Securing the Digital World

Verifiable Credentials: The Key to Trust on the Next Web

RSA uses verifiable credentials to deliver trust on the new web.

Read more

4 Ways to Build Cybersecurity Resilience

U.S. Secretary of Homeland Security Alejandro N. Mayorkas outlined his cybersecurity priorities in a special RSA Conference webinar. See some of the key highlights and takeaways that can help us all build cybersecurity resilience.

Read more

Three Steps for Reducing External Brand Threats

Cybercriminals have increased digital brand attacks to commit fraud because an organization's brand falls outside the network perimeter that security teams traditionally monitor. They also know consumers have increasingly shifted their activity online, and many organizations lack the visibility and human resources to monitor these surging external channels for threats.

Read more

Securing eCommerce During the Holiday Season and Beyond

The coronavirus pandemic has led to a surge in eCommerce shopping, and cybercriminals are taking advantage this holiday season. Use these eCommerce best practices to protect eCommerce, fight fraud, and ensure a better customer experience.

Read more

QR Code Usage and Fraud on the Rise

Cybercriminals will always look for new ways to make money by manipulating the unfamiliarity of new services, technology and processes. Many organizations have introduced QR codes as a convenient and contactless technology, but have not educated users on how to properly use QRs or spot a fraudulent one.

Read more

Managing Risk Amid Spike in Ransomware Attacks on Critical Infrastructure

Although ransomware attacks have steadily increased over recent years, growing attacks on infrastructure have been speculated since early in the current global pandemic. Threat actors’ focus on healthcare, while particularly insidious in the midst of spiking COVID-19 cases in Europe and the Americas, follows a logical path of least-resistance.

Read more

Four ways to provide better, faster, and safer digital healthcare

Healthcare is transforming digitally - resulting in many benefits but also creating risk for providers and patients. Risk and security concerns can be managed but it takes a concerted effort and a coordinated approach. Learn about four key concepts in managing risk and security during times of evolving virtual healthcare.

Read more

How the pandemic is changing cybercrime

The coronavirus pandemic is changing and accelerating digital transformation. See how we’re adapting our online lives – and how cybercriminals are using new channels, tools, and schemes to exploit this disruption.

Read more

Cybercrime is Everywhere: Keeping Track of Today’s Trends

Learn about the growing cybercrime trends, how to identify them and how to avoid falling victim.

Read more

Tabletop Exercises Build Resilience and Confidence for Future Elections

The goal of a tabletop exercise is to examine and advance the organizational responsiveness of various business risks. Learn how one recent exercise tested the resilience of the U.S. democratic election process.

Read more

Is Cybersecurity Training on your Back-to-School List?

Virtual learning is an experience many teachers, parents and students have never previously planned for, and it’s creating cybersecurity risks. Acceleration of online education should be viewed as a fantastic opportunity to proactively address cybersecurity awareness.

Read more

Five Ways Operational Resiliency Drives Opportunity

Some organizations are not only able to survive a barrage of cyberattacks, natural disasters and outbreaks of illness alongside everyday business challenges, but they thrive. Read about five areas that can help turn your organization’s resilience into a great offense.

Read more

Financial Accountability Regime Holds Executives' Feet to the Fire

The proposed regulation seeks to hold financial services executives accountable for a wide range of misconduct at their companies through stiff fines and penalties.

Read more

How to Avoid Money Scams While Holidaying at Home

At a time when more people are remote and using digital tools, be aware of these common payment scams and learn what steps to take to avoid falling victim.

Read more

While in Lock Down, Here’s What Fraudsters Did in Q1 2020

Learn what fraud trends RSA monitored in Q1 2020.

Read more

Risk Manager: The Top Career of the Future?

In a time of change, risks will follow. As organizations look to navigate their next normal, expect the demand for risk management professionals to expand greatly in the months and years ahead.

Read more

Healthcare in the Age of Ransomware

Ransomware attacks against healthcare providers increased 350% during the last quarter of 2019, and the rapid pace of attacks continued into 2020. Healthcare is one of most exposed industries to ransomware today, and it's time for proactive action.

Read more

Compliance in a Time of Disruption

On June 1, 2020, the U.S. Justice Department updated the “Principles of Federal Prosecution of Business Organizations,” which includes considerations for evaluating the adequacy and effectiveness of an organization’s compliance program. This blog post discusses the impact of the global health crisis on compliance programs, and the factors to consider in the future to align compliance programs with these principles.

Read more

Voice to Tweet Fuels New Fears for Deep Fakes and Cybercrime

With the introduction of voice to Tweet, consumers get a powerful new tool. As with innovation, there is risk. Learn how voice can be exploited across many domains if it falls into the wrong hands.

Read more

Preparing for the Risk Challenges of an Uncertain Tomorrow

Here are four risks organizations will likely face in the new normal.

Read more

Lay the Foundations of Digital Risk Management

Digital transformation has blurred the boundary between cybersecurity and risk management. As companies’ security and risk functions break down silos to deal with today’s challenges, an integrated approach should emerge to deal with tomorrow’s emerging risks. Digital Risk Management must bring IT, Security and Risk teams together in a unified approach and address fundamental areas of digital risk.

Read more

Fraudsters Exploit Benefits Programs in New Round of Global Attacks

Cybercriminals are exploiting benefits insurance programs when people are undergoing a historically vulnerable moment.

Read more

Digital Transformation: Innovation Amid Disruption

Companies pursue digital initiatives to improve customer experiences, deliver new products and services and optimize operations, reduce costs and improve margins. Today’s disruption has accelerated the need for digital transformation to meet unprecedented business challenges.

Read more

Who is Responsible for Securing Telemedicine?

There are areas of our lives and society that might not go back to exactly the way they were before the pandemic. Those could include working from home versus in an office. Retail will likely begin to transform digitally in ways not seen before. Corporate travel might decrease as more people work from home. I’m not sure how I feel about those changes, but one area I have embraced is telehealth or telemedicine.

Read more

Securing the New Digital Reality

The current disruption is paving the way for a more digitally-enabled future. Learn what steps organizations should take to prepare their security and risk management strategies for this new reality.

Read more

The Future of Preventing Digital Fraud and Improving the Customer Experience

Organizations should prepare for a new normal that includes greater proliferation of digital channels and more digital fraud risk. See what steps a business should take now to mitigate future challenges.

Read more

Helping you Adapt to the New Normal: RSA’s Commitment to Meet this Moment

A note from RSA Chief Marketing Officer - Across every sector, every enterprise size, and every region, RSA continues our commitment to helping customers and communities manage and adapt to these challenges and we are stepping up across all fronts to meet the moment as we all transition to a new normal.

Read more

In Times of Disruption, Don’t Forget Your Third Parties

In a time of disruption, monitoring and checking in with your third-party ecosystem is more important than ever. Prepare today to avoid business disruptions triggered by an external partner.

Read more

How to Integrate Security into the DevOp Process

Oil and water. That’s often how DevOps and Security teams are described. It’s no wonder the two working together to create secure software faster isn’t yet the norm. But it can be. It should be. It just takes a culture shift left.

Read more

Tips for Applying the Known in a Time of Uncertainty

While the future is unclear, turn to the certainties to help your business navigate today's disruption.

Read more

The Impact of Digital Transformation in a Healthcare Crisis

During an extraordinarily challenging time for hospitals, clinics and other providers of care, it’s important to be aware of the importance of digital technology in healthcare – and the importance of managing the risk digital transformation can create.

Read more

Managing Risk in Times of Disruptions

Disruption isn’t a new concept for security and risk leaders. Minimizing the impact of disruptions is a big part of the job. But most organizations are experiencing a whole new level of disruption lately, with unprecedented speed and magnitude of impact. The speed of change alone has many security and risk leaders’ heads on a swivel.

Read more

Pandemic Fuels Cybercrime: 8 Scams to Watch For

From phishing, to account takeovers, social media attacks and more – fraudsters are leveraging the global pandemic to prey on public’s fears. Here’s what consumers need to know.

Read more

Managing Business Disruption in the Digital World

Digital transformation means more technology and a more agile workforce to get more done in challenging times. But it also means more risk of disruption—and better ways to manage that risk.

Read more

Cyber Resiliency Begins at Home

As organizations send employees home, so too do educational institutions. With everyone relying on the home network as never before, it is important to take time securing it – and your family.

Read more

82 Percent of Organizations Still Use Spreadsheets to Manage Third Parties

A main tenet of managing vendor risk is knowing your third parties. A recent study by Forrester Research reported that four out of five organizations still use spreadsheets to inventory, assess, and manage third-party relationships. Find out where organizations miss the mark on third-party risk management and what they can do improve the practice.

Read more

Resilient in Times of Disruption

Business disruptions include cyberattacks, natural disasters and outbreaks of illness and they can affect any organization – sometimes globally, creating widespread impacts. These disruptive events spotlight critical risks we should all think about. Read on to learn about these risks and how to better manage them.

Read more

Behind the Crime: New Phishing Attack Launched Every Two Minutes

If the business of cybercrime was a stock, investors would be scrambling to buy it. Fraud is growing at unprecedented rates brought on by data breaches, the increase in digital services, and the fact that automation has vastly improved the ease and scale at which cybercriminals can launch attacks. Learn which global fraud trends had the most impact on businesses in 2019 and what will propel cybercrime in 2020.

Read more

8 Digital Risks Your Board Will Ask About This Year

Cyber risk accountability is moving up the org chart and into the boardroom. Executive and board oversight of operational risk increasingly includes cybersecurity, and investors are demanding companies demonstrate the business impact of digital risk. Know the questions your board will be asking about digital risk and get prepared to answer.

Read more

Reality Check: The Story of Cybersecurity

It’s our stories that make us human. We love a memorable narrative and often exaggerate characters and fudge reality to fit the narrative. The cybersecurity industry has an incomplete and overly simplified view of the characters in our story: the human element. It’s time to review the facts and set the story straight.

Read more

Credential Stuffing Breeds Fraud on a Grand Scale

Digital transformation enables organizations of all kinds and sizes to succeed on a larger scale than ever. Unfortunately, it does the same for fraudsters. Here’s what you need to know about the recent explosion in automated credential stuffing attacks and how to protect your organization and customers.

Read more

Small Business and the Struggle with Cyber

Small businesses often see cybersecurity as expensive and unobtainable, the domain of the large enterprise. While cybersecurity measures are essential for all, small businesses actually have significant advantages over the enterprise and can absolutely play with the big boys, even in sensitive spaces.

Read more

The IoT of Life: When Digital Transformation Becomes Personal

Smart medical devices and wearable technologies are revolutionizing the healthcare industry and having a positive impact on the patients who use and rely on them. As with any ground-breaking technology, there is the unintended risk of cyber attacks targeting protected health information (PHI), or even worse, interrupting healthcare delivery.

Read more

How to Trust Your Service Provider

Service providers differ from suppliers, or those historically viewed as “third party”. The differences are often subtle and hard to describe, but they bring with them very different challenges and risks to your ecosystem. It’s critical to recognize this fact and to have a plan for securely integrating them into your business processes.

Read more

The Impact of Digital Transformation in the Public Sector

Today’s government organizations continue to modernize how they deliver services to constituents and deliver mission outcomes with technology. But as digital transformation increasingly defines the work of government today, risk management teams must rethink how to address a much larger risk surface with an increased scale and complexity.

Read more

The Impact of Digital Transformation in Manufacturing

In the wake of a massive digital transformation revolution, the manufacturing industry is facing its biggest innovation disruption in modern times. In our blog series, “The Impact of Digital Transformation,” we explore how the manufacturing industry is addressing a larger and more complex risk environment as a result.

Read more

Welcome to Digiville

Digital transformation creates a new landscape for across the globe. While organizations go through major shifts fueled by technology, understanding the lay of the land is helpful to appreciate the breadth of challenges in managing risk and security. Digiville represents the different districts critical in managing risk in the digital world.

Read more

The Impact of Digital Transformation in Financial Services

Digital transformation has opened a multitude of new choices, channels and conveniences for consumers. However, the speed and pace of innovation has also introduced new risks. In our blog series, “The Impact of Digital Transformation,” we explore how the banking industry is addressing a larger and more complex risk environment as a result.

Read more

The Impact of Digital Transformation in Energy

Many factors push the energy industry to make significant investments in protecting what is widely recognized as a basic human need. In our blog series, “The Impact of Digital Transformation,” we explore how the energy industry is addressing a larger and more complex risk environment as a result.

Read more

The East India Company, Rockefeller and Risk

Digital initiatives are changing how companies operate today and how they dream about tomorrow. The risks that are pursued and the opportunities that are uncovered rely on quantifying digital risk effectively. This includes understanding loss exposure in financial terms and the ROI and business case of the positive results as factors in a risk assessment.

Read more

The Impact of Digital Transformation in Healthcare

Many factors are pushing the healthcare industry to make significant investments in digital transformation. In our blog series, “The Impact of Digital Transformation,” we explore how the industry is addressing a larger and more complex risk environment as a result.

Read more

Digital Risk: Don’t Believe the Myths Misconceptions

Today’s organizations face a new litany of risks related to digital business. Defining ‘digital risk’ too narrowly leads to myths and misconceptions that may not truly reveal the impact of digital transformation to operational and strategic risk.

Read more

Ramnit Malware Makes a Return with New Tricks

The developers of the Ramnit Trojan have continued to evolve its capabilities for nearly a decade. It has returned again with changes in functionality, targets and methods of distribution. Yet, Ramnit isn’t the only malware to evolve and adapt to exploit current trends.

Read more

Compliance and Digital Transformation: Imperatives to Modernize

Compliance is more than abiding by laws and regulations. It is also about establishing policies and procedures to execute strategies and achieve objectives and fulfilling contractual obligations of customers and third parties. Digital Transformation can introduce new and different compliance obligations, and increase the time and costs dealing with it. Organizations need to look at compliance through the lens of risk management and apply appropriate procedures and digital technologies to manage compliance risk in the most efficient and effective means possible.

Read more

A View into the Challenge of Digital Risk

Today’s digital world is driving a shift in perceptions and practices in managing risk and security. The 2019 RSA® Digital Risk Report provides insights into the current state of digital risk, considerations for board discussions and industry perspectives.

Read more

Do You Know How Third Parties Really Impact Your Business Objectives?

You may think you know how third parties affect your organization’s risk profile. But there may be a lot you don’t know—like whether their third parties are adding to your risk, or whether they’re putting you at risk for cyber threats you may not even know about until it’s too late.

Read more

The New Why of Cybersecurity

We talk a lot about the what and how of cybersecurity. “What we can do to leverage modern technologies?” “How can we ensure that the future is, indeed, better?” Several hundred billion dollars and a few decades in it is time to rethink the why.

Read more

Starting the Conversation Between Security and Risk Management

There’s more to responding to a cyber incident than just stopping the attack. Getting business, risk management and security leaders to collaborate to minimize the risk and business impact of the eventual attack is key—and it all starts with a conversation.

Read more

Going Horizontal and Vertical in Managing Digital Risk

In a highly volatile digital world, strategically aligning different risk management functions results in a much stronger capacity to manage risk – and more importantly, help your business innovate and leverage technology.

Read more

Social Media and the Digital Transformation of Cybercrime

Cybercriminals are increasingly connecting with each other on social media, according to a recent NBC News report. But it’s not news to RSA researchers who have been monitoring, tracking and reporting on the growth of social media-related cybercrime for years.

Read more

Loyalty Points Fraud: Why Reward Programs are a Growing Target

You have worked hard to build reward points across the many companies you do business with. Perhaps you have been building up travel points for a family vacation or hotel rewards for a romantic weekend getaway. Unlike your bank or credit card, you are probably not checking the balance on your customer loyalty accounts, and fraudsters could be stealing reward points without you even knowing it. Here's everything you need to know about why it's happening, how they're doing it, and what consumers and businesses can do to avoid being defrauded.

Read more

Digital Transformation, Opportunity and Risk: How Will You Manage?

There’s a lot to like about digital transformation and the opportunity it creates, but there’s also a lot to lose, if you don’t manage the risk it brings. Today, digital risk extends to every part of the organization, and you need a well-constructed risk framework to manage it. Here’s what you should know—and do—if you want to come out ahead.

Read more

Anatomy of an Attack: CARBANAK

Throughout 2017, RSA Incident Response has observed new TTPs associated with the CARBANAK threat actor group. These TTPs show an increase in situational awareness, organization, and attacker forensic discipline. Discover these new TTPs in detail and the methods used by RSA Incident Response to effectively neutralize them.

Read more

3D Secure 2.0: An Outlook on Merchant Adoption

3-D Secure 2.0 promises to eliminate many of the customer experience issues that plagued early implementations and deliver better fraud detection through rich data collection. But are merchants ready for adoption?

Read more

Five Mobile Apps in Every Cybercriminal’s Toolbox

Cybercrime is no longer only reserved for the deep dark corners of the Internet. Cybercriminals have moved their activity into the mainstream by leveraging legitimate services and platforms to conduct their fraudulent business. Here are the top five mobile apps that can be found in every cybercriminal’s arsenal of digital weapons.

Read more

The 5 P’s for Incident Response

What does Punching, Practicing and People have to do with Incident Response?

Read more

Hypothesis in Threat Hunting

Today’s threat landscape requires organizations to operate more proactively to keep up with advanced and persistent threats. There is no doubt that the practice of threat hunting has emerged as a key capability to detect stealthy threat actors trying to gain access to the organizational IT infrastructure by evading traditional security measures. Hunting aims to...

Read more

How Ransomware uses TMP files and the Temp folder

In my previous blog, Why Malware Installers Use TMP files and the Temp folder, I discussed the advantages malware can have by using atomic writes instead of simply copying the malware to the intended location. In this blog, I discuss how ransomware uses the same technique for its purpose and how it is different from...

Read more

The Fiesta Exploit Kit - Not So Festive After All

Exploit kits (EK) are a very popular with attackers to compromise a target system. The ease of use and its success rate compared to other infection vectors are among the reasons attackers are attracted to using these kits. In recent years, exploit kits were used to deliver ransomware, the most famous of which was the...

Read more

Why Malware Installers Use TMP files and The Temp folder when infecting Windows

Ever wonder why there are too many TMP files detected on an infected system? Even if they have different names, the file are exact copies of one another, why? The first thing a malware installer (first stage of infection) does when executed on a target system – be it a dropper or downloader – is...

Read more

Revisiting the SOC Structure

Building and maintaining skill sets and expertise in a SOC is a difficult task – and many security leaders face this challenge. They are not able to retain best of the talent for long term. There are too many tools for them to invest in,,, too many alerts that pop up when the tools are...

Read more

The Realm of Threat Intelligence - Attack Scenarios and Use Cases

The three previous blogs in this series have covered Packet Analysis, Log Analysis and Threat Intelligence; this final article aims to bring all of this information into one cohesive solution for any SOC or Cyber Defence organisation. For further reading on this subject please see our presentation at last year’s RSA Conference in Abu Dhabi...

Read more

Major Events and Hacktivism #OpOlympicHacking

Introduction As anyone who tracks attacks on the internet can tell you, Activists using hacking activity, aka “Hacktivists”, have discovered that a relatively basic hacking approach, with buy-in from disenfranchised groups of people, can have significant effects on online businesses. With names like #OpISIS, #OpParis, #OpMonsanto, #OpWhales, #OpKillingBay, #OpKKK, and #OpTrump, you can easily see...

Read more

Two-Factor Authentication Is a Must for Mobile

For the past few decades, two-factor authentication has been used by businesses to enforce entitlements to access sensitive corporate applications and data. It provides an extra layer of security beyond username-and-password authentication mechanisms, which are notoriously insecure and burdensome for users to remember. Now, as the use of mobile devices in the workplace increases, this...

Read more

The Role of Tor in Cybercrime

Tor is used by anyone who wants to remain anonymous on the Internet.  The price of anonymity is performance and an increased risk of malicious content. And while Tor can be used to conduct both legal and illegal activities, the predominant use cases are not good.

Read more

Incident Response: Implement a Communications Plan

How to develop an effective communications plan

Read more