Hackers behind the mega-breach at Equifax stole data in May, but they - or other attackers - penetrated the credit bureau's systems in March, exploiting a vulnerability for which Apache Struts had issued a patch, just four days prior.
A federal judge Tuesday dismissed three of six counts in a complaint filed by the U.S. Federal Trade Commission against IoT manufacturer D-Link that alleges its sloppy security practices deceived consumers. The FTC has until Oct. 20 to amend the complaint.
Because a growing number of organizations in India are being hit by cyberattacks, the case for buying cyber insurance appears to be stronger than ever. Nevertheless, security experts say only a handful of the largest companies have made the investment in this insurance so far. Why is that the case?
When creating a security action plan, not enough organizations include provisions for communicating with the police, says Kenrick Bagnall, a detective constable in the cybercrime unit of the Toronto Police Service.
Craig Gibson of Trend Micro has spent more than a decade researching the topic of security orchestration. He offers tactical advice for how organizations can best deploy their human resources to best maximize security across the enterprise.
In North America, many organizations mistakenly believe the European Union's General Data Protection Regulation won't impact them, says Robert Mills of the Information Security Forum. "If they are multinational and holding EU data, it does apply to them," he points out.
Most organizations are good at collecting threat intelligence, but they struggle to operationalize it - and especially to use it for threat attribution. Arbor Network's Paul Bowen tells where organizations are commonly missing the mark.
Oil & Natural Gas Corp. is augmenting its ISOC to serve its enterprise wide network, SCADA and business systems to enable detection of threats in real time, says A.S. Rao, CISO. "We have gone in for a hybrid model to build required skills to completely operationalize the ISoC," he says
Given the current threat environment, it's urgent that organizations add technical experts to their boards of directors to help ensure the development of effective cybersecurity strategies, says Art Coviello, retired chairman of RSA.
Securing a hybrid environment comes with inherent complexities - but there also are some misconceptions about security, says Tony Goulding of Centrify. He dispels the myths and sheds light on the new realities.
Mobile malware threats are surging in India. For example, about 40 percent of all the attacks involving Xafecopy malware were targeted at the nation. The increasing attacks on mobile phones have called attention to the need to boost awareness of mobile security and take critical mitigation steps.
Canada led North America in EMV adoption, and now it is seeing a commensurate growth in card-not-present fraud. Gord Jamieson of Visa Canada describes how Visa is responding to this latest wave of CNP fraud.
Many recent data breaches, including the Equifax incident, show that "applications are really the vulnerable entry point into organizations and ultimately to organizations' data," says Alex Mosher of CA Technologies.
What advice does the new CISO of fast-food giant McDonald's, who has served as CISO at two other major corporations, have for how to communicate with the board of directors? Tim Youngblood offers insights in this exclusive interview.
In the latest edition of the ISMG Security Report: a look at the former Equifax chief information security officer and whether her lack of academic credentials in IT or IT security is relevant to the massive breach at the credit reporting agency.