Patch management problem: Organizations must identify and fix all new vulnerabilities in their software and hardware as quickly as possible. Unfortunately, on average, attackers keep exploiting flaws faster than they're being patched, says Tenable's Gavin Millard.
Businesses undertaking digital transformation - typically involving a push to the cloud, amongst other initiatives - must put security first if they want their project to achieve optimum success, says Fortinet's Patrick Grillo.
Much more must be done to shore up the U.K.'s national infrastructure. "It's partly austerity, and it's partly what's happening in the global economy, but we've really seen an underinvestment, specifically in the critical national infrastructure," says LogRhythm's Ross Brewer.
What are hot cybersecurity topics in Scotland? The "International Conference on Big Data in Cyber Security" in Edinburgh focused on everything from securing the internet of things the rise of CEO fraud to the origins of "cyber" and how to conduct digital forensic investigations on cloud servers.
Cyber security threats continue to proliferate and become more costly to businesses that suffer a data breach. When it comes to combating these growing risks, most organizations continue to place more trust in technology-based solutions than on training their employees to be more aware of the threat landscape and able...
Helping victims know their passwords have been exposed in a data breach is half the battle in the fight to improve password security. To help, Mozilla and 1Password are integrating into their products a feature from the popular "Have I Been Pwned" breach notification service.
Leading the latest edition of the ISMG Security Report: A preview of next week's Fraud and Breach Summit in Chicago, which will feature keynoter Brett Johnson, a former cybercriminal who now advises organizations on fighting crime.
Government regulation is key to minimizing the misuse of cryptocurrencies for cybercrime, says Brett Johnson, a former cybercriminal who now consults on crime prevention. But regulating cryptocurrencies is no easy task, he acknowledges. Johnson will keynote ISMG's Fraud and Breach Prevention Summit in Chicago.
Human resources software developer PageUp says it doesn't appear that personal data exposed in a malware attack was actually removed from its systems. But it has also found authentication error logs that recorded incorrect login attempts from before 2007.
The anti-Kaspersky Lab rhetoric continues to heat up, with the European Parliament passing a motion that brands the Moscow-based firm's software as being "confirmed as malicious." In response, Kaspersky Lab has halted all work with European institutions, including Europol, pending clarification.
The Department of Homeland Security has issued two more alerts about cyber vulnerabilities in certain medical devices. The stream of recent advisories is helping to draw more attention to the importance of addressing device security. But healthcare providers face the challenge of tracking and mitigating all risks.
Identity management is becoming increasingly important in this era where massive data breaches and credential harvesting are a regular occurrence. To make matters worse, mobility and cloud have increased the attack surface. Businesses that have unreasonable expectations from users on access hygiene and rely on...
Experian is transforming from a credit reporting agency to a customer-driven data services company, and at the heart of all its services lies the need for secure, user-friendly authentication at every stage of the employee and customer experience. That's no small task, and they had to start with an established...
The Cyber threat landscape has evolved leaps and bounds over the last few years. The discussion on breaches, now at the board room level, is focused on preparedness, predictive intelligence and effective incident response. Leveraging a credible source of threat intelligence is foundational-in addition to its...
File-less malware is a huge security challenge for organizations today, and traditional email security controls aren't sufficient to meet the challenge. It's time for a new approach email security.
The big issue is: The malicious payloads shift so much. It's really easy to do 100 variants of the same malicious...