CISOs need to precisely tailor their risk management strategies to protect the specific high-value assets of their organization; a broad-brushed approach will never work, says UK-based Kelly Bissell, managing director and global lead, Accenture Security.
Apparel retailer Forever 21 says point-of-sale systems in some stores were infected by malware for up to seven months, leading to the theft of customers' payment card data. The retailer says deactivated encryption technology on some POS devices exacerbated the severity of its breach.
Ransomware has ascended, by some estimates, to a $1 billion industry. Although the FBI advises against paying ransoms, some organizations see it as the quickest way to recovery. Michael Viscuso of Carbon Black says that the larger problem is a failure to defend networks.
Launching effective user education as well as implementing the right endpoint security technologies are two essential steps to help mitigate the threat of ransomware attacks, says Ashish Sud of Sophos.
Information security truisms: 2017 was the year of more cybersecurity - more attacks, more spending, more defenses, more breaches - and 2018 will see more of everything "cyber," plus GDPR enforcement, proxy wars online and more.
As the healthcare sector implements a variety of new applications and increasingly moves to the cloud, it has a fresh opportunity to address security, says Daniel Bowden, CISO at Sentara Healthcare, who discusses best practices.
From worsening ransomware attacks to deepened concerns about external digital risk, former AT&T CISO Ed Amoroso says 2018 will be a challenging year, and security teams need to be building out their resiliency plans to prepare for what's ahead.
This episode of the ISMG Security Report is devoted to producer/host Eric Chabrow's recollection of the evolution of cybersecurity news and analysis during his nine years at Information Security Media Group. Chabrow is retiring after 45 years in journalism.
Businesses need to transform their security operations, using threat intelligence to prioritize the risks they need to address, says Vivek Chudgar, senior director at Mandiant Consulting Services, APAC.
The exponential increase in encrypted internet of things traffic over the next few years will change security dynamics because most security solutions cannot process encrypted traffic, contends Sanjay Gangadharan of A10 Networks
Simulated attacks by an information security testing firm have found that fresh WannaCry, NotPetya and EternalRocks would still rip through many an enterprise network. Here's how organizations must respond.
The U.S. Securities and Exchange Commission is planning to update its 6-year-old cybersecurity guidance for how publicly traded firms report data breaches to investors. Experts expect the refined guidance to cover insider trading program rules, breach notifications and business models.
A successful privileged access management program has many critical components, including single sign-on, password management and provisioning and maintenance of privileged identity, says Anuj Tewari of HCL Technologies.