The process of managing software vulnerabilities inside the enterprise is complicated by the sheer number of patches that must be assessed, applied, tested and rolled out, says Wolfgang Kandek of Qualys, who offers suggestions on how to better focus those efforts.

For years now, security experts have been predicting 'the year mobile threats come of age.' Is it finally here? BioCatch's Uri Rivner discusses the recent surge in mobile threats - and what to do about them.

Many organizations take months or years to discover they've been victimized by breaches because they lack experienced cybersecurity personnel, says employment researcher David Foote. The "maturing of the workforce" will take considerable time, he says in an interview.

By nature of its name and reputation, the so-called "dark web" has acquired a unique reputation. Danny Rogers of Terbium Labs discusses some of the key myths and realities about the dark web, as well as how organizations should monitor it.

A report analyzing the development of a defense against attackers who exploit USB devices to hack into computers leads the latest edition of the ISMG Security Report.

Passwords' days are numbered as businesses attempt to deliver a better user experience to their online customers, as well as apply better identity management practices, says CA's Paul Briault.

Security spending - as a percentage of IT budgets - in recent years has been getting out of hand, says Chris Richter of Level 3 Communications, who offers suggestions for how to better keep costs under control.

In an in-depth interview, Ron Ross of the National Institute of Standards and Technology explains pending revisions of guidance on how organizations outside the U.S. government should protect sensitive federal data.

Hear ISMG editors untangle the various elements in the Shadow Brokers-Equation Group saga, evaluate a new anti-ransomware tool and reflect on the 10th anniversary of the PCI Security Standards Council in this edition of the ISMG Security Report.

Sam Lodhi, director at niche services firm IBRS, speaks about adapting biological cybernetics to help management understand information security risk better and how cybernetics can be applied to other verticals.