This edition of the ISMG Security Report features an analysis of CISA's finding that agencies could have prevented follow-on attacks after the SolarWinds supply chain attack by properly configuring firewalls. Also featured: Congressman discusses deterring nation-state attacks; insider threat mitigation tips.
Cybercriminals and nation-states are attempting to recruit insiders at companies around the world to help steal credentials and intellectual property, says Joseph Blankenship, vice president and research director at Forrester, who offers risk mitigation insights.
A bipartisan group of senators is circulating a draft of a federal breach notification bill that would require federal agencies, federal contractors and businesses that have oversight over critical infrastructure to report significant cyberthreats to CISA within 24 hours of discovery.
In a decision that will have major implications for the cybersecurity industry, the U.S. Supreme Court ruled Thursday to limit the scope of the Computer Fraud and Abuse Act. Security researchers and civil liberty groups argued that the 1986 law was too broadly written and outdated for today.
According to a Threat Landscape Trends report for Q2 2020, cryptojacking saw a 163% increase in detections, compared to previous quarters. 35% of organizations indicated in a survey by NinjaRMM, that ransomware attacks resulted in up to $5 million in damages. Similarly we see an explosion in DDoS attacks. In times...
A year ago, Chris Pierson and BlackCloak studied executives at top global pharma companies to learn the extent of password-based vulnerabilities. The findings weren't reassuring. Pierson revisited the study this year with a select few entities to see if the needle has moved in a more secure direction.
Large enterprises generally have a good grasp on gathering and operationalizing threat intelligence. But when it comes to the midmarket, there are unique challenges. Neal Dennis of Cyware Labs tells how to overcome these obstacles and achieve value from a threat intel platform.
In this video interview with ISMG,...
It's common to say, "The human element is our weakest cybersecurity link." But author and educator James Bone has a different perspective. He weighs in on the human factor and the criticality of modifying enterprise risk management strategies.
As a retired Air Force general and the former federal CISO of the United States, Gregory Touhill is well-versed in critical infrastructure protection and resiliency. Now, as the new director of CMU SEI's CERT division, he has the opportunity to help foster new levels of education and collaboration.
As CISO of Johnson & Johnson, Marene Allison was used to gauging her security posture by the top threat activity: nation-state, cybercrime, insider or hacktivist. But in 2020, they all struck at once. Here is one CISO's take on the state of the industry.
We live in a world where employees are almost twice as likely to expose corporate data than they were prior to the pandemic. As a result, organizations have been struggling to solve this problem with legacy solutions such as DLP and need a dedicated Insider Risk Program instead.
By attending this session, you...
A second former medical researcher has been sentenced to serve time in federal prison for his part in a conspiracy to steal trade secrets from an Ohio children’s hospital and sell them to China. Meanwhile, the hospital has filed suit, alleging violations of employment provisions involving data security.
Remote work isn’t a trend, but a new way for businesses to operate. There’s no longer a defined parameter to operate. Instead, IT teams are coping with multiple devices, networks, locations and ways of enabling employees to access professional applications. Cybercriminals are capitalising on this opportunity.
Several healthcare entities are reporting health data breaches in the wake of an incident involving a vendor's employee who uploaded files containing patient data to the public-facing, open-source software development hosting website GitHub. How can entities avoid such mishaps?