If there’s one thing I’ve learned from working in cybersecurity, it’s that security incidents do not simply occur, they are caused — either by legitimate users who unintentionally expose company data or malicious actors who seek to breach enterprise systems undetected. Unfortunately, it is much easier for attackers to identify…
Read MoreThe final version of the National Institute of Standard and Technology (NIST)’s Special Publication (SP) 800-53 Revision 5 is on the horizon for 2019. What does the initial public draft tell us about what we can expect in its final version? Even more importantly, what does it mean for organizations…
Read MoreX-Force Red is an autonomous team of veteran hackers within IBM Security that is hired to break into organizations and uncover risky vulnerabilities that criminal attackers may use for personal gain. Our team recently unveiled new statistics collected from its penetration testing engagements. One statistic that stood out, although not…
Read MoreCyber risks have been a top concern of global leaders for a while now, with cyberattacks appearing four times as a top-five risk by likelihood in the past decade. This year, leaders ranked two technological risks in the top 10 by impact: cyberattacks in seventh place and critical information infrastructure…
Read More