Risk management is essential to the existence of every business. It requires organizations to consider which risks they can accept and which risks they can mitigate. But the problem with risk acceptance is that attackers are "actively looking for risks that you haven't mitigated that they're able to exploit," says...
The U.S. Federal Trade Commission reports that impostor scams were the #1 type of fraud reported by consumers last year, with losses to American consumers nearly $30B. UK Finance reported an increase in authorized push payment fraud last year with loss of more than £479M, and top UK bank Barclays reported a 20%...
The Southeast Asian region will see a spike in multifaceted extortion with more public breaches, along with an increase in ransomware-as-a-service operations in 2022, says Singapore-based Yihao Lim, principal intelligence adviser at Mandiant Threat Intelligence.
The latest edition of the ISMG Security Report features insight from U.S. Sen. Angus King on why the federal government needs to declare a clear response to cybercriminals in order to deter them. Also featured: Ransomware affiliates gain power and promoting diversity of thought in cybersecurity.
Organizations should take a "zero trust" approach to secure their identities, as being able to authenticate and authorize every resource access will minimize risk, says Ivan Lai, solution strategy architect - access for Asia-Pacific and Japan at CyberArk.
According to a panel of experts, protecting the Active Directory, a rich target for increasing ransomware attacks, will require organizations to audit privileged accounts and endpoints with continuous monitoring and an identity governance approach.
"There are so many basics we need to get right," says Daniel Dresner, professor of cyber security at Manchester University. In this interview, he discusses the cybersecurity practices that he recommends to make the task of securing small- to medium-sized enterprises less overwhelming.
The White House is preparing executive branch agencies to adopt "zero trust" network architectures by 2024, with CISA and the OMB overseeing the creation of technology road maps that departments must follow. This is a major component of President Biden's cybersecurity executive order.
Cryptocurrency exchange Coinbase faces potential user trust challenges after a system error led it to send out false automated security alerts to about 125,000 customers indicating their two-factor authentication settings had been changed.
Google has removed eight fake crypto-mining apps from its Play Store, but researchers at security firm Trend Micro have flagged 120 other apps on users' phones purporting to also be crypto-mining. Users paid for services the eight apps never delivered.
To help balance security and user convenience, organizations should offer centralized user access to applications, says Krishnamurthy Rajesh, head of IT and information security at ICRA, an India-based credit rating agency.
With more than 61% of breaches attributed to stolen passwords, a password manager can go a long way in helping enterprises enhance security, say Chandan Pani, CISO at Mindtree, and Lloyd Evans, identity lead, JAPAC, at LogMeIn.
Collaboration and information sharing among stakeholders - and influencing them to take a proactive approach to cybersecurity - are critical steps in fighting against cyberthreats, says Narendra Mainali, CISO of NIC Asia Bank of Nepal.
CyberArk Identity Adaptive Multi-Factor Authentication (MFA) adds an extra layer of protection before access to corporate applications is granted. Leveraging device, network, and user behavior context, CyberArk MFA intelligently assigns risk to each access event and allows you to create dynamic access policies that...