Regardless of size, nearly three-quarters of companies lack the maturity to address cyber security risks, according to the inaugural "Cybersecurity Poverty Index" released by RSA, The Security Division of EMC. The index compiled survey results from more than 400 security professionals across 61 countries. Participants self-assessed the maturity of their cyber security programs against the NIST Cybersecurity Framework, and the results pointed to insufficient maturity across the board. Of the organizations surveyed with more than 10,000 employees, 83 percent rated their capabilities as less than "developed" in overall maturity, suggesting that they see room for significant growth. The area where ...

Most companies recognize that a cyber attack will require the company to engage outside counsel. But, do you know what that engagement should encompass, what role outside counsel should play, or what benefits can be gained by managing the relationship effectively? Trust me – you do not want to discover the answers to these questions in the throes of a crisis. Preparedness is key in the success of managing a cyber security incident. Here are four considerations for your cyber security plan. 1. Keep the roles of legal counsel and technical or forensic consultants separate. This sounds obvious, but highlights ...

In early February 2015, Anthem, Inc. reported that on January 29, 2015, it had discovered that it was the target of “a very sophisticated external cyber attack.” Anthem believes the attack happened over the course of several weeks, starting on December 10, 2014. Accessed information may have included the names, dates of birth, social security numbers, home addresses, email addresses, and income data of current or former members of one of Anthem’s affiliated health plans, or one of the health plans that Anthem provides administrative services to. Anthem is one of the largest health insurance companies in the United States, ...

A recent article from C4ISR & Networks noted that while the Department of Defense wants to take advantage of the flexibility and efficiency of commercial cloud computing, the agency harbors concerns about the security of cloud environments.  James Ryan, president of Litmus Logic and chief strategy officer for the Cyber Security Summit, told the site that moving into the cloud will necessarily involve some culture shock for many at the DoD. "Clouds are organizations — dynamic and full of people making decisions daily that are relevant to cybersecurity," he said. "How can the DoD govern [what] is an inherently governmental function without ultimate authority?" To ...

Andrew Borene, chair of the 2015 Cyber Security Summit, spoke about securing your company's infrastructure yesterday at an event hosted by The Center for National Policy and The Christian Science Monitor. You can view his full comments below. Borene is federal chief strategist at IBM for i2 Intelligence Analysis. You can read more on his presentation from the Christian Science Monitor: Transforming overwhelming data to actionable intelligence Editor's note: Cyber Security Business and the Cyber Security Summit are sister organizations.  ...

Earlier today, President Obama delivered remarks at the Cybersecurity and Consumer Protection Summit at Stanford University. During his speech, he also signed an executive order promoting information sharing on cyber security threats between the private sector and government agencies. "This is not a Democratic issue, or a Republican issue," he said during his speech. "This is not a liberal or conservative issue.  Everybody is online, and everybody is vulnerable." Click here to read the full text of his remarks. [ image courtesy of Pete Souza, Official White House Photo ] ...

In our increasingly connected world, the reality of dangerous cyber threats is intensifying, and the U.S. government plans to take action. According to a release from The White House’s Office of the Press Secretary, President Obama wants to build upon steps he has already taken — including his BuySecure initiative, launched last year — to ensure American companies, consumers, and infrastructures are protected from cyber threats. "If we're going to be connected, then we need to be protected," President Obama said in remarks at the Federal Trade Commission offices. President Obama highlighted the measures he plans to pursue, which will ...

Compromised credentials are frequently being used in enterprise cloud apps, putting sensitive business information at risk, according to a report released today by cloud app analytics company Netskope. The report says as many as 15 percent of corporate users have had their account credentials stolen. Since many users reuse the same credentials across multiple accounts, that can leave data stored in the cloud unsecure. “Employees today have shifted from thinking of apps as a nice-to-have to a must-have, and CISOs must continue to adapt to that trend to secure their sensitive corporate and customer data across all cloud apps, including ...

The number of cyber attacks against U.S. retailers dropped 50 percent in 2014, but the increasing sophistication and efficiency of the attacks kept the number of records stolen near record levels, according to findings released yesterday by IBM. IBM’s research shows attackers obtained more than 61 million records in 2014. That represents a decrease from 73 million stolen records a year earlier, when the massive attack on Target took place. However, IBM says that if you exclude incidents involving more than 10 million stolen records — which also removes last year’s attack against The Home Depot — the number of ...