More than twice as many small businesses are investing in Internet of Things (IoT) technologies than in cybersecurity, according to recent research. And while this may raise some red flags, it is possible that small businesses are spending less on cybersecurity for justifiable reasons. A poll conducted by Survey Monkey for business network CNBC says 44% of small businesses are planning to invest in IoT while only 20% plan to invest in cybersecurity. Naturally, this raises the very real concern that companies may purchase technology without properly securing it. Doing so, of course, would be a mistake. As a whole, small businesses are thought to be less prepared to fend off cyber threats than larger companies. This is the conventional

As published in the November/December 2019 edition of InfoSecurity Professional Magazine By Michael Bergman, CISSP An (ISC)2 member details a software security integration system that eliminates that ’50-page security policy’ for developers. Unless your organization is gifted with resources, your software development teams do not have a dedicated first-line-of-defense function that integrates controls and makes it easier for developers to secure the products they build. Instead developers, particularly those using Agile for project management, typically are handed a 50-page security policy document and told to “implement that along with your functional requirements, all within your two-week sprint cycle.” The result is frustrated developers who usually do not understand cybersecurity well enough to extract security requirements from that massive policy document, let

As published in the November/December edition of InfoSecurity Professional Magazine. It could be a blended attack as slick as a multichannel marketing campaign. Or a spontaneous crime of opportunity by a single dis-gruntled employee. It could even be an innocent configuration error. When a threat exists, there will be indicators. The perennial challenge is to hunt for signs in the right places and to isolate the signal from the noise. How best to find—and remove, where possible—such threats remains up for debate.  Lance Cottrell, chief scientist at Ntrepid, approaches threat hunting less as a specific set of techniques than as a set of high-level goals. “From the 50,000-foot view, we’re trying to understand the threat landscape,” he says. “Writ large,

By Lee Kim, JD, CISSP, CIPP/US, Director, Privacy and Security, HIMSS The most valuable part of the healthcare system is the patient. Patient safety is paramount in the healthcare sector. With the digitization of healthcare information, the free flow of information comes at a price. We need to be responsible stewards of healthcare information. Patients entrust us with their healthcare information and their lives. Those of us in the healthcare cybersecurity field have the unique task of protecting and securing patient information yet ensuring that the information is available on demand—especially when critical, life threatening situations arise. The Vulnerabilities of Healthcare Information Technology Systems team of the United States Department of Homeland Security/Office of the Director of National Intelligence Analytic

Nearly half of midmarket executives (47%) in a newly released quarterly report cited cybersecurity as their top concern for the coming year. The Middle Market Indicator report, by Chubb and the National Center for the Middle Market (NCMM), shows that cybersecurity topped the list of concerns for the second quarter in row. The concern isn’t surprising. Any executive who pays attention to the cyber threat landscape is bound to feel trepidation about the potential for cyber attacks against their organization. A study published by The Conference Board earlier this year found that cybersecurity is the top business concern for U.S. CEOs. Other studies have revealed similar findings. One inescapable realization from all the research is that cyber fears affect companies