Dan Clements of IntelCrawler, the research firm that claims it traced malware apparently used in the Target breach and other retailer attacks to a 17-year-old hacker in Russia, offers an exclusive, in-depth explanation of his company's findings.
From new malware to the Target breach, cyber-attacks reached an all-time high in 2013, says Cisco's Annual Security Report. Cyberthreat expert Levi Gundert tells how organizations can regain the advantage in 2014.
As patient portals become more common in 2014, healthcare providers will struggle to find a balance between implementing strong authentication practices and providing individuals with easy access to records, says privacy attorney Adam Greene.
Training that's designed to help workers avoid clicking on links from spear-phishing e-mails may be ineffective because employees often fail to read training materials, says Eric Johnson, a Vanderbilt University professor who's co-author of a new study on the subject.
To help reduce reliance on passwords, the FIDO Alliance is developing standard technical specifications for advanced authentication. Michael Barrett and Daniel Almenara of FIDO describe the impact the effort could have in 2014.
As a result of high-profile breaches, such as the Target incident, security is increasingly a board issue. What are the key topics security leaders should prepare to discuss in 2014? Alan Brill of Kroll offers his forecast.
Healthcare entities are increasingly turning to the cloud, and regulators are increasingly focused on cloud service providers' security. Time to ensure those business associate agreements are in order, says Symantec's Rick Bryant.
A preliminary version of the cybersecurity framework takes a too-broad approach to privacy, says security and privacy attorney Harriet Pearson. And that could result in fewer organizations adopting the voluntary security guidelines.
While preparing a speech to be delivered in Korea, NIST's Ron Ross wanted to convey the message of the importance of computer security. He hit on five themes - threat, assets, complexity, integration and trustworthiness - which form the acronym TACIT.
Ramping up efforts to mitigate insider threats needs to be a top 2014 priority at healthcare organizations as electronic health records become more ubiquitous, says privacy and security expert Stevie Davidson, who provides practical insights.