Shall we care about zero-day?

Shall we care about zero-day?

Gartner says that 99% of exploited vulnerabilities are publicly known. Does it mean we can ignore zero-days?

11/23/16

Name and shame cybersecurity: a gift for cybercriminals?

Name and shame cybersecurity: a gift for cybercriminals?

Cybersecurity “name and shame” practice may significantly boost global cybercrime.

10/25/16

Cybersecurity: is it really a question of when, not if?

Cybersecurity: is it really a question of when, not if?

Can you imagine your banker saying “it’s not a question of if I lose your money, but when will I lose your money”?

09/27/16

Fake attacks by insiders to fool companies

Fake attacks by insiders to fool companies

Famous cybercrime groups and hacktivists “brands” may be a smokescreen to cover sophisticated insider attacks.

08/22/16

Can crowd security testing be cost efficient for web apps?

Can crowd security testing be cost efficient for web apps?

Can Bug Bounty programs be a cost-efficient complement for security testing of modern web applications?

06/16/16

Infosec16: keep your cybersecurity strategy simple to win

Infosec16: keep your cybersecurity strategy simple to win

Infosecurity Europe 2016 highlighted a great variety of emerging cybersecurity threats. Keeping things simple can help CISOs a lot.

06/13/16

Web application security risks: Accept, avoid, mitigate or transfer?

Web application security risks: Accept, avoid, mitigate or transfer?

Web application security is a very hot topic these days. What shall CISOs do with the related risks?

05/16/16

Five most common myths about Web security

Five most common myths about Web security

Running behind trendy APTs we tend to forget about common-sense approach and holistic risk assessment.

05/03/16

Blackhole exploit kit author sent to jail: Pyrrhic victory for the cybersecurity industry

Blackhole exploit kit author sent to jail: Pyrrhic victory for the cybersecurity industry

The imprisonment is rather a defeat than a victory for our industry if we carefully look into the details.

04/18/16

Cybersecurity spending: more does not necessarily mean better

Cybersecurity spending: more does not necessarily mean better

Cybersecurity is not something you can just buy, but something you should thoroughly build.

04/04/16

Why PCI DSS cannot replace common sense and holistic risk assessment

Why PCI DSS cannot replace common sense and holistic risk assessment

Cybersecurity compliance is not designed to eliminate data breaches or stop cybercrime.

03/14/16

Web Application Firewall: a must-have security control or an outdated technology?

Web Application Firewall: a must-have security control or an outdated technology?

Can WAF be an efficient security control for modern web applications?

02/16/16

Five rules to conduct a successful cybersecurity RFP

Five rules to conduct a successful cybersecurity RFP

It’s too early to speak about a cybersecurity bubble, however, it becomes more and more difficult to distinguish genuine security companies, with solid in-house technologies, and experts with flashy marketing and FUD (Fear,...

02/01/16

Facebook scandal or can bug bounties replace traditional web security?

Facebook scandal or can bug bounties replace traditional web security?

Can crowd-sourcing approach to web security testing work for your corporate applications?

12/21/15

How to calculate ROI and justify your cybersecurity budget

How to calculate ROI and justify your cybersecurity budget

If you speak with management about money – speak their language and you will definitely get what you need.

12/01/15

Five reasons why hackers easily get in

Five reasons why hackers easily get in

Vulnerable web application is a great gift for hackers, as it significantly reduces their time, cost and efforts to get into corporate network. Why companies fail to secure their web apps?

11/24/15

Spending millions on APT defense? Don’t forget about Third Party Risk Management

Spending millions on APT defense? Don’t forget about Third Party Risk Management

Being a large company, you have a risk when hiring a third-party consultant - you condemn them to be hacked instead of you.

10/26/15

DDoS attacks: a perfect smoke screen for APTs and silent data breaches

DDoS attacks: a perfect smoke screen for APTs and silent data breaches

Growing DDoS attacks more and more frequently try to distract incident response teams in order to hide much bigger security incidents.

09/28/15

How to secure the Internet of Things and who should be liable for it?

How to secure the Internet of Things and who should be liable for it?

How to secure connected devices before it will be too late?

09/14/15

CTF players versus professional penetration testers

CTF players versus professional penetration testers

I decided to write this post after several friends of mine, CISOs within different organizations, asked me if Capture the Flag (CTF) experience makes any difference when evaluating incoming CVs for internal IT security auditor or...

09/02/15

Load More