When security practitioners lose their initial enthusiam for hunting cyberthreats, their companies begin to fail at cybersecurity, says CISO Marco Túlio Moraes. He discusses how collaborating with the business lines and moving from awareness to education all around can help fix this problem.
As the U.K.'s National Health Service continues to deal with the impact of a cyberattack on one of its critical IT suppliers, the situation underscores the risks posed by vendors - and the need to have business continuity plans ready to deploy.
As ransomware attacks continue to pummel organizations, Rapid7 Chief Scientist Raj Samani says victims must identify how the attacker broke in and if they've given themselves persistent ways to regain access. Otherwise, he says, "They'll hit you again and again."
The role of cyberattacks in Russia's war against Ukraine continues to evolve as the conflict persists, but one notable takeaway so far is the precision of the military's online attacks, which is likely an attempt to avoid spillover that would anger NATO, says Ian Thornton-Trump, CISO of Cyjax.
The enterprise, workforce, attack surface and threat landscape all have transformed over the past two years. How has the concept of cyber resilience also transformed? Kris Lovejoy of Kyndryl shares insights on resilience maturity and why it's about recovery.
The U.S. and Israel have agreed to a new joint cybersecurity program called BIRD Cyber to enhance the cyber resilience of both countries' critical infrastructures. Grants of up to $1.5 million will be given to entities who jointly develop advanced cybersecurity applications under this program.
The Biden executive order on cybersecurity was a catalyst for action, with tight delivery times for steps including promotion of SBOMs and zero trust. The cyber-physical nexus and expanding threat surface mean it's not easy to maintain vigilance, but recognizing that is the first step.
Ukrainian private energy firm DTEK Group alleges that the Russian Federation has carried out a cyberattack against its facilities, crippling its infrastructure in retaliation for its owners' support of the country's fight against Russian invaders.
Unlocking the data generated by ransomware attacks is helping organizations better understand the risks, adopt defensive technologies and prepare for future attacks, says Wade Baker, partner at Cyentia Institute. He discusses new data on how quickly organizations are remediating vulnerabilities.
The move to remote working has created two sets of tools, policies and personnel that are making it harder for security teams to protect the enterprise, says Airgap Networks CEO and co-founder Ritesh Agrawal. He discusses how Airgap is addressing the challenges of hybrid work.
Four ISMG editors discuss important cybersecurity issues, including how Canada's Desjardins Group settled a data breach lawsuit for $155 million, how Facebook is being sued after allegedly violating patient privacy, and highlights from ISMG's Northeast Summit held in New York this week.
To excel at cybersecurity incident response, start with planning, preparation and, ideally, regular tabletop exercises, say Kevin Li, CISO for MUFG Securities Americas, and Rocco Grillo, managing director of Alvarez & Marsal's Disputes and Investigations Global Cyber Risk Services practice.
The latest edition of the ISMG Security Report investigates the reboot of ransomware group Conti, which supports Russia's invasion of Ukraine. It also discusses why paying ransomware actors is a "business decision" and how to respond to the talent shortage in the financial sector.
Insurance claims being filed by ransomware victims are growing as criminals continue to hit businesses with crypto-locking malware. To avoid these claims, organizations can take a number of proven steps to better protect themselves, says Payal Chakravarty of Coalition.
Ronald Raether of Troutman Pepper says privacy, data security and information governance departments must collaborate to reduce unauthorized access to systems by criminals and make data operationalization more effective. He also says proper data mapping, governance and classification are critical.