Key gaps in how healthcare entities defend against cybercrime hacking have emerged. Even organizations strictly strictly adherent to HIPAA, NIST or other regulators are still unaware of how their practices compare to their industry peers and whether or not they are lagging behind.
Has your organization assessed and...
Defending against tomorrow's mobile attacks is a moving target; but new technologies and strategies, including behavioral biometrics and machine-learning-based analytics, are allowing financial institutions to reduce their fraud losses while enhancing their customer experience.
Based on the latest results of ISMG's...
Today's business climate is one of unprecedented regulatory growth, data complexity and cybersecurity concerns. There is a corresponding increase in media attention, customer awareness and Board-level scrutiny.
Organizations must demonstrate that they have a viable process for managing risk and compliance (broadly...
Most organizations have embraced more than one software platform to automate their critical business processes. Platforms are becoming more flexible, allowing users to customize or configure their own applications. As your use cases grow, you may question whether you should leverage an existing platform for your next...
Many security leaders argue over whether their incident response posture needs to be proactive or reactive. But Rsam CISO Bryan Timmerman says it isn't either or - that organizations need both. Here's why.
The Mirai botnet is just the most high-profile example of the new weaponization of DDoS. Attacks are stronger than ever, and multilayer defenses are needed to prevent disruption and distraction, says Darren Anstee of Arbor Networks.
Security professionals think in terms of risks and threats to ensure that the right security measures are deployed in the right places and to a proper degree. Security teams need an evaluation process to help them determine whether an object is under-protected or over-protected, but traditional security assessment...
A RedSeal-72Point study of 200 CEOs about their perceptions of cybersecurity posture discovered that many are dangerously unrealistic about how vulnerable they are. In fact, more than 80 percent displayed "cyber naiveté," allowing their organizations to be exposed to cyber-attack.
This study reveals the...
In 2016, there were two contenders for king of ransomware: Locky and Cerber. So far in 2017, we've seen a massive shift in the battle between these two families, with Locky basically dropping out entirely and Cerber expanding its market share by a significant amount. New families such as Spora are emerging as well,...
March saw the arrival of a new, so-called "Fappening/ Celebgate" scandal, where leaked images and videos of naked celebrities found their way onto the web...prime real estate for scammers who started peddling numerous links across sites like Reddit and all social networks. Likewise in February, Fortune reported a tech...
The exploitation of known, but unmitigated, vulnerabilities is the primary method of compromise for most threats since attackers are able to easily and cost-effectively leverage existing vulnerabilities for effective and profitable outcomes. It's time to align your vulnerability management priorities with the biggest...
As the New Year unfolds, finding a breach prevention provider will be critical in order to safeguard an organization's assets. NSS Labs subjected nine cybersecurity market leaders to comprehensive, rigorous testing to determine how well each product handled current advanced threats and attack methods. All vendor...
Evaluating ways to thwart massive distributed denial-of-service attacks leads the latest edition of the ISMG Security Report. Also, explaining how "conspiracy theories" tied to an historic breach of Yahoo will have an impact on the internet company's future.
For years, organizations have been threatened by DDoS attacks on several fronts, ranging from
volumetric attacks to application-level and DNS strikes. Now come ransom-based attacks.
In this interview with Trey Guinn - head of solution engineering at CloudFlare - he discusses the importance of matching your DDoS...
Extortion campaigns waged by cybercriminals are expected to become more damaging in 2016, putting additional pressure on CISOs to enhance protection of internal networks and educate employees about extortionists' techniques, says iSight Partner's John Miller.
