December 9, 2016
As Gordon Moore first observed, our computing power tends to double every two years. This technological progression has led to rapidly changing times, even if we don’t tend to notice the gradual, day-to-day developments. To put how far we have come into perspective, the Nokia 3310 brick came out in 2000. Just 16 years later you can almost take over the world with an iPhone. As great as these advances are, they don’t come without their drawbacks.
The latest hacks and vulnerabilities are rarely covered in the mainstream press, but there are a host of great sites where you can get quality information from. Whether you are an IT professional, a keen hobbyist or someone who gives out their mother’s maiden name when replying to strange emails, we have picked out a selection of the best cyber security blogs that can keep you up to date on the current landscape. There are options that are great for specific problems or for getting the latest news, with information for most levels of knowledge.
If you only have time to follow one security blog, it should be Dark Reading. The site features detailed information on the latest attacks and also discusses the best defenses and solutions. Dark Reading is one of the most well regarded cyber security communities, fitted out with influential thought leaders in the field. The forums are filled with intelligent analyses of the latest issues and it also offers a host of podcasts, newsletters and even live chats. The news and content covers ten key areas:
With a background in investigative reporting, Brian Krebs offers one of the most exciting looks into cyber security. As a former Washington Post reporter, he has used his journalism skills to break major stories. Some of his best coverage has included a highly advanced worm called Stuxnet (capable of infiltrating an air gapped network) and a more recent DDoS attack on his own blog, which used a botnet of IoT devices. Krebs’ casual style makes the information more accessible to readers and gives greater entertainment value than some of his denser counterparts. He first became interested in online security after a worm locked his computer in 2001 and has since become one of the most distinguished voices in the industry. Some of his most common topics include data breaches, cyber criminals and emerging threats.
Wired has long been a staple for tech enthusiasts, but their security section, Threat Level, might have flown under the radar for some. It offers cutting-edge content from some of the leading tech journalists, covering topics such as online crime, security, and privacy. It covers current events in the world of cyber security, analyzing the latest threats and offering solutions. It is a great site for everyday enthusiasts and security professionals who want to keep up with new developments. Wired’s Threat Level brings a more casual and enjoyable tone to matters that can often seem boring on other sites.
US-CERT is the website of the US Computer Emergency Readiness Team, run under the Department of Homeland Security (DHS). As an official government resource, it is a little different from the others on this list. Its aim is to help improve online security through dissemination of information about the latest threats. On its website, US-CERT says that it ‘strives for a safer, stronger internet for all Americans’. It posts details on the latest incidents and includes thorough analyses. US-CERT collaborates with other international agencies in order to manage cyber risk. It also offers vulnerability and exploit alerts to help people receive important information when timing is most critical.
Bruce Schneier is another of the biggest names in cyber security. He is a renowned cryptographer and privacy expert who has founded his own security firm, worked for IBM and also written for the Guardian. His blog covers a range of security issues and he is often quoted by the mainstream press as an expert, even being labeled a ‘security guru’ by The Economist. Schneier on Security has covered surveillance, privacy, cryptography, surveillance, the TSA, terrorism, hacking, national security policy and much more. In addition to his website, he is the author of 13 security books and the Crypto-Gram newsletter.
Malwarebytes is quite well known for their anti-malware software, but the company also has a blog that is a critical resource of the latest malware related threats. Malwarebytes Labs won the best corporate blog award at the 2016 Security Blogger Awards. It covers news, cyber crime, hacking, exploits and also offers threat analyses. The information on phishing scams is also very useful for both normal users and security professionals. The blog offers a weekly newsletter as well as a forum filled with intelligent and helpful discussions. Malwarebytes Labs is an excellent source for keeping up with the latest on malware, so it is essential reading for any security professional.
Graham Cluley is a well respected InfoSec blogger with a handful of awards to back up his reputation. This year alone he has won Best Security Video Blog (EU Security Blogger Awards), EMEA Cyber Security Educator of the Year, and Most Entertaining Security Blog (the RSA Security Blogger Awards). Graham is an independent security analyst and blogger who has been in the industry since the ’90s. His work covers the latest malware, crime and scams that readers need to keep up on. It’s a great choice for those who want a lighthearted yet informative read.
As the news-wing of Kaspersky Labs, Threatpost is known as a reliable source for security news. It covers the latest stories on privacy, vulnerabilities, cyber crime and much more. Threatpost is so well regarded that it is often quoted in mainstream media when stories snowball to higher levels. Their team is made up of talented journalists and security specialists who help keep the content informative and engaging. It offers podcasts, videos and other content that will help you stay on top of the latest developments.
Cyber threats aren’t going away any time soon and their constantly evolving nature makes them difficult to keep up with. Staying on top of these blogs is a lot of work. For some people, internet security is an interest. For others, it’s their job. For many businesses, it’s an annoyance or an afterthought. Many companies don’t have the budget, personnel or skills to effectively manage cyber risk by themselves. From risk assessments to 24/7 managed security, and operations services to training programs, we are here to help your business continue to run smoothly no matter what issues arise. Business continuity is an investment, not a cost.