Publicis Groupe CISO Thom Langford discusses how best to measure your organization's true risk appetite and the business value of blending storytelling techniques into your security awareness programs.
A settlement between the state of New York and a company that provides support services to the healthcare sector serves as a reminder about timely breach notification, including in circumstances when law enforcement agencies are investigating an incident.
Former U.S. CISO Gregory Touhill says the federal government must rethink how it hardens its workforce to prevent cyberattackers from succeeding. Organizations, he says, should regularly conduct cybersecurity exercises to help build their cyber defense.
Bad security habits of consumers whose use of apps is skyrocketing is leading to increased risks for businesses as they ramp up their use of apps as well, says Neil Wu Becker, a global vice president at A10 networks, who emphasizes the need to enforce best practices.
To encourage individuals to improve their security practices, begin by not blaming them. That was one takeaway from security experts at the Infosecurity Europe conference, who offered practical tips for changing user behavior and creating a culture of security.
Despite being one of the most heavily regulated industries, Healthcare companies still struggle to assess their risk at more than a surface level. A good assessment has to include people, policies, procedures, controls and technologies. The task is daunting but increasingly critical.
Download this case study...
Security professionals think in terms of risks and threats to ensure that the right security measures are deployed in the right places and to a proper degree. Security teams need an evaluation process to help them determine whether an object is under-protected or over-protected, but traditional security assessment...
Organizations around the world are being targeted by ransomware attacks like never before...
But rather than suffer a data destruction or business disruption incident, many are paying the ransom. That's no solution. It's costly and comes with no guarantees of the safety of your data or systems. Perhaps worst of all,...
A RedSeal-72Point study of 200 CEOs about their perceptions of cybersecurity posture discovered that many are dangerously unrealistic about how vulnerable they are. In fact, more than 80 percent displayed "cyber naiveté," allowing their organizations to be exposed to cyber-attack.
This study reveals the...
An analysis on rethinking where awareness programs fit in cyberdefense strategies leads the latest edition of the ISMG Security Report. Also, James Comey's cybersecurity legacy at the FBI.
All ML technology isn't created equal. Learn how the CrowdStrike® ML-based Engine Defends Against Unknown Malware. While many organizations are guarding the front door with yesterday's signature-based antivirus (AV) solutions, today's unknown malware walks out the back door with all their data. What's the answer?
A...
The frequency of "mega breaches" continues to rise at an alarming rate. In fact, crippling incidents involving tens of millions of customer records, theft of highly valuable intellectual property, and related criminal activity have become commonplace.
This report asserts that many such breaches could be prevented...
Organizations are scrambling to identify security weaknesses before their adversaries do. Having a consistent, systematic, and scalable methodology to properly assess your environment is essential. To begin you need a solid understanding of the organization, its components, what it relies on, and what could cause it...
Another day, another data breach in the news. Ransomware at a hospital, the latest IRS breach, a phishing scam at Snapchat . . . you tune out the details. For every breach that makes headlines, dozens of other organizations have had data stolen or corrupted by hackers...or even their own users. Cyberthreats become...
Any organization that deals with credit card information must secure payment card data in accordance with PCI standards.
Merchants and service providers are required to validate compliance by assessing their environment against 12 major control categories applicable to applications and data in the data center and the...
