

“It has gotten to the point, unfortunately, where they are so frequent and common these days, that it’s like, here we go again,” Christopher Sitter says when I asked him about the prospect of a third-party data breach. Sitter is the…

Latest Podcast

Season 1 |Episode 4

Developing a Cloud Security Strategy

Playlist 3 |Episode 19

Training with Chaos Engineering

Playlist 3 |Episode 18

Time Is (Still) Money and Other Findings from the 2020 Cost of a Data Breach Report

Playlist 3 |Episode 17

Contextualizing Zero Trust

Playlist 3 |Episode 16

Recent Activity from ITG16, a North Korean Threat Group

Playlist 3 |Episode 15

Consumer Identity and Access Management (CIAM): Reducing Friction Without Reducing Security

Playlist 3 |Episode 14

Exploring the Impact of the ITG08 Threat Group

Playlist 3 |Episode 13

Creating AI Without Bias

Playlist 3 |Episode 12

Current Trends in the Threat Intelligence Landscape

Playlist 3 |Episode 11

Verify to Simplify: Demystifying Zero Trust