It's no exaggeration to say that, in the midst of the COVID-19 pandemic, we now have the largest-ever global remote workforce. And with it comes an expanded attack surface that requires extra attention. Phil Reitinger of the Global Cyber Alliance shares five tips for securing the remote workforce.
Zero trust is not a product or a destination, but rather a journey requiring organizations to practice good security hygiene, continuous monitoring and detection, as well as rapid incident response backed by high levels of automation, says Shehzad Merchant, chief technology officer of Gigamon.
Improvements in behavioral biometrics and analytics are changing the way many financial services firms approach authentication. And more companies also are taking a "zero trust" approach to improve identity and access management, according to two security experts interviewed at RSA 2020.
Amazon's Ring is mandating the use of two-factor authentication for all users, a move designed to help stop creepy takeovers of the web-connected home security cameras. A passcode will be sent to a user's email address or by SMS.
Dell Technologies has agreed to sell its RSA security division to private equity firm Symphony Technology Group in an all cash deal worth more than $2 billion, the companies announced Tuesday. The news comes on the eve of the annual RSA Conference in San Francisco, which starts Monday.
Twitter says it has fixed an API problem that would have allowed someone to match phone numbers en masse to corresponding accounts, which could potentially unmask anonymous users. The flaw could have been found and exploited by state-sponsored actors, the social media firm warns.
Apple previously scuttled plans to add end-to-end encryption to iCloud backups, Reuters reports, noting that such a move would have complicated law enforcement investigations. But the apparent olive branch hasn't caused the U.S. government to stop vilifying strong encryption and the technology giants that provide it.
Proof-of-concept code has been released to exploit a severe Citrix vulnerability present in tens of thousands of enterprises. Citrix says it's developing permanent patches but that enterprises should use its mitigation guidance. In the meantime, attackers are hunting for vulnerable machines.
Adopting the policies in NIST 800-171 brings multiple security-related benefits, including best practices for data access policies, reduced risk of data breaches and insider threats, and a scalable approach to protecting sensitive data.
An advanced persistent threat espionage campaign with suspected ties to the Chinese government quietly targeted businesses and governments in 10 countries for two years, bypassing two-factor authentication, according to a report by Fox-IT.
To help enhance security, Firefox extension developers will be required to set up their accounts to support two-factor authentication beginning early next year, Mozilla, the open source community that supports the browser, has announced.
One of the largest fines to date for violating the EU's General Data Protection Regulation has been announced by Germany's federal privacy and data protection watchdog, the BfDI, against 1 & 1 Telecommunications, in part for inadequate authentication mechanisms. The company plans to appeal.
Twitter users no longer have to supply a phone number in order to use two-step verification for authentication. The move will better protect accounts from SIM hijacking attempts and also means users don't have to sacrifice some of their privacy to enable a security feature.
Cyber threat actors are trans-national, well-funded and highly organized, they are utilizing leading-edge technology to attack merchants and stealing data at a large scale. Join us as we walk you through our research on what happens after the attacks. We will highlight when that stolen payment card data appears on the...
The latest edition of the ISMG Security Report offers an in-depth analysis of how to prevent data exposure in the cloud. Plus: why PCI's new contactless payment standard lacks PINs, and how to go beyond the hype to accurately define "zero trust."