We are amidst a new "machine identity crisis," says Jeff Hudson, CEO of Venafi. And unless we tackle this growing challenge of how to secure machine-to-machine communication, then enterprise IT and security departments are likely to be overwhelmed.
This edition of the ISMG Security Report takes a look at how ready healthcare organizations are for GDPR compliance. Also featured: comments from Alberto Yepez of Trident Capital on the 2018 outlook for information security companies and a summary of the latest financial fraud trends.
The browser is the window to the web. But what's going in the background during that browsing is opaque to most users. A new experiment shows how the computing power of tens of thousands of computers could be unknowingly harnessed to crack passwords, harvest cryptocurrencies or conduct DDoS attacks.
Fresh research into mobile apps designed to control ICS systems from afar has unearthed unnerving findings. More than 20 percent of mobile ICS apps have issues that could allow an attacker to influence an industrial system.
An analysis of FBI Director Christopher Wray's comments about how encryption poses complications for law enforcement officials leads the latest edition of the ISMG Security Report. Also featured: The former CISO of the state of Michigan sizes up cybersecurity forecasts.
Following the alert over Meltdown and Spectre vulnerabilities, the U.K. Information Commissioner's Office is warning that failures to patch today could be punished with fines under GDPR once enforcement of the data protection law begins later this year.
As the healthcare sector implements a variety of new applications and increasingly moves to the cloud, it has a fresh opportunity to address security, says Daniel Bowden, CISO at Sentara Healthcare, who discusses best practices.
In the Face of Advanced Threats, is Your Organization's Security Posture Reactive or Proactive?
Today's most advanced threat actors - whether external or internal - are stealthier than ever and able to hide within one's systems for days, weeks or even months as they gather intel and prepare to strike. Sixty-one...
What security strategies do financial organizations need to consider in the new PSD2 landscape? PSD2 outlines security requirements in three key areas.
Download this whitepaper and learn how to:
Secure customer interactions with third-party providers and banks;
Secure API transactions and account...
How can a financial institution spot a true customer from an impostor in the digital world? Cybercriminals leave footprints for fraud experts that are markedly different than true customers.
Download this whitepaper and learn about fraud clues such as:
The use of a pre-paid SIM card;
Automated or industrial...
Ransomware infections can be devastating, and recovery efforts threaten to financially cripple your organization. Prevention is the most effective defense.
Download this whitepaper and learn 14 ransomware defense best practices including how to:
Implement an awareness and training program;
Enable strong spam...
With threat actors increasingly moving to circumvent anti-malware systems by compromising legitimate on-device tools, there is a growing need to address malware, file-less attacks, and in-memory attacks on endpoints.
Download this whitepaper and learn:
How to use risk-mitigation techniques in order to limit the...
There are several fraud vectors by which open banking can be exploited by fraudsters. Cybercriminals are now experts at exploiting these technologies and processes meant to benefit financial institutions and their clients.
Download this whitepaper and learn how banks are vulnerable to fraud when:
Recent versions of Windows have a security problem: They're not random enough, CERT/CC warns. The problem centers on certain uses of ASLR, which is designed to block return-oriented programming techniques and code reuse attacks.
Businesses need to find more ways of incentivizing good researchers to find flaws in technology before bad actors discover them, says Rafael Narezzi, CIO of financial services firm TS Lombard. For every bug hunter with good intentions, how many more are developing weaponized exploits for sale on darknet markets?