Phishing, vishing, whaling, spear-phishing: the list of clever new terms seems constantly to change. A successful attack by any other name, though, is just as sweet to the adversary. Terminology aside, the fundamental problem is this. Phishing is the most common and effective way to steal data because it goes after the weakest chain in our cybersecurity armor: the human being. Even high-profile people, including one CEO of a major cybersecurity firm and major figures in law enforcement, have fallen victim to phishing attacks.

“Trust but verify”:  a Russian proverb Ronald Reagan often used to characterize U.S.-Russia relations, especially regarding nuclear weapons. The Internet has made it clear that the “trust” part of the proverb may not work so well. Today, we may have to say “Never trust; only verify”.

Every security professional knows that the adversary has the advantage. Security professionals have to find every vulnerability (good luck with that) and remediate it, and the enemy only needs to find one vulnerability and exploit it. This asymmetry underlies their economic advantage: finding one vulnerability gives access to a huge number of systems. In addition, for those willing to forego their conscience and risk jail, it is possible to make large sums of money in a short time, even with a minimum of technical expertise.

You have heard it enough to make you aim a fire extinguisher at your firewall:  “compliance does not mean security”. Compliance work can consume up to 70% of security budgets in Federal government agencies, and it is common to spend more money identifying, documenting, and gaining approval for a remediation than the remediation itself costs.

Return on investment: is it worth the money? That is the central question in both government and industry when deciding on any procurement. Demonstrating ROI on cybersecurity products is notoriously difficult, and is one of the underlying reasons for the poor state of our nation’s cybersecurity posture.

The rising numbers of data breaches should come as no surprise to federal IT security pros who work every day to ensure agency information is secure. However, these breaches may not be something a federal IT team can prevent on its own.

Expert Panel: The Challenges and Opportunities for Modernizing Data Protection

As online data has become ubiquitous, managing that data has become as important an endeavor as amassing and storing it. A host of issues surround data management, not the least of which is security. But many others loom as data increases exponentially both in size and in importance.

Article written by Jim Hansen, VP of Products, Security, SolarWinds

Earlier this year, the Department of Defense (DoD) released a policy memo stating that DoD personnel—as well as contractors and visitors to DoD facilities—may no longer carry mobile devices in areas specifically designated for “processing, handling, or discussion of classified information.”