Tag: CISO
Previously, I’ve talked about four primary risk treatment options: mitigate, avoid, accept, and transfer. Over the history of the security industry, we’ve tended to focus on mitigation. Implementing controls is where the action is. As IT has largely become a consumption model, I would argue that risk transfer is catching up with mitigation and becoming…
Read MoreWhether it’s coming from the business units or the IT organization, every company wants to pull off new tech initiatives to create business impact. Thus, we see new functionality. We think it’s cool. We introduce it. …but then a user slips up because of some unforeseen slack in the system. When that happens, suddenly we’re…
Read MoreForward Secrecy’s day has come – for most. The cryptographic technique (sometimes called Perfect Forward Secrecy or PFS), adds an additional layer of confidentiality to an encrypted session, ensuring that only the two endpoints can decrypt the traffic. With forward secrecy, even if a third party were to record an encrypted session, and later gain…
Read MoreAs I write this, the industry is still wagging its fingers at the latest big breach. But in the time that it takes to get this published, there could easily be another colossal security disaster that leaves large numbers of people’s private information exposed. And with every headline announcing a security failure comes the anger…
Read MoreWe’ve heard this story before: an employee leaves a laptop in their car and it gets stolen. In January 2018, 43,000 patients had their personal medical history exposed in this manner.1 In fact, stolen physical devices containing confidential data were the cause of over a million records leaked in 2017 alone. A recent article in…
Read MoreWith the explosive growth of the Internet of Things, and the increasing threat posed by botnets that leverage IoT, more must be done to ensure IoT devices include security by design, says David Holmes, principal threat researcher at F5 Networks. The Named Data Networking project can play a critical role, Holmes says in an interview with…
Read MoreCISOs could always use more help, it’s as simple as that. As part of an upcoming report on protecting applications, F5 engaged Ponemon to survey security professionals. The survey found that 44% of respondents reported “lack of skilled or expert personnel” as the “main barrier to achieving a strong application security posture.” Our previous F5…
Read MoreAn orchard of cybersecurity law is growing in Asia. Now based in Singapore, your intrepid reporter is bumping into these cyber laws not as a participant (yet) but as an interested observer. Like the data-protection laws recently passed throughout the region, these cybersecurity regulations have a lot in common with each other. Singaporeans are known…
Read MoreIt’s inevitable. Every organization needs externally-developed applications to some degree or another. Increasingly, these apps are web-based and accessed over the Internet. As part of a forthcoming report on protecting applications, F5 commissioned a survey with Ponemon. In it, we asked security professionals what percentage of their applications (by category) were outsourced. The top answers…
Read MoreFigure 1: Cost of confidential data breach – F5 Ponemon security survey What do breach costs consist of? They can include anything from incident response investigation costs, remediation costs, reputation damage, loss of sales, operational downtime, and compliance penalties. Another significant cost that hasn’t historically been a major contributor to breach costs but is…
Read More