The latest edition of the ISMG Security Report discusses the recent ransomware attack on aluminum giant, Norsk Hydro. Plus, confessions of a former LulzSec and Anonymous hacktivist, and the growing problem of cyber extortion.
As CEO of Terranova Security, an awareness training provider, Lise Lapointe sees an evolution of education programs that used to be merely phishing simulation tests. What are the most effective forms of training?
Many security leaders recognize the flaws in traditional awareness training, but what is anybody actually doing about it? Keenan Skelly of Circadence describes a new approach that she believes has changed the cybersecurity education paradigm.
The latest edition of the ISMG Security Report features Greg Touhill, the United States' first federal CISO, discussing how "reskilling" can help fill cybersecurity job vacancies. Plus, California considers tougher breach notification requirements; curtailing the use of vulnerable mobile networks.
In a case of business email compromise, Chinese hackers stole $18.6 million from the Indian arm of Tecnimont SpA, an Italian engineering company, through an elaborate cyber fraud scheme that included impersonating the firm's chief executive.
A variety of security weaknesses contributed to a massive 2017 health data security breach in Singapore, according to a new report. What can healthcare organizations around the world learn from the report's security recommendations?
What not to do after a breach? Share your incident response plan with your attorney and say, "Don't pay too much attention to it; we don't follow it." Randy Sabett of Cooley LLP discusses this and other lessons learned from breach investigations.
Efforts to protect privacy must be carefully balanced against the need to practically implement advanced technologies, argues Jared Ragland, senior director for policy in APAC at BSA/The Software Alliance, an advocacy group for software companies.
Although CERT-In says the hacking of Indian websites declined dramatically this year, based on reports it has received, some security experts argue that many hacking and other cybercrime incidents are never reported.
As attackers increasingly take advantage of users' risky behavior, enterprise security leaders are taking steps to improve end-user security education. Gretel Egan of Wombat Security outlines how to focus on education strategies that are truly effective.
Those of you who are CISOs and have been conducting awareness programs for years realize that ''the devil is in the details" when building a successful program. Initial attempts to get an awareness program started are usually done by trial and error- but this hit-and-miss approach is often ineffective or frustrating....
In the wake of a growing number of mob lynchings often attributed to fake news spread via WhatsApp, the government is looking for an easy solution. But while some of what it's proposing makes sense, a plan to make messages more traceable would prove impractical.
The Forum of Incident Response and Security Teams recently announced the release of new training resources to help organizations build and improve product security incident response teams. Damir "Gaus" Rajnovic of FIRST discusses the global need for these resources.