Slamming a Ukrainian energy provider for recently falling victim to a spear-phishing email and Excel macro attack might be easy. But security experts recommend all organizations use the incident to ensure they won't fall victim to copycat attacks.
As nations worldwide struggle with effective cyber legislation, Europe leads. Dr. Henning Wegener, chairman at World Federation Of Scientists' Permanent Monitoring Panel on InfoSec, speaks to what makes this possible.
Reports on the Ukrainian energy supplier hack have left many crucial questions unanswered: Who was involved, did malware directly trigger a blackout and are other suppliers at risk from similar attacks? Cybersecurity experts offer potential answers.
The FFIEC's Cybersecurity Assessment Tool is already being integrated into regulators' cybersecurity examinations, says Gartner analyst Avivah Litan. But the tool has so far led to more confusion than clarity, she says, and must be enhanced in 2016.
A power blackout that recently affected about 1.4 million Ukrainians has been tied to an espionage Trojan called BlackEnergy. The attack appears to be the first time that hackers have successfully used malware to help disrupt energy-generation systems.
As security leaders accept that breaches will happen despite perimeter defense and counter measures, incident response becomes an important evolution in an organization's security posture. Arbor's Jeff Buhl discusses the Asian stance and maturity.
Expect rebooted European Union data privacy rules to drive organizations worldwide to begin minimizing the amount of information they collect and store on individuals in 2016, both to protect privacy as well as minimize the impact of data breaches.
What are some of the unique challenges Indian leaders will face in 2016? Intel Security's Jagdish Mahapatra shares insight on threats, emerging technologies and what Indian security leaders must do to assert their influence on enterprise security strategy.
Boards of directors that figure out how to leverage cybersecurity as a strategic asset will give their organizations a strong competitive advantage, says Lance Hayden of Berkeley Research Group. "Security needs to be part of what the organization uses to competitively differentiate itself."
Qatar's national cybersecurity agenda is designed to ensure that security policies help businesses strike the right balance between security and economic growth, says Khalid Al Hashmi, a top official in the Ministry of Information and Communications Technology.
Improving breach detection and defenses involves much more than buying the latest technology, warns security expert Haroon Meer. "We keep moving on as we try to solve new, shiny problems, which we then half solve, but we still haven't completely solved problems that we knew about 20 years ago."
Four years after European criminals exploited EMV implementation vulnerabilities to steal an estimated $650,000, security experts say not all banks have adopted full fixes. But the payment card industry contends related mitigations are in place and working.
To ensure cybersecurity, a Parliamentary panel urged DeitY to relocate Internet servers for critical sectors to India. Security critics discuss the legal and security implications of hosting servers outside India and ways to protect data.