The Cyber Threat Alliance is developing playbooks that will show organizations how to stop hackers from causing havoc. Alliance President Michael Daniel explains how the playbook could help to disrupt a cyber attacker's business model and processes.
While white hat hackers from India continue to shine abroad, in India, they often aren't paid. Why hasn't the nation taken advantage of their services?
Many Indian organizations are not prepared to detect a breach, readiness assessments conducted by Smokescreen Technologies show, says Raviraj Doshi, the company's CTO, who describes current detection challenges.
With the increased emphasis on detection and response, practitioners may be beginning to dilute the fundamentals of security, neglecting the need to first protect and defend, says Brijesh Datta, CISO at Reliance Jio Infocomm.
The latest ISMG Security Report leads off with a look at the growing industry of mobile spyware designed exclusively for governments, but often misused to track citizens and activists. Also, Australia's push to get allies to adopt tools to counter encryption.
Some security practitioners in India are questioning the value of the government setting up a CERT for the financial sector as well as a second Cyber Coordination Centre in Delhi to help deal with the changing cyber threat environment.
Members of Parliament in Britain have had their remote email access suspended following an apparent brute-force hack attempt aimed at exploiting weak passwords to gain access to their accounts. Officials say fewer than 90 email accounts appear to have been breached.
It's not enough to comply with government and industry regulations such as SOX, PCI, MICS, and HIPAA. Organizations must also prove their compliance to auditors on a regular basis. Even companies not bound by regulatory requirements may need to confirm their adherence to internal IT security policies.
But...
The cost of a data breach can throw businesses into turmoil and derail careers. And that cost continues to rise. The potential for significant damage is massive on servers like IBM's Power Systems servers running IBM i, because they're widely used for database management, financial data processing, and business...
Security leaders face more threats than they'd like, but with fewer security personnel than they need. Aaron Miller of Palo Alto Networks discusses the case for new automated security solutions.
The latest edition of the ISMG Security Report leads off with a look at why organizations turn to paper when critical systems can't be secured. Also, how to hack air-gapped systems over the internet.
The back story behind the ransom attack that led to the unauthorized early release of the Netflix series "Orange Is the New Black" is a cautionary tale in dealing with cyber extortionists such as The Dark Overlord.
A just-released study from IBM Security and the Ponemon Institute documents the rising costs of data breaches, but IBM's security lead Kartik Shahani in an interview discusses ways organizations can mitigate those costs, including investing in sound governance practices.
South Korean web hosting firm Nayana has agreed to pay attackers a record-shattering $1 million to unlock 153 Linux servers crypto-locked by ransomware. Security researchers say the infection was likely exacerbated by the company running ancient versions of the Linux kernel, as well as Apache and PHP.
Writing the obituary for the lifeless Neutrino exploit kit leads the latest edition of the ISMG Security Report. Also, judging the value of the Department of Health and Human Services' wall-of-shame website of healthcare sector breaches.
