A comprehensive IAM program requires integration with HR and legacy systems to enable multifactor authentication, SaaS, and Identity-as-a-Service to provide secure user access and a secure user experience, says Hong Kong-based Varun Kakkar, group head of cybersecurity at Tricor Group.
The FBI says it has fixed a software misconfiguration that was abused to send fake emails falsely warning of a cyberattack. As many as 100,000 hoax emails were sent in two waves early Saturday morning, originating from a legitimate FBI domain.
Zero Trust: Is it the operational model that's going to propel us into a more secure future? Or just another marketing message to be tossed onto the pile of past campaigns? In this latest Cybersecurity Leadership panel, the top minds in the sector weigh in on the present and future of Zero Trust.
In ransomware attacks, cybercriminals attack through the backups because they know that security practitioners rely on backups to save themselves after a ransomware attack. Therefore, it is essential to have multiple backups, says Tom Kellermann, head of cybersecurity strategy at VMware.
As vice president of Red Team Services at CyberArk, Shay Nahari has an up-close view of an enterprise's soft defenses. He sees adversaries attack workforce users and compromise credentials. The lines between identity and privilege are colliding. More than ever, Nahari says, context matters.
A newspaper reporter in Missouri who responsibly reported the exposure of Social Security numbers on a state government website has been accused of malicious hacking by the state's governor. The governor alleged the publication of the vulnerability after it was fixed was part of a "political vendetta."
A compromise of sensitive health information affecting nearly 38,000 individuals discovered nearly a year after a terminated company executive accessed the data spotlights some of the top security and privacy challenges covered entities and business associates face with insiders.
Organizations should take a "zero trust" approach to secure their identities, as being able to authenticate and authorize every resource access will minimize risk, says Ivan Lai, solution strategy architect - access for Asia-Pacific and Japan at CyberArk.
As organizations look to streamline the way they work, they can introduce unknown cybersecurity gaps that make them vulnerable to a ransomware attack. CyberArk's Bryan Murphy shares insight on how CISOs and CIOs can implement a strong identity security program and prevent breaches.
Microsoft has indicated it will make changes to reduce the risk around what a security vendor says is a vulnerability that lets attackers run brute-force credential attacks against Azure Active Directory. The issue was reported to Microsoft in June by SecureWorks' Counter Threat Unit.
As the risks to IT and OT converge, organizations must use "zero trust" to verify user identities and build effective monitoring capabilities to track the behavior of privileged users, say Kartik Shahani of Tenable and Rohan Vaidya of CyberArk.
Dwell time, double extortion, supply chain attacks - ransomware has changed considerably over the course of the year, and CyberArk's Andy Thompson says there is much we can learn from the attacks - both the unsuccessful and successful ones - and how they take root.
According to a panel of experts, protecting the Active Directory, a rich target for increasing ransomware attacks, will require organizations to audit privileged accounts and endpoints with continuous monitoring and an identity governance approach.
Microsoft has officially gone fully passwordless, allowing Windows users to replace their alphanumeric passwords with one of several substitute sign-in technologies to gain entry into a Microsoft product - a move received positively by industry insiders.