One of the most common questions I am asked when collaborating with customers is "…what makes a useful adversary profile?" The easy answer is any summary that allows your team to make faster and more accurate decisions when push comes to shove, but the deeper answer is more artful than scientific.  Adversary profiles are the intelligence intersection across a team’s defensive efforts and can demonstrate a distinction from teams who have made a conscious decision to transform from 'whack-a-mole' to 'know thy enemy'.

So…What makes an invaluable adversary profile? Here are a couple points you should consider when structuring an adversary blueprint.

A new report focusing on malware in the enterprise, finds that large organizations (those with more than 200 iOS or Android mobile devices) are almost guaranteed to have at least one malware-infected device.

The report, by mobile threat defense specialist Skycure finds that four percent of all mobile devices have malware installed, regardless of whether they are managed by an enterprise or an individual.

Out of 300 IT professionals attending the Infosecurity Europe conference, almost half (49 percent) believe their CEO has fallen victim to a targeted phishing attack.

The results have been published in a new paper by unified security management and crowd-sourced threat intelligence company, AlienVault.

Security professionals increasingly believe that usernames and passwords provide insufficient security, and 72 percent think they will be phased out within nine years.

This is among the findings from mobile identity company TeleSign which also shows that security professionals are increasingly turning to effective, easy to implement technologies such as behavioral biometrics and two-factor authentication to secure user accounts.

People are aware of the risks that come with using Wi-Fi, but generally believe public hotspots, like those on airports, are secure. Those are the results published in Norton’s latest Wi-Fi Risk Report 2016, which said 64 percent of UK’s adults assume public Wi-Fi is safe enough to use.

However, Norton says this couldn’t be further from the truth.

The use of encryption in global organizations is now at an all-time high, with 41 percent using it extensively today -- a seven percent rise over last year.

This is among the findings of a Global Encryption report from Thales e-Security and the Ponemon Institute which shows that businesses are taking action to guard their sensitive data.

A group of hackers from a security company in Portugal managed to hack into Uber and get their hands on a bunch of data that should remain hidden.

The team of three experts, Vitor Oliveira, Fábio Pires and Filipe Reis from Integrity, found a total of six flaws: they managed to use promotion codes, found private emails using UUID, found users’ phone numbers, created driver accounts, validated them, found where you went, who your driver was, and who you are and, ultimately, date of the trip, driver name and picture, the ID and the cost of the trip. The route map was also disclosed.

The golden rule of password security is never use the same credentials on multiple sites. The idea is if one site suffers a breach, hackers can try the now-stolen credentials on other sites. This makes sense, yet many people still do it. You know what? I don't blame them. It can be impossible to remember all of the unique passwords, and writing them down is frowned upon too. What can be done to fix this?

Enter biometrics. Rather than use a password, a user's face or fingerprint can be used. More and more smartphones, tablets, and laptops are offering biometics, but sadly, the web is lacking. Consumers are understandably frustrated, and according to a new survey, more than half of them would prefer biometrics to passwords for daily use.

An analysis of 200 second-hand hard disks and solid state drives purchased from eBay and Craigslist in the first quarter of 2016 reveals that 67 percent of them contained personally identifiable information.

In addition 11 percent held sensitive corporate data, including company emails, CRM records and spreadsheets containing sales projections and product inventories. The study comes from mobile diagnostics and secure erasure specialist Blancco Technology Group.

Just over 30 percent of IT professionals admit to sometimes ignoring security alerts because of high volumes of false positives.

This is among the findings of a new survey from Skyhigh Networks conducted along with the Cloud Security Alliance which also reveals that 20 percent of companies have more than ten security tools that generate alerts.

The world of technology relies on encryption. Everything from private messages to online payments are secured in this way -- but how does it all work? Mozilla has come up with a way to teach people about encryption, combining gaming and emoji into a useful learning tool.

Codemoji is described as "a fun way to learn about ciphers", and while you might think that it's aimed solely at children, there's something here for all ages. The idea is very simple: letters and words are translated into emoji so they can only be read by those who understand the decryption technique.

Intel is looking for a buyer for its Intel Security. Intel Security, previously called McAfee, was bought from the security firm McAfee back in 2011 for $7.7 billion (£5.75bn).

Intel rebranded the company as Intel Security, and aimed to implement its security features at chip level, giving cyber-security a whole new dimension. It seems, though, six years later, the plan had failed.

We live in a surveillance state and we all know it. We sort of knew it before the Edward Snowden revelations, but afterwards had a real sense of just how far it went. Apparently it is still, to this day, trying to reach further, and in this case it affects people who simply travel to the nation, even for simple things like vacation or business.

If US Customs and Border Control has its way, people will have to hand over their Twitter handle right in the airport. While an argument can be made for such heavy-handed tactics -- looking for Jihadist tweets, etc -- it is largely unjustified.

Researchers at endpoint protection specialist SentinelOne have uncovered a new variant of the CryptXXX ransomware family which is being spread via spam and possibly other means.

The latest version fixes previous flaws in its file encryption methods which prevents use of free decryption tools and makes it impossible to decrypt files without paying the ransom.

A virtualized hybrid cloud infrastructure comes with the assurance of better business outcomes but the rapid transformation that accompanies cloud also leaves the infrastructure vulnerable to cyber attacks. This makes risk management critical for every enterprise. Since no two enterprises work exactly the same way, a standard risk tolerance profile cannot sustain the potential risks posed by technical hurdles.

Despite a cloud service provider’s best possible efforts, security issues are inevitable. With hybrid-cloud deployments you will also need to ensure that sensitive business data remains secure between private and public cloud. This is why hybrid cloud environment strategies need to take into account the possibility of regular movement of data between private and public clouds. Here are security issues to take into account when handling hybrid cloud security: