One measure of why it's so difficult for organizations to keep their software patched and better secured: Of the nearly 20,000 unique vulnerabilities in 2,000 products cataloged last year, only half involved Microsoft, Adobe, Java, Chrome or Firefox software, says Flexera's Alejandro Lavie.
Reddit suffered a data breach in June after attackers managed to bypass its SMS-based two-factor authentication system. User data from 2007 and before was compromised. Security experts say the breach should serve as a reminder that using any two-factor authentication is better than none.
Reacting to the draft of a new data protection bill for India, which was released Friday, many security and privacy experts are saying the bill is thin on specifics and that if it's enacted into law, some of its provisions could prove challenging to implement.
With Australia's data breach reporting law now in effect, its healthcare sector has recently reported the highest number of data breaches - a finding that is sure to intensify the already intense scrutiny of the country's controversial e-health records project.
What should President Donald Trump do to prevent Russian meddling in the midterm elections? Ed Amoroso, the former CISO of AT&T, offers three bold suggestions. He'll be a featured speaker at ISMG's Security Summit in New York, to be held Aug. 14-15.
What advice does the world's first CISO have for the current generation of CISOs? Stephen Katz emphasizes, first and foremost, that cybersecurity must be treated as a business risk management issue rather than a technology issue. He'll be a featured speaker at ISMG's Security Summit in New York Aug. 14-15.
Sometimes efforts to prove a system is secure can really backfire. TRAI Chairman R.S. Sharma's attempt to demonstrate Aadhaar security by tweeting his Aadhaar number on Saturday and inviting anyone to attempt to use it to access his personal information reportedly led to data access by ethical hackers.
The fundamentals of governance, risk and compliance are sorely lacking in too many organizations that are striving to improve cybersecurity, says Malcolm Palmore, an assistant special agent at the FBI.
When it comes to the internet of things, balancing the need to protect privacy against the need for technological innovation, such as to improve healthcare, is proving challenging, says attorney Jean Marie Pechette.
In the wake of the Facebook/Cambridge Analytica scandal, India needs a strong data sovereignty policy to regulate data storage and use, says Vinit Goenka, governing council member of IT Task Force-Ministry of Railways.
The Ministry of Electronics and Information Technology late Friday released the long-awaited draft of a data protection bill, which now faces Parliamentary debate. The bill, which would require most data about Indians to be stored domestically, was drafted by a committee of experts headed by Justice B.N. Srikrishna.
The Telecom Regulatory Authority of India has recommended that the nation's telecom companies take specific steps to protect their customer's data. Those include taking a "privacy by design" approach and focusing on data minimization, collecting as little data as possible
Facebook is making substantial investments to improve its data security and privacy practices. But the long-term cost of those investments and impact on the bottom line has spooked investors, leading to a $120 billion loss in market value on Thursday, the largest one-day loss of value for a U.S. traded company.
Facebook has promised to bring machine learning to bear on the problem of hate speech and information warfare via its platform. But insiders have been urging the company to pursue a major cultural change, including prioritizing not doing anything "creepy" over the quest for short-term gain.