In this industry perspective, Thomas Hofmann of Flashpoint says that sensational coverage of advanced persistent threat (APT) actors does little to help small and mid sized firms defend their IT environments from more common threats like cyber criminals. The key to getting cyber defense right is understanding the risks to your firm and prioritizing investments to protect critical IT assets.
Podcast: Play in new window | Download (Duration: 35:55 — 41.1MB) | EmbedSubscribe: Google Podcasts | Email | RSSIn this episode of the Security Ledger Podcast we do a deep dive into the recent Black Report by NUIX – which flips the script by asking hackers and pen testers their opinions about how they hack firms and what defensive strategies and technologies work best at stopping them. Also: Rami Sass the CEO and co-founder of this week’s sponsor, WhiteSource Software, joins us in the Security Ledger studios to talk about how a white knuckle audit of his company’s open source dependencies eight years ago prompted him to start WhiteSource, which makes a tool for managing the open source software supply chains.
In this industry perspective, Thomas Hofmann, the Vice President of Intelligence at the firm Flashpoint* warns that the effects of data breaches can often be felt months or years after the actual incident, as stolen data bubbles up in underground marketplaces. He has three pieces of advice for companies that want to develop an incident response plan that mitigates the damage of breaches in the short term and over the long term.
As Internet of Things devices proliferate, it’s more important to discover how many and what kind are on your network and figure out how to make them secure. Editor’s Note: this article first appeared on Network World. You can read the article here at Network World Insider.
In this Industry Perspective, Thomas Hofmann of the firm Flashpoint* writes that cyber threat intelligence professionals from the government don’t just bring their skills when they migrate to the private sector – they bring their jargon, also. Communicating effectively with the C-suite, however, demands making threat intelligence ready for executive consumption.