Are ransomware-wielding criminals running scared? That's one likely explanation for the sudden release this week of free, master decryption keys for three different strains of formerly prevalent ransomware: Maze, Sekhmet and Egregor.
In the first of a planned series of articles looking at strategies that have helped her and her teams over the years to not just survive a stressful environment, but thrive in it, cybersecurity executive and CyberEdBoard executive member Kerissa Varma offers this: Be a human, not a terminator.
Attackers continue to employ commercial penetration testing tools as well as "living off the land" tactics - using legitimate tools or functionality already present in a network - to exploit victims. Accordingly, organizations must monitor for both, to better identify potential intrusions.
It’s no secret that the recent large-scale ransomware attacks are a call to action for greater federal cybersecurity regulations. As it stands, security policies are not mandated and are largely a voluntary mechanism. But it has become apparent that at-will standards are not getting the job done. According to a...
It's no surprise that as some ransomware-wielding criminals have been hitting healthcare, pipelines and other sectors that provide critical services, governments have been recasting the risk posed by ransomware not just as a business threat but as an urgent national security concern.
The saying "Penny-wise, pound-foolish" is relevant when we talk to those friendly, knowledgeable finance people about ongoing employee screening due to the dreaded insider threat and the costs associated with it - which leads to us pulling out our hair in utter frustration. This rant is about that.
The findings from a penetration test can help you identify risks and gaps in your security controls. Charles Gillman offers tips to maximize the value of your next pen test and, in the process, deliver better results.
CyberEdBoad excutive member Alan Ng of China Taiping Insurance, Singapore, explains the enterprise risk management strategy for the pandemic era and how the Distributed, Immutable and Ephemeral triad works with the Confidentiality, Integrity and Availability triad to make organizations more secure.
The calculus facing cybercrime practitioners is simple: Can they stay out of jail long enough to enjoy their ill-gotten gains? A push by the U.S. government and allies aims to blunt the ongoing ransomware scourge. But will practitioners quit the cybercrime life?
Marcus Rameke of Nikko Asset Management Group in New Zealand shares how he led the digital transformation journey to enable it to fulfill new business requirements using an agile approach that made staff more mobile and able to achieve better productivity and revenue and improve client satisfaction.
While doing digital transformation, CISOs tend to look more at technology and try to adapt it without making the distinction between technologies that are must-have and good to have. Krishnamurthy Rajesh of ICRA says CISOs must analyze risks, update security, and change the mindset of employees.
A compromise of sensitive health information affecting nearly 38,000 individuals discovered nearly a year after a terminated company executive accessed the data spotlights some of the top security and privacy challenges covered entities and business associates face with insiders.
The COVID-19 crisis has posed an unparalleled challenge for cybersecurity. Like COVID-19, cyberattacks spread fast and far - creating more and more damage. But the pandemic has also had a positive impact on the cybersecurity function, which Tarun Kumar, CISO at Nissan, describes here.
A cloud access security broker, usually referred to as a CASB, offers a security gateway between your company’s IT infrastructure and that of a cloud provider. It is a critical tool organizations can use to holistically secure an organization from endpoint to cloud.