The Pentagon is warning that a data breach at a third-party travel management service provider exposed records for an estimated 30,000 civilian and military personnel. The breach alert follows a recent GAO report warning of serious cybersecurity shortcomings in U.S. weapon systems.
The disagreements continue over Australia's efforts to pass legislation that would help law enforcement counter encryption. Technology companies and civil liberties organizations contend the latest draft of legislation would allow for too much secrecy and imperil privacy and security.
CISOs and other security practitioners are embracing the idea of a business-driven security model that takes a risk-oriented approach, says Rohit Ghai, president of RSA. "Cybersecurity conversations are becoming business conversations rather than technology conversations."
With so much focus on endpoint security, it's important not to overlook the importance of network-level security controls, says Lawrence Orans, research vice president at Gartner.
Hackers remotely accessing medical devices and systems - potentially disrupting care and putting patients at risk - is the No. 1 technology hazard facing healthcare entities in the year ahead, according to a new report from the ECRI Institute. Security experts size up the significance of this risk.
The notorious GandCrab ransomware-as-a-service gang has released the latest version of its crypto-locking malware, backed by crypter service and exploit toolkit partnerships. But the gang's marketing savvy belies shoddy code-development practices, security firm McAfee finds.
For too many organisations, software vulnerability management is just about "patch Tuesday." Vulnerability management has evolved significantly in the past few years. Organisations need to adopt a new strategy focusing on visibility, prioritised response, and mitigation.
When you look back at the wave of...
Many companies outsource payroll, legal, and other various departments within their organization that aren't core and a lot of them quite frankly fail, which is why we see all the breaches we see in the news.The biggest cybersecurity budget in the business cannot save you from suffering one of the biggest breaches.
...
Everyone knows that two-factor authentication (2FA) is more secure than a simple login name and password, but too many people think that 2FA is a perfect, unhackable solution. It isn't!
Join Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist, and security expert with over 30-years experience, for this...
What can organizations do to thwart business email compromise attacks? In an interview, David Stubley, CEO of the consultancy 7 Elements, outlines several key steps. He'll be a featured speaker at Information Security Media Group's Security Summit: London, to be held Sept. 23.
Google blames a bug in an API for its Google+ social networking service for exposing personal details of about 500,000 users' accounts, but says it doesn't believe the information was misused. The company was forced to acknowledge the March incident after it was reported by The Wall Street Journal.
As more companies move away from passwords toward behavioral biometrics, they face new challenges, says Rajiv Dholakia, vice president, products at Nok Nok Labs. "There are no standards as such in this area on how the information is collected, how it's stored and how it's processed," he says.
A key amendment to Canada's Personal Information Protection and Electronic Documents Act goes into effect on Nov. 1. What are the baseline standards for compliance, and how does this change impact risk transfer and mitigation?
While PIPEDA is not a new law and been on the books for a long time, what is coming is...
This survey report reveals that for many organizations, threat hunting is still new and poorly defined from a process and organizational standpoint. Most are still reacting to alerts and incidents instead of proactively seeking out the threats.
While the act of threat hunting cannot be fully automated, it heavily...
Like it or not, good grades matter. As organizations become increasingly focused on benchmarking internal groups for their ability to run efficiently and add business value, cybersecurity teams must be positioned to measure their programs' effectiveness and sophistication against industry standards.
In this second...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
