As cyber-crime evolves, attacks are complex and creative, and often tailored to the targeted industries and organizations. Therefore, to respond appropriately, one must engage in advanced threat hunting that takes the human factor in consideration.
Today, most of the cyber security community focuses on technical...
In the year ahead, cyber threats to the healthcare sector will continue to evolve from attacks primarily involving the theft of health data to assaults aimed at disrupting organizations' operations, predicts Sean Murphy, CISO of health insurer Premera Blue Cross.
All U.S. publicly traded companies should review how they internally disseminate breach information and expect to see revised cybersecurity guidance, says William Hinman, the director of corporation finance for the U.S. Securities and Exchange Commission.
Security practitioners must do a much better job of prioritizing their investments based on the most significant risks their organizations face, says Zulfikar Ramzan, chief technology officer at RSA, who offers insights on "fighting the right battle."
The former CEO of Yahoo, which has had 3 billion records exposed in a 2013 data breach, testified at a Senate hearing that it's tough for any corporation to defend against nation-state backed cyberattacks. That led senators to grill Marissa Mayer about the security steps Yahoo had taken.
Former Yahoo CEO Marissa Mayer may have envisioned spending her post-Yahoo days seeking new work or experimenting with other search engines. Instead, she gets to sit in a Senate hot seat alongside former Equifax CEO Richard Smith, defending past data breach response decisions.
To help prevent breaches caused by third parties, organizations need to improve their vendor risk evaluation methods, carefully assessing their business partners' processes and risk mitigation methods, says Anuj Tewari, CISO of HCL Technologies.
In May 2017, the Singapore Government cut direct access to the Internet from its internal systems. This is a policy that is already adopted by Korean banks, many U.S. and U.K. military establishments, as well as the Japanese government. This is to protect government-owned computer systems from potential cyber threats...
Organisations must replace their traditional, defensive security strategies with a proactive, intelligence-driven offense to prevent and disrupt sophisticated, agile threats. Next generation intelligence enables organisations to incorporate cyber threat hunting into their security strategy, and turn their defence into...
The cyber threat analysis discipline blends aspects of intelligence analysis, information security and forensic science. By using cyber threat analysis, one can detect infiltrations faster, regardless of their source. Pairing advanced platforms with a human is the most effective way to detect an...
Much of the world's critical infrastructure gets controlled by ICS or SCADA systems. But passive network traffic analysis by industrial control system security firm CyberX found vulnerable protocols, widespread Windows XP use and other concerns.
DataBreachToday Executive Editor Mathew J. Schwartz's examination of the growing threats facing the critical energy sector leads the latest edition of the ISMG Security Report. Also in this report: A discussion of safeguarding the telehealth marketplace.
The Kaspersky Lab saga raises questions about how vulnerable any anti-virus products and back-end cloud networks might be to hacking. Asked to describe exactly what security controls they offer, here's how 17 anti-virus firms answered - or have yet to answer.