February 8, 2017 By Derek Brink 2 min read

We’re well into the new year, and you’ve resolved to keep yourself and your organization better informed about rapidly evolving threats, vulnerabilities, exploits, technologies, products and services related to cybersecurity. But how?

Keeping Up With Cybersecurity Trends

Here’s a snapshot of some of the many ways that security professionals are working hard to keep up with cybersecurity trends.

For many of us, efforts to stay informed about what’s happening in cybersecurity center around the lower-left corner of the above table. Our daily routine includes scanning our favorite news feeds, blogs, podcasts, social media posts and other informal, publicly available sources.

The fundamental challenge is to keep pace with the cybersecurity news cycle and maintain a high level of awareness about the latest cybersecurity trends and events in the never-ending battle between attackers and defenders.

Sources of Security News and Insights

When asked about their favorite sources of cybersecurity news and insights, security professionals offered some great places to start:

  • “I listen to The CyberWire podcast … It’s my go-to resource every day.”
  • “I listen to CyberWire, and the SANS Internet Storm Center. My favorite blogs come from reverse engineers across the entire industry, from independents to bloggers who work for the largest vendors. I also follow some favorites on Twitter, too many to mention.”
  • “A few times a day, I check in on the headlines at my favorite sites with Feedly, a fast and easy way to get the latest security news, which I’ve been able to optimize over time. My Twitter follows are curated to a core group of super sharp people who post security info and analysis that isn’t always in the mainstream. In a similar vein, LinkedIn news updates from colleagues are an excellent way to keep up with stories I may not have seen elsewhere.”

Formal Cybersecurity Analysis

For others, the need to stay informed is much more formal and structured, as in the examples found in the upper half of the table. For example, hands-on analysts in a security operations center needs the latest intelligence about active threats, vulnerabilities and exploits so they can quickly assess risks and take the most effective actions to defend, respond and recover.

These professionals value real-time visibility and intelligence about what’s happening, as opposed to news about what already happened. One fundamental challenge is learning how to share and collaborate more openly in what is a traditionally closed discipline. These professionals are also challenged to create and leverage automated mechanisms to efficiently share information without compromising confidentiality and trust.

When asked for resources related to these challenges, security analysts suggested the following:

  • “I subscribe to the daily email alerts from the U.S. Computer Emergency Readiness Team (US-CERT).”
  • “After reading the daily threat intelligence from the IBM X-Force Threat Analysis Service (XFTAS), I read up on what is being sent out by other cyber news organizations, what is being shared with us from the Information Sharing and Analysis Center (ISACs) and alerts from the IBM X-Force Command Centers.”

Whether informal or formal and regardless of the source, staying informed requires a committed, disciplined effort. This effort is essential to the cybersecurity professional’s dual role of technical expert and trusted advisor.

More from Risk Management

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today