The identity and access management strategy for the remote workforce should ensure contextual authentication to establish the credentials of the users, apply risk-based authentication for measuring user risk profiles, and establish a multifactor authentication mechanism, a panel of experts says.
As a result of the COVID-19 pandemic, work-from-home employees have rushed to adopt videoconferencing tools. But Kroll's Alan Brill warns that sound security and privacy practices - backed by legal, risk management and HR teams - too often lag. Here are his top concerns and tips on how to address them.
Ransomware, wire transfer fraud, destructive attacks: In recent months, the financial sector has seen these and other online attacks surge by 238% as criminals continue to exploit the pandemic, warns Tom Kellermann of VMware Carbon Black, who shares findings from his firm's third "Modern Bank Heists" report.
Turla, a sophisticated hacking group with suspected ties to the Russian government, recently used a revamped version of its malware to target government entities in Eastern Europe, according to new research from the security firm ESET.
Security practitioners need to know what data their organization has and where it is kept so they can ensure it's protected. That inventory process that can be simplified by creating an information asset register, says Bilal Ghafoor, a data protection consultant.
As more organizations rely more heavily on cloud-based applications as a result of a remote workforce, they must avoid taking identity and access management shortcuts, says James Gosnold of the cloud consultancy CloudKubed, who calls for the addition of another layer of authentication.
Healthcare organizations need to diligently assess whether a security incident involving patient information truly qualifies as a reportable breach under HIPAA to avoid needlessly reporting it to federal regulators, says regulatory attorney Helen Oscislawski.
Shadow IT is a growing concerns during the work-from-home shift because endpoint security is not as well developed as network security, says Vikram Mehta, an information security specialist at MakeMyTrip, who offers risk mitigation insights.
Two years after it was last seen in February 2018, ZLoader banking malware has resurfaced, with cybercriminals wielding a new version that gets distributed via email campaigns, security firm Proofpoint warns.
Britain's privacy watchdog reports it received 19% fewer data breach notifications in the first quarter than in the same period last year. While the decline may be attributed to more organizations better understanding when to report breaches, other countries have seen an increase in breach reports.
Don't forget to lock down online shared code repositories, as Mercedes-Benz parent company Daimler AG learned the hard way after a researcher was able to access nearly 9 GB of software development documentation from a misconfigured GitLab repository.
As ransomware gangs attempt to boost their illicit profits, the RagnarLocker ransomware gang has brought a new tactic to bear: installing a full virtual machine on victims' systems to hide their crypto-locking malware while it forcibly encrypts files, security firm Sophos warns.
Microsoft is warning Windows users about an ongoing "massive" COVID-19-themed phishing campaign that is attempting to install the NetSupport Manager on devices. Attackers can turn NetSupport into a remote access Trojan, or RAT.
The latest edition of the ISMG Security Report features Retired General Keith Alexander, former NSA director, discussing the long-term security implications of the shift to working from home. Also: an update on ransomware gangs leaking data and an analysis of using open source code for app development.
Apple and Google have released new APIs designed to support contact-tracing apps being developed by governments to help combat the COVID-19 pandemic. Already at least three U.S. states and 22 countries have expressed interest in using the APIs to build their apps.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.