Employees are still falling for phishing scams leading to major breaches, including those related to ransomware attacks, say federal regulators, who are urging healthcare entities to step up their workforce training and awareness of email schemes.
Most large organizations at least pay lip service to breach preparedness. But when it comes to proper policies, planning and practice, far too many still fall short, says Stuart Mort of the Australian telecommunications firm Optus. Here's what they are overlooking.
A recent breach reported by University of Iowa Health Care illustrates the need to carefully guard against exposure of sensitive data on the internet, especially during software development projects.
Ransomware attacks are increasingly using multiple proven techniques to spread quickly and achieve the maximum impact before being thwarted. They are going to get bigger and target other platforms in the future, warns Justin Peters at Sophos APAC.
Sixty-five percent of security leaders consider their organizations' security postures to be above average or superior, as compared to peers in their sectors.
Yet, only 29 percent say that they are very confident in the effectiveness of their security controls, and nearly half say that they have gaps in detecting...
Publicis Groupe CISO Thom Langford discusses how best to measure your organization's true risk appetite and the business value of blending storytelling techniques into your security awareness programs.
A settlement between the state of New York and a company that provides support services to the healthcare sector serves as a reminder about timely breach notification, including in circumstances when law enforcement agencies are investigating an incident.
Former U.S. CISO Gregory Touhill says the federal government must rethink how it hardens its workforce to prevent cyberattackers from succeeding. Organizations, he says, should regularly conduct cybersecurity exercises to help build their cyber defense.
Bad security habits of consumers whose use of apps is skyrocketing is leading to increased risks for businesses as they ramp up their use of apps as well, says Neil Wu Becker, a global vice president at A10 networks, who emphasizes the need to enforce best practices.
To encourage individuals to improve their security practices, begin by not blaming them. That was one takeaway from security experts at the Infosecurity Europe conference, who offered practical tips for changing user behavior and creating a culture of security.
Despite being one of the most heavily regulated industries, Healthcare companies still struggle to assess their risk at more than a surface level. A good assessment has to include people, policies, procedures, controls and technologies. The task is daunting but increasingly critical.
Download this case study...
Security professionals think in terms of risks and threats to ensure that the right security measures are deployed in the right places and to a proper degree. Security teams need an evaluation process to help them determine whether an object is under-protected or over-protected, but traditional security assessment...
Organizations around the world are being targeted by ransomware attacks like never before...
But rather than suffer a data destruction or business disruption incident, many are paying the ransom. That's no solution. It's costly and comes with no guarantees of the safety of your data or systems. Perhaps worst of all,...
A RedSeal-72Point study of 200 CEOs about their perceptions of cybersecurity posture discovered that many are dangerously unrealistic about how vulnerable they are. In fact, more than 80 percent displayed "cyber naiveté," allowing their organizations to be exposed to cyber-attack.
This study reveals the...
An analysis on rethinking where awareness programs fit in cyberdefense strategies leads the latest edition of the ISMG Security Report. Also, James Comey's cybersecurity legacy at the FBI.
