Security practitioners need to know what data their organization has and where it is kept so they can ensure it's protected. That inventory process that can be simplified by creating an information asset register, says Bilal Ghafoor, a data protection consultant.
As more organizations rely more heavily on cloud-based applications as a result of a remote workforce, they must avoid taking identity and access management shortcuts, says James Gosnold of the cloud consultancy CloudKubed, who calls for the addition of another layer of authentication.
Healthcare organizations need to diligently assess whether a security incident involving patient information truly qualifies as a reportable breach under HIPAA to avoid needlessly reporting it to federal regulators, says regulatory attorney Helen Oscislawski.
Shadow IT is a growing concerns during the work-from-home shift because endpoint security is not as well developed as network security, says Vikram Mehta, an information security specialist at MakeMyTrip, who offers risk mitigation insights.
Two years after it was last seen in February 2018, ZLoader banking malware has resurfaced, with cybercriminals wielding a new version that gets distributed via email campaigns, security firm Proofpoint warns.
Britain's privacy watchdog reports it received 19% fewer data breach notifications in the first quarter than in the same period last year. While the decline may be attributed to more organizations better understanding when to report breaches, other countries have seen an increase in breach reports.
Don't forget to lock down online shared code repositories, as Mercedes-Benz parent company Daimler AG learned the hard way after a researcher was able to access nearly 9 GB of software development documentation from a misconfigured GitLab repository.
As ransomware gangs attempt to boost their illicit profits, the RagnarLocker ransomware gang has brought a new tactic to bear: installing a full virtual machine on victims' systems to hide their crypto-locking malware while it forcibly encrypts files, security firm Sophos warns.
Microsoft is warning Windows users about an ongoing "massive" COVID-19-themed phishing campaign that is attempting to install the NetSupport Manager on devices. Attackers can turn NetSupport into a remote access Trojan, or RAT.
The latest edition of the ISMG Security Report features Retired General Keith Alexander, former NSA director, discussing the long-term security implications of the shift to working from home. Also: an update on ransomware gangs leaking data and an analysis of using open source code for app development.
Apple and Google have released new APIs designed to support contact-tracing apps being developed by governments to help combat the COVID-19 pandemic. Already at least three U.S. states and 22 countries have expressed interest in using the APIs to build their apps.
A recent ransomware attack that targeted a law firm that serves celebrities may have been facilitated by a Pulse Secure VPN server that was not properly patched and mitigated against a well-known vulnerability, some security experts say.
Australia's digital healthcare records system was subject to an attack within the last year, but no access to records was gained, according to a government official who testified to Parliament this week on cyber resiliency.