Cybercriminals are constantly looking for new ways to bypass security measures. In a survey conducted by the SANS Institute on the behalf of <a href="https://www.guidancesoftware.com/">Guidance Software</a>, 56% of respondents assumed they have been breached or will be soon, compared with 47% last year.
In the latest Internet of Things security blunder, personal weather station devices made by Netatmo were found sending users' Wi-Fi passwords back to the company over unencrypted connections.
The FBI today named the North Korean government as responsible for the cyber attack against Sony Pictures last month, saying its technical analysis points to the isolated, Communist country.
The critical Shellshock vulnerabilities found last month in the Bash Unix shell have motivated security researchers to search for similar flaws in old, but widely used, command-line utilities.
Online criminals remain at least one step ahead of many IT groups, according to this year's "U.S. State of Cybercrime Survey," conducted annually by CSO magazine, the Secret Service, the Software Engineering Institute at Carnegie Mellon University, and PricewaterhouseCoopers. Deterrence and detection are both falling short of their goals: The 500 survey respondents faced an average of 135 security incidents last year, and 34 percent say that number was up compared to the previous year. Just one-third of respondents could estimate losses from their breaches; among those who could, the breaches cost $415,000, on average. Legal liabilities and lawsuits after breaches add to the costs.
Simply being compliant is not enough to mitigate attacks and protect critical information. Organizations can reduce chances of compromise by shifting away from a compliance-driven approach. This guide provides the Top 20 Critical Security Controls (CSCs) developed by the SANS Institute to address the need for a risk-based approach to security.