Industry Perspectives

The CNP Fraud Imperative

Whether it's online shopping, loyalty and payment apps, or newfangled voice commerce, innovation is the name of the game in 2021. Unfortunately, fraudsters got the memo. Card-Not-Present (CNP) fraud could jump 16% this year and top $130 billion by 2023. Here's how adaptive authentication can stop CNP fraud in its tracks—and turbocharge your transformation initiative.

Read more

Stop Fraud, Not Customers: 3 Reasons I Joined RSA

RSA Fraud and Risk Intelligence CMO Armen Najarian recently joined the business unit to help spearhead a new phase of investment and growth. In this blog he explains his rationale for making a move to RSA. Among his reasons are the rapid growth in payment fraud, RSA’s leadership position and history of innovation, and the culture he and CEO Reed Taussig are aiming to foster.

Read more

HAFNIUM Attacks Microsoft Exchange Users

The HAFNIUM / Microsoft Exchange attack has affected at least 30,000 U.S organizations and hundreds of thousands more around the world. Integrating threat detection and response capabilities before an attack occurs can accelerate your response, limit damage, and protect your operations.

Read more

Trending: The Value and Evolution of Zero Trust

Zero trust is more than just a buzzy term. In BetaNews, RSA CDO Dr. Zulfikar Ramzan discusses the ideas that have shaped zero trust and the ways it can deliver value for your organization.

Read more

Paying Down your Technical Security Debt

Short-term solutions can cause larger, long-term problems. See these best practices for limiting technical infosec debt.

Read more

Cybersecurity Predictions for 2021

Security, risk and anti-fraud experts from across RSA predict the emerging cybersecurity trends and challenges for 2021.

Read more

Time to give thanks and review our predictions

Even in a coronavirus-disrupted world, some predictions for 2020 were still on the mark. But where will we go from here, and how will the pandemic shape cybersecurity in 2021 and beyond?

Read more

Securing chaos: How Security Chaos Engineering tools can improve design and response

Why chaos engineering works and the best practices for implementing chaos engineering effectively.

Read more

Register for the Dec 8 RSA Evolution of Identity Summit

The RSA Evolution of Identity Summit will convene thought leaders from across the sector to discuss challenges around cloud and remote workforce security, trends such as Zero Trust, passwordless authentication, and the future of identity and access management.

Read more

Endpoints are our new perimeters

The evolution of the security perimeter.

Read more

Security Is No Longer A Binary Decision

David Strom explains why cybersecurity is evolving and why treating it as a strictly binary decision is no longer appropriate given the complexities of today's IT environments.

Read more

It Ain't What You Do (It’s The Way That You Do It)

Contributor Neira Jones explains why managing regulatory compliance can be a lot like mitigating cybersecurity risk.

Read more

Moving to The Cloud? Security Plays a Key Role

451 Research’s “Voice of the Enterprise” report examines the current state of cloud transformation based on qualitative survey data and in-depth qualitative interviews with IT leaders from a broad spectrum of organizations.

Read more

Why Authentication Still Holds the Key for Success for RSA After 40 years

Contributor David Strom reflects on the history of RSA and highlights the products he believes will play a central role in the future of business.

Read more

RSA Steps Out as the World’s Largest Security Startup

What will the future hold for an independent RSA? Paul Roberts offers a industry expert’s perspective after a discussion with Zulfikar Ramzan, PhD.

Read more

Diagnosing the Cybersecurity Challenges in Healthcare

Amid a health crisis, healthcare organizations also face a growing challenge: mitigating the risks of an expanding threat landscape. Read what one industry CISO has to say about the state of cybersecurity risk in this essential industry.

Read more

Considerations Towards Enabling A Virtual SOC Environment

In the world of remote work, the role of the security operations center (SOC) needs to evolve, and perhaps even move to a virtual environment. David Strom shares some key considerations for the CISO to review as they plan for the future.

Read more

Doubt is the Greatest Nemesis to a U.S. Election

American cybersecurity expert Ari Schwartz offers his view on the top threats that could undermine the credibility of the 2020 Elections and the democratic voting process long-term.

Read more

The Next Normal Brings Opportunities and Challenges for the CISO

As the world attempts to reopen and businesses plan for their next normal, one industry insider shares what security challenges the CISO will face and what changes are coming in the future.

Read more

Is Your Short-Term Remote Workforce Technology in for the Long-Haul?

The dynamic, distributed workforce is not a passing phase. It is here to say. Thus, it’s time to consider what is required for best-in-class security in this new reality of working from home.

Read more

Cybersecurity and the Remote Work Revolution: a 10-Point Plan

Organizations face an array of new challenges and will need to make considerable adjustments to adapt for long-term remote work. Bob Evans shares a 10-point plan to help secure the journey.

Read more

Prioritizing Privacy in an Age of Surveillance and Tracking

At a time when more data is being collected than ever before, organizations need to take proactive steps to ensure the privacy of their stakeholders.

Read more

As the World Reopens, Privacy and Workforce Risks Await

The checklist of concerns for businesses to address as they reopen amid an on-going health crisis is long. Among the many challenges, start by focusing on compliance, privacy and dynamic workforce risk.

Read more

Making the Next Digital Transition Will Require Extensive Security Planning

Consulting firms have outlined a 90-day plan for moving into the digital future. Often, these overlook critical security functions. David Strom offers three considerations for how to navigate these potential challenges.

Read more

Passwordless Authentication: Will remote work accelerate the journey?

Amid a workforce revolution, organizations must pivot to respond quickly and support distributed workforces capable of working securely. The journey to passwordless authentication will dramatically accelerate as organizations look to provide simple and secure access to resources for remote employees.

Read more

The Changing Face of Insider Threats

The traditional insider threat is evolving. Digital transformation, the chaos of our world stage and modern business environments are forcing a new view of this complex threat vector. In Part I of this series, we explore what’s changing and where things are headed.

Read more

There May Be Trouble Ahead

As the risk landscape multiplies, proactive organizations will treat cybersecurity and fraud prevention as two sides of the same coin to best inform their threat intelligence.

Read more

Do You Know Where All Your Firewalls Are?

As organizations get ready for their new normal, understanding the layout of the network is critical given the rapidly evolving needs of the business amid disruption.

Read more

Security & Risk Controls: Why You Need Them

It's time to assess the organization's security and risk controls.

Read more

The Challenge of Managing Identities in a Cloud-y IT Environment

In the era of DevOps, organizations must ensure their identity assurance strategy is ready to keep pace with the demands of cloud infrastructure.

Read more

Amid Disruption, Identity Access Takes Center Stage

With today’s business disruption, the workforce is more dynamic than ever. That’s why organizations should bet on their identity assurance strategy to help mitigate risk.

Read more

It Takes Two to Tango

Cooperation between fraud and risk departments and information security departments is essential. After all, these are two sides of the same coin: the failure to address cyber risk invariably leads to fraud.

Read more

Think Long-Term: Learning from Today’s Lessons in Business Resiliency

The definition of business continuity is changing in today’s climate. By assessing your preparedness now, you can plan for the future and enable continuity in a world of unexpected and changing disruptions.

Read more

Renaissance of the OTP hardware token

Multi-factor Authentication is just that – multi-factor. There are a number of ways to implement MFA including the use of OTP hardware tokens.

Read more

Conquering Cyberthreats as the Cloud Booms

As the cloud proliferates rapidly into every corner of an organization, it’s time to reimagine your approach to cybersecurity.

Read more

Tried and True: Past Cybersecurity Practices Still Relevant Today

As you enter this new decade, don’t overlook the industry best practices that have been valid for more than 15 years as you work to manage the digital risk challenges of tomorrow.

Read more

Change is Inevitable: Pondering the Near Future

Why do we make predictions? It’s not just cybersecurity or technology foretelling the future, either. Everyone does it, to some degree, and we all tend towards rolling our eyes at them. But predictions have a purpose – to envision the future. To make it less unknowable, less scary and enable us to take the risks necessary to create the next game changer.

Read more

Why You Need a Chief Trust Officer

To address the challenge of digital risk, organizations need to look at creating the role of a Chief Trust Officer to help them navigate the risks of digital transformation.

Read more

A Singular View of Risk: Key Bank Weighs in on Digital Transformation

Digital innovation continues to offer a flood of opportunities to traditional banking and risks that are impossible to ignore. Brian Drotleff, Director of GRC and Risk Assessments at Key Bank shares his perspective on how digital transformation is impacting his enterprise and the finance industry.

Read more

Giving Thanks & Looking Forward to 2020

As you prepare for a new year, it’s time to reflect on mistakes and learn from the past.

Read more

To Transform Your Business, You Must Transform Risk Management

The nature of risk management is changing as organizations transform digitally. At RSA® Charge, ITSPmagazine talked with RSA thought leaders, partners and customers to gain insight into the risks of digital transformation, and how to manage them. Check out their conversations in this blog.

Read more

Are You Really Cyber Aware?

Are you as prepared as you should be to manage digital risk and address new cybersecurity challenges? See what considerations you should make during National Cybersecurity Awareness Month.

Read more

Experts Weigh In: The Digital Risk Challenges of a Smart City

Driving towards Smart City innovation will disrupt the security of many countries. Industry experts weigh in on what challenges could be ahead and how to manage the potential digital risks.

Read more

Digital Transformation: New Security Challenges & Renewed Call for Governance

Despite increased investment in security, the number of large-scale breaches continues to grow. PWC's Paul O'Rourke weighs in on what organizations need to do to address the challenge of digital risk.

Read more

How many C-level execs own your security infrastructure?

C-Suite involvement in cybersecurity planning is essential, but you need to be organized and share responsibilities across departments and disciplines.

Read more

Digital Transformation: A New Line Item for Today's Business Leaders

A digitally connected business means more cybersecurity risks. As digital transformation impacts traditional business processes across all industries, RSA explores why business leaders need to be in alignment with security and risk professionals to manage the new risks.

Read more

CARIS2: Better Incident Response at Scale

Selected participants for the Coordinating Attack at Internet Scale (CARIS) 2 Internet Society workshop recently met to further its mission of making the internet work better. Focused on incident response, the CARIS2 workshop delved into changes to infrastructure and monitoring as transport encryption becomes stronger and ubiquitous.

Read more

Risk Analysis vs. Assessment: The Real Key to Understanding Our Digital Transformation

Across industries, legacy security issues persist, but investment in tech innovation also introduces new risks. See how InfoSec teams can work with business leaders to assess and analyze these risks.

Read more

Managing the Security Transformation for the Truly Distributed Enterprise

As your workforce spreads across the planet, you’ll need to support a new collection of devices, networks, apps and endpoints. Is your organization equipped to manage the digital risks associated with a dynamic workforce?

Read more

Third-Party Risk: The Soft Underbelly of Cybersecurity

Security vulnerabilities and risk brought on through third-party partners will grow as organizations undergo digital transformation. Here’s how you can begin to manage the risk.

Read more

Understanding the Trust Landscape

As the pace of digital transformation quickens, managing digital risk has become essential to maintaining trust in essential systems.

Read more

Thinking about Digital Risk? Learn from Others

While challenges in digital business operations are like well-known technology risks, there are nuances to today’s world that require a new perspective. We can certainly look to lessons learned by others to deal with emerging risks related to digital transformation.

Read more

Defending Your Future with Machine Learning

In a new report by the Security for Business Innovation Council (SBIC), leading global CISOs identify machine learning as an imperative to stay ahead of the growing volume and complexity of cybersecurity issues.

Read more

Sleepless in Security: Sensor-y Overload

A recent gas line explosion is a reminder that in an era of wireless sensors, the protocols used to communicate, and the software that manages them are potentially vulnerable to digital risk.

Read more

7 Security Trends to Watch in the New Year

In time for the New Year, David Strom shares seven things security professionals need to be thinking about and how they could impact their organization.

Read more

How Secure is Your Digital Presence?

Hacking is now big business for criminals. With the creation and availability of data exploding, it’s time to look at how we got here, and what we can do to secure our identities.

Read more

The Other Cyber Skills Gap: Educating Tomorrow’s CISOs

While the cyber skills gap discussion has focused on educating the next generation to fill critical practitioner-level roles in cyber defense, few talk about how education will play a significant role in helping the current generation to take their place in that future fight as senior security executives at the board and briefing room tables.

Read more

Experts Speak Out: Managing Digital Risk During NCSAM – and Beyond

In today’s threat landscape, risk is everywhere. See what tips and best practices top industry experts share for protecting yourself, your family and your organization from fraud or a cyberattack.

Read more

Practice Cybersecurity Every Day, Not Just October

After a year of several high-profile attacks, remember that demonstrating good cyber hygiene should be done year-round, not just during National Cybersecurity Awareness Month.

Read more

Making Risk Count: Winning Strategies from Global CISOs

A new Security for Business Innovation Council (SBIC) report explores modern approaches to risk management and measurement. Learn which factors, including the type of industry you compete in and how quickly your company is embracing digitization, may impact your risk measurement approach.

Read more

Leave the Stone Age (and Spreadsheet) Behind

People have been using spreadsheets for all sorts of applications, regardless of whether they were appropriate or not. Including using them for risk management. At the RSA Archer Summit 2018 this week, a mention of replacing spreadsheets by product manager Emily Shipman got some cheers from the audience.

Read more

New Ways to Manage Digital Risk

Read why adaptive authentication and SIEM are essential tools to better detect changes in user behavior – fundamental to digital risk management.

Read more

RSA's CTO: Bullish on Security, Bearish on Blockchain

RSA Chief Technology officer discusses the practical applications of blockchain. Find out more about the distributed ledger technology’s potential and limitations.

Read more

RSA Labs: Staying Secure Means Staying Relevant

Keeping up with, if not a step ahead, of the bad guys isn’t all that security researchers find themselves battling. Staying upright on a rapidly shifting terrain is made all the more difficult as companies embrace cloud computing, microservice architectures and mobility.

Read more

Making Sense of Tomorrow’s Cybersecurity Trends

RSA and Secureworks Chief Technology Officers, Dr. Zulfikar Ramzan and Jon Ramsey, discuss next-gen technologies and how taking a risk-based approach is critical as businesses face an evolving threat landscape.

Read more

What Are My Options? Session Encryption Protocols Looking Forward

TLSv1.3 is a game changer for some enterprises and data centers, what if I can’t switch to end-to-end and need a transition phase or alternate solution? This provides some options as well as some possibilities for design and development work *if* there is motivation from industry.

Read more

They Are Looking At WHAT? Service Provider Monitoring

At the start of an adoption curve there is much apprehension. This is true of TLSv1.3 and those managing enterprise networks and data centers. The IETF working group spent much time listening to operators and their concerns in order to better address and improve adoption.

Read more

Network Monitoring is Dead… What Now? TLS, QUIC and Beyond

Recent conference discussions revealed much about what is top-of-mind for decision makers as they look towards session encryption and when and where to adopt TLSv1.3.

Read more

"Pain and Progress" in Managing Digital Risk

Recently, RSA® commissioned the Cybersecurity and Business Risk Survey, executed by Enterprise Strategy Group (ESG), to learn more about the challenges and priorities of IT security and business risk professionals. “Pain and Progress: The RSA Cybersecurity and Business Risk Study” provides a glimpse into the minds of security and risk leaders.

Read more

What’s It Take To Be Tomorrow’s CISO?

A new Security for Business Innovation Council (SBIC) report explores both the incremental and transformational skills required for current and future CISO success. Learn which fundamental technology and security capabilities matter most and which unexpected skills CISOs will need to acquire to drive business success.

Read more

The Black Swan: Mitigating Cyber Attacks Within ICS Environments

ICSs are specialized resulting in limited industry expertise spanning ICS, IT, and security. In terms of mitigation techniques, most vendors and organizations leverage generic security methodologies resulting in a reactive approach. RSA Advanced Cyber Defense Practice offers a better framework.

Read more

Are You a Regulation Rebel or a Regulation Realist?

In a new report by the Security for Business Innovation Council (SBIC), security executives and thought leaders from Global 1000 enterprises share advice for organizations looking to minimize the burden of legislation that may impact their security postures, as well as offer three strategies to handle what’s ahead in the security landscape.

Read more

TLS Security and Data Center Monitoring: Searching for a Path Forward

Protocols are evolving to meet the demands of the future. We must continue to strengthen the security of these protocols to keep pace with the threat landscape. As such, Transport Layer Security (TLS) 1.3 has been designed to be more secure in order to prevent the interception of sessions over the Internet.

Read more

My Summer Defending the Digital Universe

In RSA’s quest to build out a deeper pool of future Defenders of the Digital Universe I had the pleasure of having Meghan O’Connor as a summer intern on my team. During her exit interview I asked her what she didn’t realize about cybersecurity and fraud prevention prior to her internship and what advice she would now give.

Read more

Cybersecurity's Poverty Gap

As we pass the halfway point of 2016, the United States Presidential election process is in full swing. Candidates continue to make the case for why their worldview is in the best interests of the nation. Perhaps no other topic polarizes the candidates and receives more prominence in this context than wealth inequality. Within cybersecurity,...

Read more

Conversations with the SBIC: How Industry Priorities Inform Security Agendas (Pt. 2)

In my previous post, I shared a few of the key priorities the security leaders that comprise the Security for Business Innovation Council (SBIC) share in common. But council members’ industries span everything from manufacturing and financial services to defense and retail. And while all security issues are on their radar, it’s only natural that...

Read more

Conversations with the SBIC: What's Top-of-Mind for Top Security Leaders? (Pt. 1)

We recently had the opportunity to discuss what’s top-of-mind for the Security for Business Innovation Council (SBIC), a group of security leaders from Global 1000 enterprises including Boeing, General Electric, Walmart, SAP and ADP. If there’s one thing SBIC members agree on it’s this: security strategies that focus solely on prevention just doesn’t work in...

Read more

Good Insight from Gartner on How to Do SIEM Right: Part 1

In a recently released report from Gartner titled, SIEM Technology, Market and Vendor Assessment, (Gartner.com client access needed to get the full report), Gartner analysts Anton Chuvakin and Augusto Barros gave their latest take on the SIEM market, as well as provided eight specific recommendations for organizations that are looking to acquire a solution.  While...

Read more

Moving from Low to High-Fidelity Security

In the 1940s and 50s home audio systems went through a high-fidelity revolution. This is the period when the music recording industry and stereo manufacturers dramatically improved the audio experience for consumers.  Technically it had to do with the improved audio capture, more sophisticated mastering (stereophonics), and dramatically improved reproduction of music, all at a...

Read more