As the GDPR enforcement date edges closer, organizations remain unprepared to comply, says BitSight's Elizabeth Fischer - especially when it comes to vendor risk management. What - beyond contracts - do organizations need?
In the face of advanced persistent threats and attacks, it's critical for organizations to measure vulnerability to threats before applying machine learning tools, says Rohan Vibhandik, a scientist at ABB Corporate Research Center.
Leading the latest edition of the ISMG Security Report: An interview with the head of a new cyber initiative to help political campaigns and local, state and federal election officials safeguard America's electoral process. Also, analyzing the evolving characteristics of the healthcare breach.
Security vendors are known to sprinkle hyperbole among their claims. But the strategy has backfired for DirectDefense, which mistakenly cast endpoint protection vendor Carbon Black as a contributor to the "world's largest pay-for-play data exfiltration botnet."
About half of today's cyberattacks are malware-free and don't involve having to write any files to disk, says Dan Larson of Crowdstrike. These attacks get around conventional defenses, such as firewalls and antivirus programs, so they require new defenses, he says.
The Department of Homeland Security has issued an alert warning about cyber vulnerabilities in certain Siemens medical imaging products running Windows 7 that could allow hackers to "remotely execute arbitrary code." How serious are the risks?
It's a red-faced moment for FireEye. The company says an investigation reveals that an attack against an analyst's personal online accounts was enabled by the employee's continued use of compromised login credentials.
Expert speakers at ISMG's Fraud & Breach Prevention Summit in Delhi will tackle such important subjects as assessing organizational breach preparedness, early detection via effective threat hunting, leveraging machine learning to protect data and the latest breach trends.
Cybersecurity researcher Marcus Hutchins will plead not guilty in federal court to charges relating to creating and selling banking malware called Kronos. Some in the security community think the FBI may have confused legitimate research activities with criminal behavior.
Security expert Troy Hunt has released a massive data set of compromised passwords that's intended to help web services steer users away from picking those that have already been exposed in data breaches.
What are some of the critical action plan for firms post-breach? Sapan Talwar, former IT security leader at Adobe, elaborates on how organizations should collaborate with law enforcement agencies and regulators in the wake of a breach.
Mobile apps in India seeking blanket access to phone users' information have come under the lens of TRAI. Security practitioners believe the data privacy dilemma combined with shortcomings in the privacy laws are resulting in such privacy violations.
Britain's home secretary claims that "real people" don't really want unbreakable, end-to-end encryption - they just like cool features. Accordingly, she asks, why can't we just compromise and add backdoors, thus breaking crypto for everyone?