Cybersecurity Blog: The Cyber Scene is evolving, are you?

Part 4: Training and defined management procedures are critical to program success.

Today’s insider risk programs typically rely solely on mitigation as the remedy to address every insider risk. But this approach leaves out critical measures to address all components of risk.

Read more

Today, organizations invest significant resources to harden their perimeters against exterior attacks. Unfortunately, many of these same companies invest far less to protect themselves against internal threats—individuals who have direct access to sensitive and proprietary information.

Read more

Part 3: Successful insider risk programs begin with good choices—prioritizing what to protect and how to protect it.

While often overlooked as a critical component to enterprise security, the insider threat is difficult to ignore when organizations increasingly lose critical assets (intellectual property, proprietary data, network infrastructure, financial assets, facilities, etc.) due to an individual's theft or negligence.

Read more

Part 2: Communication and documentation contribute to building a successful insider risk program.

When implementing an insider risk program, it is necessary to take foundational measures to integrate both technical and non-technical elements for a truly holistic defense.

Read more

Part 1: Review the first two of eight components to building a successful insider risk detection program that goes beyond network monitoring.

One of the most common questions posed by customers looking to either launch a new insider risk program or improve their existing efforts in threat detection–where do I start? How do I kick-off my insider risk program to go beyond solely network monitoring?

Read more

Many corporations invest significant resources to improve their defenses against external threats but too often fail to adequately protect themselves from internal risks—risks created by insiders with direct access to critical corporate assets. Neutralizing internal threats is as important to strengthening overall security and reducing organizational risk as protecting against external attacks.

Today’s insider risk programs typically rely solely on mitigation as the remedy to address every insider risk. But this approach leaves out critical measures to address all components of risk. To execute a successful insider risk program, the entire organization must be engaged to accurately evaluate key factors that contribute to risk: threats, vulnerabilities, and assets.

Read more

15 companies from around the globe share their Cybersecurity insights at this year’s Gartner Security and Risk Summit

Attendees from a variety of industries sat with us for a 45-minute “CISO Roundtable Chat” at the 2017 Gartner Security & Risk Management Summit.

Read more

On June 27, 2017, a new cyberattack spread across the globe, starting in Europe.  This attack is similar to a 2016 virus called “Petya,” but its spread is reminiscent of the “WannaCry” attack of May, 2017.  This “2017 Petya Attack” is already affecting thousands of computers and is spreading quickly.  Its full impact on businesses, governments, and people is yet to be determined.

Read more

As I reflect on my career over the past 12+ years, starting as a traditional forensic analyst, then moving to incident response, intelligence fusion, strategic consulting, and so on, I can’t help but see similarities between my own journey and that of many cybersecurity organizations we support at Leidos Cyber.  Prior to 2005, when cyberattacks against the government and defense contractor world were being waged, we didn’t have time to stop and ask ourselves what we were seeing or doing.  Once we got our bearings and operations became more stable, we began to ask and answer questions as a CND community: What just happened? How can we fix it and secure ourselves? Why does this keep occurring?

Read more

Security teams are struggling to keep up. With cyber threats and security mandates growing at a rapid pace, how do you keep your team’s morale and motivation strong? And, how do you ensure your strategy to protect your company’s assets are sound and your efforts continue in the right (read “effective”) direction?

Read more