The Dark Web:  the name conjures up visions of nefarious characters doing despicable things under the cover of specialized technology that keeps them a step ahead of the law, who are hopelessly outnumbered.  Many people believe the Dark Web is like dark matter:  mysterious, undetectable, and vaster by far than our customary world.

The first order of business in cybersecurity, indeed in IT management in general, is to have a reliable system inventory:  physical systems, virtual machines, software and associated configurations and vulnerabilities, and – most importantly – data.  Asset inventory is not just common sense, though, it’s the law.  The NIST 800-53 sec

As straightforward and commonplace as patch management might be, it is still a big security hole for many organizations.  The 2015 Verizon threat report states, “…99.9% of the exploited vulnerabilities had been compromised more than a year after the associated CVE was published”.  In other words, completely preventable exploits were succe

At this point, it probably seems like there’s almost as much information out there about how to combat cybersecurity threats as there are threats themselves. Every day there’s a new report that contains a wealth of valuable – and sometimes, disturbing – information. It’s enough to make a federal IT pro feel overwhelmed.
Like so many other things, though, it’s helpful to remember that the foundation for a successful approach to defending against cyber threats can ultimately be boiled down to a few core best practices:

An advanced persistent threat (APT) is a network attack in which an unauthorized individual gains access to a network and then stays in the network, undetected, for a long period of time.[1] APTs use multiple phases to break into networks and avoid detection. During this period of time, the attacker will scan the network for confidential information.  There are usually five phases of an APT attack. The first is reconnaissance, in which the attacker leverages information to understand the target.

2014 was a banner year for high-profile security breaches. The Sony hack, big box store data breaches, and the rumblings of problems at the federal government’s Office of Personnel Management all contributed to a problematic year for IT, business and government leaders.

Many of these breaches stemmed from inadequately protected on-premise systems, but what’s been going on with cloud security? For answers look no further than DLT partner, Alert Logic’s newly released 2015 Cloud Security Report.

Bring Your Own Device (BYOD) programs are popping up across corporate America. Yet many in the U.S. government still eye this cost-saving strategy (less infrastructure = reduced IT footprint) with caution.

Security and liability are among the top concerns that are stalling widespread adoption with many government officials finding BYOD programs to be “more trouble than they’re worth” (Forrester).

A new report from the Government Accountability Office (GAO) released on September 29 highlights the challenges that 24 federal agencies still face when it comes to applying information security policies and practices, despite throwing billions of dollars at the problem.

"Federal agencies' information and systems remain at a high risk of unauthorized access, use, disclosure modification and disruption," Gregory Wilshusen, information security issues director at GAO, says in the report.

The Ashley Madison attack has received a lot of attention in the past few months since the attack on the private Canadian firm, Avid Life Media who owns the affair website. So why is it of interest to federal agencies? A lot of email addresses revealed in the database were government email addresses and military email addresses. Although it doesn’t look good, just because these names and email addresses were released, doesn’t prove they were having an affair. Although there are reportedly a lot of .mil and .gov addresses that created accounts, it’s hard to say who was using it.

The growth of BYOD programs is exploding in the private sector. Indeed Gartner expects half of all companies to establish mandatory BYOD policies by 2017. After all, the economics make sense, according to Cisco, the predicted savings per employee amounts to a staggering $3,150.

So how is the federal government responding to the BYOD boom? Not well according to all reports.