Many organizations are uncertain about the overall effectiveness of their security strategy because they are still in the dark about aspects of their risk posture, says Brian Soldato of NSS Labs. Conducting a few pen tests a year is not enough, he stresses.
If the Equifax breach turns out like every other massive data breach we've seen for more than a decade, after a big brouhaha - from Congress, state attorneys general, consumer rights groups and class-action lawsuits - nothing will change, because that would require Congress to give Americans more privacy rights.
In the wake of increasing cybersecurity concerns, the government of India wants to leverage indigenously developed security solutions to protect telecom networks. But some security experts say that could prove difficult.
A 10-digit PIN used by consumers to freeze access to credit reports with Equifax is based on dates and times, several observers have noticed. Equifax says it plans to change how the PIN is generated, but experts say it's another troubling development for a troubled company.
Leading the latest edition of the ISMG Security Report: Observations about America's standing as a global cybersecurity leader from Christopher Painter, who until earlier this summer served as the United States' top cyber diplomat. Also, threats posed by IoT devices.
Although there are many options for threat information sharing, there are not enough initiatives that are properly codified and defined so that enterprises can easily share relevant information with a business context in a structured and timely manner, says Avinash Prasad of Tata Communications.
Hackers that U.S. officials believe are linked to Russia have upped their activity against energy providers in the U.S., Turkey and Switzerland. The group has likely developed the expertise to shut down systems, security company Symantec warned Wednesday.
Two Russian hackers, members of a group called "Shaltay-Boltai" - Humpty Dumpty in Russian - that stole and sold high-level Russian officials' emails, have been sentenced to serve three years in prison. The case against them may tie to a high-profile Russian treason investigation.
Facebook says hundreds of bogus profiles and group pages likely linked to Russia bought $100,000 worth of politically themed and divisive ads aimed at U.S. voters. The finding affirms the belief of U.S. intelligence agencies that Russia waged a multipronged effort to disrupt the U.S. election.
We all see the heightened global tensions with Russia, North Korea and China. But what's happening below the surface, where cyberattacks originate? Tom Kellermann of Strategic Cyber Ventures shares insight on the shifting threat landscape - and how the U.S. must re-think its response.
Lenovo will pay $3.5 million to the U.S. Federal Trade Commission and 32 states to settle a case brought against it over advertising software with serious security issues that was preinstalled on thousands of the company's laptops.
The head of the U.S. Securities and Exchange Commission says publicly traded businesses must better describe their cybersecurity risks to investors. Wall Street's top regulator also warned of a surge in initial coin offering scams - the same week that China banned ICOs altogether.
Cory Mazzola, a cybersecurity leader at Las Vegas Sands Corp., says recruiting security pros amid a talent shortage requires putting aside expectations about degrees and backgrounds. Instead, he says companies need to be willing to develop new skills in their new hires.