The Conservative U.K. government said it will propose updates to the country's main cybersecurity regulation, including a requirement for the private sector to reimburse the public sector for enforcement activities. The government downplayed concerns that it could create perverse incentives.
Is a four-month delay between learning your systems were breached and notifying affected customers acceptable? After spotting an attack in August, private utility South Staffordshire Water in England is only beginning to alert customers that they're at risk of identity theft.
The Russia-based ransomware gang behind the hack of Australia's largest private health insurer says it posted a full set of stolen data. The Australian Information Commissioner said it will probe the insurer's personal information handling practices.
U.K. businesses shy from involving police in cyber incident response for fear of regulatory consequences, lawmakers sitting on Parliament's Joint Committee on National Security Strategy heard. Allowing businesses to anonymously disclose incidents would result in more data, suggested a witness.
In the next three years, CISOs face daunting challenges, including rapidly changing threat vectors, new APT attacks and the implementation of new defensive solutions, says Anuprita Daga, chief information security officer and chief data protection officer at Yes Bank.
The United Kingdom is the newest front in the long-fought conflict over end-to-end encryption, as a slew of civil society groups urge the prime minister not to back legislation empowering regulators to force online intermediaries into providing decrypted messages.
What does the latest version of India's data protection bill mean for CISOs, and what impact does it have on security practitioners? Khushbu Jain, advocate, of the Supreme Court of India, shares some of the fine print in the draft legislation and discusses some changes that CISOs may need to make.
Software life cycle management has always been part of the development team, but organizations are now looking to extend the process beyond the development team to manage the entire supply chain, says Nahas Mohammed, regional sales director at GitHub India.
DevSecOps is about security enablement at every stage within the organization - the people, process and technology. To begin the DevSecOps journey, organizations should enable and empower technology teams to think about secure design first, says GitHub's Hatim Matiwala.
Microsoft says vulnerabilities in outdated web servers are likely responsible for a cyberattack last month against Indian energy giant Tata Power. Attackers targeted Boa servers, which were discontinued in 2005, to potentially compromise Tata and other critical infrastructure organizations around the world.
Bad actors, both external and internal, can steal and manipulate data during file transfer, as most firms don't have end-to-end encryption in place. Raghunandan Kaushik, regional sales director for India and SAARC at Fortra, discusses security blind spots and best practices to address these gaps.
The nefarious LockBit 3.0 cybercriminal group is claiming responsibility for the ransomware attack that halted municipal services and shut down employee email accounts in Westmount, Quebec, giving the city a deadline of Dec. 4 to make an undisclosed ransom payment.
An Australian nonprofit children's charity warned about 80,000 donors of the compromise of their credit card and personal information resulting from a recent hacking incident. The Smith Family says the hacker failed to steal any charity funds but did manage to access donor data.
Why is credential stuffing hard to solve? Are weak passwords the only reason behind credential stuffing attacks? Experts Sanjay Singh, head of DevSecOps at Games24x7, and Navaneethan M., CISO at Groww, explain how geo-based authentication, user behavior analytics and monitoring can detect breaches.
As the banking sector undergoes digital transformation, the future of banking requires both securing transactions and building cyber resiliency through consistent cyber drills and creating a private network for secure financial transaction, says professor D. Janakiram, director of IDRBT.