How to Stay Up-to-Date on Security
The news is always full of stories about computer attacks sweeping the world. The only problem is that most of these stories don't contain much useful information. When you're running a computer network, you need enough details to know how to stay safe.
The information is out there, if you know where to look. Keep the right bookmarks and subscriptions, and you can get the details behind the headlines. Then you'll be well-armed against the forces of evil.
Blogs and News Sites
Specialty blogs are a great source of information. Following their feeds can let you know all about shifting trends and new kinds of attacks. It's frightening news, but you need to know it. Most of them offer multiple RSS feeds by topic, email subscriptions, and social media feeds. Pick your favorite reading style.
Dark Reading, a service of Information Week, runs several stories a day on current security topics. It provides lots of specifics on threats and responses, but you don't need a degree in computer science to understand it. Besides the blog, you can get its information through newsletters or peruse its webinar archives.
Threatpost, from Kaspersky, Lab, bills itself as "the first stop for security news." It provides serious technical detail along with the occasional news of the odd. It also presents a podcast. You can read the site in English or Russian.
Security through Education focuses on the human factor, with intriguing titles like "Children Hacking Websites." Most security incidents involve user error, so understanding how people are being tricked and manipulated is important. You can subscribe to the newsletter or listen to the podcast as well.
In 2016, Krebs on Security was hit with one of the biggest DDoS attacks in history, so you know that the bad guys take Brian Krebs seriously. He specializes in covering online criminals who are after people's money. The articles in his blog are very readable while giving ample details on how attacks work.
WeLiveSecurity provides a mix of current news and general security advice. Many of the pieces are informative as well as entertaining. You can watch a video on how to make a strong password or find out the details on the latest wave of ransomware. The "How To" section provides useful security tips from cyber risk analysis to Pokemon Go. The site includes editions in Spanish, Portuguese, and German.
Cisco's security RSS feeds are pure technical information on current security issues. Some are Cisco-specific. Others, like the Threat Outbreak Alerts and the Multivendor vulnerability alerts, are of broader interest.
If you like to get your information by voice and video, lots of security podcasts are available. Some are long and chatty, others short and to the point.
Security Now is a weekly program available in either video or audio format. You can subscribe or download individual episodes. Spyware expert Steve Gibson and Leo Laporte make security discussions entertaining and lively. Some of their advice may surprise you. (How much does antivirus software really protect you?)
Short on time? StormCast is a daily fifteen-minute audio podcast from SANS on the latest online threats. It's at a concentrated, serious technical level, so you have to listen closely to absorb it. The web page for each podcast has links to diary entries with additional information on the day's topics.
Brakeing Down Security isn't a typo. It's named for its host, Bryan Brake. The discussion can get technical, and it helps if you know something about how operating systems work. Even if some of the content goes over your head, you'll get a lot of useful advice on staying safe. It's available through a YouTube channel, SoundCloud, iTunes, or Google Play.
The CyberWire Daily Podcast This daily audio podcast covers the latest security news in twenty minutes. It's available on the web, through an RSS feed, or on iTunes. The content is lively, informative, and understandable without an advanced degree.
Unsupervised Learning "curates 3 to 5 hours of reading into a 15 to 30 minute summary." It's heavy on news, without idle chatter. It includes large numbers of short news items. You can listen to it through iTunes, Android, Overcast, or your favorite player using the RSS feed. The same information is available in newsletter form.
Have I Been Pwned? offers to check if your account or domain has been compromised. There's nothing surreptitious or magical about it; it just uses a list of public records of breaches. If it tells you "no pwnage found," that doesn't mean you're safe, but it might report breaches you were caught up in. You can enter a common name like "JohnSmith" to see what sort of information it turns up. It's less likely to turn up minor sites that have been breached but didn't get publicized.
Do you want lots of security information in your Twitter feed? Here are ten accounts you can follow or put into a custom list.
- Cisco Security: lots of updates on current threats.
- Sophos Labs: security news and tips.
- IT Security News: worldwide security news.
- Cybersecurity: security information from DHS.
- Eugene Kaspersky: CEO of Kaspersky Lab.
- Infosecurity Magazine: links to articles on infosecurity-magazine.com.
- NCSC UK: information and advice from the National Cyber Security Centre.
- Norton: news from the security software company, not just about its own products.
- Global CyberSecurity: worldwide news from the Global Cyber Security Center.
- Security Affairs: news from Pierluigi Paganini on security developments.
Finally, a business which is serious about security needs to know about the Cisco PSIRT OpenVuln API. This is a body of structured technical information about known software vulnerabilities. It's not something you read directly; you need a software tool like OpenVulnQuery to get the information that's relevant to your installation.
However you choose to get your information, you need to keep up on computer security in order to keep your systems safe. Information is available on the Internet at all technical levels and in all styles. Try a few till you find the ones that work best.