Training that's designed to help workers avoid clicking on links from spear-phishing e-mails may be ineffective because employees often fail to read training materials, says Eric Johnson, a Vanderbilt University professor who's co-author of a new study on the subject.
As a result of high-profile breaches, such as the Target incident, security is increasingly a board issue. What are the key topics security leaders should prepare to discuss in 2014? Alan Brill of Kroll offers his forecast.
The breach at Target stores that may have affected as many as 40 million credit and debit card account holders is a watershed moment that could greatly raise awareness of cybersecurity risks, says privacy attorney David Navetta.
Cyberthreats increasingly target mobile devices, and simple security measures could help end-users slash these incidents by 50 percent. This is the key finding of ENISA's new Threat Landscape Report, says Louis Marinos, the prime author.
The theft of 2 million credentials reminds security professionals that their organizations are at risk because many employees use the same passwords and devices for personal and business purposes, data security lawyer Ronald Raether says.
You can be outraged that the NSA collects Internet communications records of U.S. citizens. But don't be surprised, says sociologist William Staples. This is just one example of our "culture of surveillance."
Governments and others using cloud-based services should keep 10 security tips in mind, including making sure they can maintain control of their data if a service provider goes bankrupt, says Dimitra Liveri, co-author of a new report.
For risk managers, an often overlooked step for minimizing supply chain risks is to continually monitor outsourcers and other third parties to address critical security issues, says the Information Security Forum's Steve Durbin.
Computer scientists at the Georgia Institute of Technology are developing new ways to apply encryption when storing or searching data in the cloud, says Paul Royal, associate director of the university's information security center.