cyber risk

Join this dynamic LinkedIn group to be part of the cyber-security education conversation to gain an understanding for the best practices to improve security. Learn why HP says 64% of IT managers believe their printers are infected with malware, but only 45% of those IT professionals consider printers to be a medium or high risk vulnerability. The first responsibility of IT professionals is to make sure their company’s information is secure and today any device can become an access point threat. Printers and MFPs can be the Achilles’ Heel of any cyber-security plan and are a goldmine for hackers looking to steal pertinent information. Join the conversation and learn what’s necessary to protect your company.

An optimized hybrid IT infrastructure enables innovative business outcomes—but rapid IT transformation also creates new risks, threats and vulnerabilities. Coupled with increasingly sophisticated cyberattacks and complex regulatory pressures, managing risk in today’s digital environment becomes even more critical to the enterprise. Download now to learn more.

MIT Technology Review Survey: Executive Summary Are you prepared for the next breach? Only 6% of leaders say yes. Information security—or, the lack of it—is firmly on the radar for business and IT leaders in organizations of all sizes and in every sector. Many fear that their companies are ill-prepared to prevent, detect, and effectively respond to various types of cyberattacks, and a shortage of in-house security expertise remains of widespread concern. Those are among the initial findings of the Cybersecurity Challenges, Risks, Trends, and Impacts Survey, conducted by MIT Technology Review of approx. 225 business and IT executives, in partnership with Hewlett Packard Enterprise Security Services and FireEye Inc.

Research conducted by The Economist Intelligence Unit (EIU), sponsored by Oracle, provides answers. The results show that a proactive security strategy backed by a fully engaged C-suite and board of directors reduced the growth of cyber-attacks and breaches by 53% over comparable firms. These findings were compiled from responses by 300 firms, across multiple industries, against a range of attack modes and over a two-year period from February 2014 to January 2016. The lessons are clear. As cyber-attackers elevate their game, the response must be an enterprise solution. Only C-suites and boards of directors marshal the authority and resources to support a truly enterprise-wide approach. In sum, proactive cyber-security strategies, supported by senior management, can cut vulnerability to cyber-attack in half.

This paper reveals how not securing all of your keys and certificates enables cybercriminals to bypass controls like threat detection, data protection, firewalls, VPNs, DLP, privileged access, and authentication systems that you expect will mitigate threats.

Lax SSH security and management can lead to significant gaps in security controls. Cybercriminals target these gaps to gain full access to sensitive, regulated, and valuable systems and data. Read the solution brief, Stop Unauthorized Privileged Access, to close these SSH security gaps and protect your business: • Learn about the top SSH vulnerabilities • Discover how to reduce risk of SSH key misuse • Develop a strategy to manage and secure SSH keys

The SANS 20 Critical Security Controls for Effective Cyber Defense offers a blueprint of prioritized guidance to reduce risk. New updates to the SANS 20 signify the growing need to secure digital certificates and cryptographic keys to preserve trusted communications for all of your critical systems and your organization’s interactions with customers and partners. Too often cyberattacks on keys and certificates are successful because basic security controls are not present or not properly configured. Download the Solution Brief to learn how you can effectively build scalable controls and reduce risk: • Manage the rapid growth in certificates • Gain visibility into where keys and certificates are located • Secure your certificates against cyberattacks • Enforce automation of certificate issuance and renewal

Cybersecurity is top of mind for companies with workers using mobile computing devices. Report identifies top field service security risks, why security policies are critical, and includes a security checklist.

The included Framework for Inquiry is a non-prescriptive exercise that can help boards and management craft a replicable reporting template for reviewing risk levels, measuring operational effectiveness, and prioritizing initiatives over time.

Reports of cyberattacks now dominate the headlines. And while most high-profile attacks—including the major breaches at JP Morgan, Anthem and Slack—originated outside of the victimized organizations, theft and misuse of data by privileged users is on the rise. In fact, 69% of enterprise security professionals said they have experienced the theft or corruption of company information at the hands of trusted insiders.1 There are also cases where a company’s third-party contractors, vendors or partners have been responsible for network breaches, either through malicious or inadvertent behavior.

CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business, in every industry. From planning to development to management and security, CA is working with companies worldwide to change the way we live, transact and communicate—across mobile, private and public cloud, distributed and mainframe environments.

Privileged credentials have served as a major attack vector in the successful execution of many breaches. Protecting privileged access is an imperative to successfully defend an organization from a breach and is a core requirement of multiple compliance regimes. CA Privileged Access Management helps drive IT security and compliance risk reduction and improves operational efficiency by enabling privileged access defense in depth—providing broad and consistent protection of sensitive administrative credentials, management of privileged identity access and control of administrator activity.

This Cyber Security Awareness Kit illustrates how to make your organisation more secure by neutralizing the leading cause of cyber security risk: your employees.

Read this important brief to learn how to maintain your cybersecurity and reduce risk.

Intrusion Detection Systems have ceased to live up to their name and have lost their ability to spot today’s sophisticated intrusions. Consequently, cyber attackers are taking advantage of it by launching more evasive and strategic threats that spread rapidly within networks. And security teams are left without the proper tools or insight to identify intrusions that pose the biggest risk.

Covert communications are key enablers of cyber attacks that allow remote humans to patiently manage and direct their attacks undetected. Attackers choose these vehicles specifically for their ability to evade signatures, malware sandboxes and reputation lists. To learn how Vectra empowers security teams to automatically pinpoint active cyber attacks as they’re happening, correlate threats with the hosts that are under attack, prioritize attacks that pose the greatest business risk, and quickly prevent or mitigate loss, register to get the white paper Detecting Covert Communications.

Ponemon Institute is pleased to present the results of Uncovering the Risks of SAP Cyber Breaches sponsored by Onapsis. The purpose of this study is to understand the threat of an SAP cyber breach and how companies are managing the risk of information theft, modification of data and disruption of business processes.

This paper touches upon the following topics: -Critical vulnerabilities are on the decline, but still pose a significant threat -Mature technologies introduce continued risk -Mobile platforms represent a major growth area for vulnerabilities -Web applications remain a substantial source of vulnerabilities -Cross-site scripting remains a major threat to organizations and users -Effective mitigation for cross-frame scripting remains noticeably absent

HP Enterprise Security provides a broad view of the vulnerability landscape, ranging from industry-wide data down to a focused look at different technologies, including web and mobile. The goal of this report is to provide the kind of actionable security that intelligence organizations need to understand the vulnerability landscape as well as best deploy their resources to minimize security risk.

HP Enterprise Security provides a broad view of the vulnerability landscape, ranging from industry-wide data down to a focused look at different technologies, including web and mobile. The goal of this report is to provide the kind of actionable security that intelligence organizations need to understand the vulnerability landscape as well as best deploy their resources to minimize security risk. Download this infographic for more info!

Cybersecurity risks don’t begin and end with your PCs. Watch this webinar to hear HP’s top security expert Ron Chestang detail some surprising security issues lurking in your print network and outline specific controls you can use to minimize the risk.

The growing need for cyber insurance is undeniable, yet the landscape is currently operating without standards, mostly due to the high number of unknowns regarding cyber risks. As a result, understanding how cyber insurance can help mitigate the costs for your company, if a cyber attack occurs, is quickly emerging as a best practice. Download this whitepaper and learn about what to consider when purchasing a cyber insurance plan, cyber Insurance Coverage: What Is (and Isn't) Covered, How Much Will the Coverage You Need Cost?, and how to step up cyber security efforts.

Virtualization promises to boost efficiency and cut costs, making it an important element in your IT department’s efforts to do more with less. Whether you’re running applications on physical or virtual machines, you still need to stay vigilant to guard against the constant and growing hazard of malware and other cyberthreats that can put your business at risk.

Cyber attacks against utilities and power producers are on the rise. Prudent leaders are taking action now to lock down their control systems and operations assets before a potentially catastrophic event occurs. Download the eBook “5 Security Imperatives for Power Executives” to learn how to prepare and react to threats to your business and the public you serve.

Many papers on the topic of advanced persistent threats (APTs) begin with ominous references to the changing threat landscape and stories of how highly sophisticated cyber attacks are becoming more prevalent. That can be misleading. The majority of attacks today still use many techniques that have been around for years—social engineering, phishing emails, backdoor exploits and drive-by downloads, to name the biggest ones. Such attacks are neither advanced nor particularly sophisticated when broken down into their individual components and often rely on the weakest link in any organization—the user. However, the way in which hackers use combinations of techniques and the persistent behavior of the attackers is something that does set APTs apart from other attempts to compromise security. This paper is designed to give you an overview of the common characteristics of APTs, how they typically work, and what kind of protection is available to help reduce the risk of an attack.