Security practitioners need to know what data their organization has and where it is kept so they can ensure it's protected. That inventory process that can be simplified by creating an information asset register, says Bilal Ghafoor, a data protection consultant.
As more organizations rely more heavily on cloud-based applications as a result of a remote workforce, they must avoid taking identity and access management shortcuts, says James Gosnold of the cloud consultancy CloudKubed, who calls for the addition of another layer of authentication.
Healthcare organizations need to diligently assess whether a security incident involving patient information truly qualifies as a reportable breach under HIPAA to avoid needlessly reporting it to federal regulators, says regulatory attorney Helen Oscislawski.
After business, as usual, has been disrupted, the path to stability is a challenging one to negotiate. The steps, timing, and impacts inevitably will vary. Regardless of your organization's state of readiness, it is critical to exercise sound risk management and follow best practices for business resiliency....
You want to enable your global workforce to work from anywhere on any device, with the digital access needed. But, you must constantly guard against a sophisticated range of possible cyber attacks including identity-based and pervasive unknown threats. Addressing such threats requires understanding the financial,...
Two years after it was last seen in February 2018, ZLoader banking malware has resurfaced, with cybercriminals wielding a new version that gets distributed via email campaigns, security firm Proofpoint warns.
Britain's privacy watchdog reports it received 19% fewer data breach notifications in the first quarter than in the same period last year. While the decline may be attributed to more organizations better understanding when to report breaches, other countries have seen an increase in breach reports.
As ransomware gangs attempt to boost their illicit profits, the RagnarLocker ransomware gang has brought a new tactic to bear: installing a full virtual machine on victims' systems to hide their crypto-locking malware while it forcibly encrypts files, security firm Sophos warns.
Microsoft is warning Windows users about an ongoing "massive" COVID-19-themed phishing campaign that is attempting to install the NetSupport Manager on devices. Attackers can turn NetSupport into a remote access Trojan, or RAT.
The latest edition of the ISMG Security Report features Retired General Keith Alexander, former NSA director, discussing the long-term security implications of the shift to working from home. Also: an update on ransomware gangs leaking data and an analysis of using open source code for app development.
Apple and Google have released new APIs designed to support contact-tracing apps being developed by governments to help combat the COVID-19 pandemic. Already at least three U.S. states and 22 countries have expressed interest in using the APIs to build their apps.
A recent ransomware attack that targeted a law firm that serves celebrities may have been facilitated by a Pulse Secure VPN server that was not properly patched and mitigated against a well-known vulnerability, some security experts say.
The ransomware threat has scaled up to
match the new remote workforce. But have
backup policies and incident recovery
procedures improved to keep pace?
Download this eBook to learn more about:
Ransomware recovery challenges;
Securing a remote file-sharing environment;
Business continuity successes in crisis...