Building a security program from the ground up is a challenging task. Rick Holland of Digital Shadows discusses implementing a new program and focusing on inclusion in the workplace.
Information security programs continue to rely not just on security policies, but also the controls that ensure they get enforced. Unfortunately, such controls begin degrading the moment they're put in place, sometimes rapidly, says Josh Mayfield, director of security strategy at Absolute Software.
Forget inside/outside the perimeter when mitigating risks. That's the notion behind "zero trust," which means applying risk-based controls to safeguard access, says Stephen Cox of SecureAuth.
Every security leader wants visibility into the potential attack surface. But that surface is changing in vast new ways, owing to the cloud and connected devices. Mario Vuksan of ReversingLabs defines what visibility truly means today.
Security incidents often result in damage, regardless of an organization's size. But for small and midsize firms, which often lack robust security defenses, the damage may be so severe that it means not only disruption but also the end of the business, says Vince Steckler of Avast.
Making data security as people-centric as possible by applying strong risk-based controls is the only way organizations can best secure data while also enabling employees to do their jobs, says Tony Pepper of Egress Software Technologies.
Four business sectors - hospitals, banks, securities firms and market infrastructure providers - potentially face the most significant financial impact from cyberattacks that could lead to a weakened credit profile, according to a new report from Moody's Investors Service.
An "authorized third party" exposed a Dow Jones database with more than 2.4 million records of risky businesses and individuals on a public server without password protection. The incident points to the importance of proper vendor risk management, security experts say.
Windows, MacOS and Linux operating systems don't sufficiently protect memory, making it possible for a fake network card to sniff banking credentials, encryption keys and private files, according to new research. Fixes are in the pipeline, but caution should be used before connecting to peripherals in public areas.
Indian hackers recently defaced more than 200 Pakistani websites, apparently in retaliation for a suicide bomber, allegedly from Pakistan, killing 40 Indian soldiers on Feb. 14. Now the Indian hacking community must work with the government to prepare for a possible retaliatory cyberattack from Pakistan.
In 2017, 15,038 new CVEs were published, up from 9,837 in 2016. Last year, 16,500 new CVEs were disclosed. With vulnerabilities growing year after year, patching every potential threat to your business is a futile exercise. The need to prioritize is clear, but where to start, especially when CVSS categorizes the...
French cybersecurity researcher Baptiste Robert, who goes by the name Elliot Alderson on Twitter, has once again exposed an apparent Aadhaar leak. The latest leak, which occurred on state-owned gas company Indane's website, exposed data of as many as 6.7 million customers, the researcher claims.
Good news for many victims of GandCrab: There's a new, free decryptor available from the No More Ransom portal that will unlock systems that have been crypto-locked by the latest version of the notorious, widespread ransomware. But the ransomware gang appears to already be prepping a new version.
This Gartner report charts your course to the future of information security with Gartner's "continuous adaptive risk and trust assessment" (CARTA) as your guide.
This reports highlights a need for security and risk management leaders to embrace a strategic approach where security is adaptive, everywhere, all the...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.
