The cybersecurity firm IronNet, founded and led by retired Army Gen. Keith Alexander, has gone public without an IPO by merging with LGL Systems Acquisitions Corp., a "blank check" shell company formed to handle such mergers. Meanwhile, Checkpoint has announced plans to acquire the email security firm Avanan.
Given that budgets and time are finite, how can organizations best identify if their information security strategy is well balanced and appropriate? Nandhini Duraisamy, chief operating officer of Quadron Cybersecurity Services, shares best practices.
Although research firm Gartner forecasts that spending on cybersecurity will surpass $150 billion in 2021, "the proportion of investment going to companies raising investment for the first time is significantly down," says Saj Huq, director of cyber innovation at Plexal, a center for innovation in the U.K.
Because a relatively small number of individuals provide the vast majority of services and infrastructure that power cybercrime, they remain top targets for arrest - or at least disruption - by law enforcement authorities, says cybercrime expert Alan Woodward. But of course, geopolitics sometimes gets in the way.
The Department of Defense did not effectively control access to the health information of high-profile personnel, says a new watchdog agency report, which hints that the findings also may indicate ineffective access control over other DoD employees' health records.
A recently uncovered phishing campaign used fake COVID-19 vaccination forms - and took advantage of confusion over whether employees will return to their offices this fall - to harvest workers' email credentials, according to analysts with security firm INKY. The malicious messages appear to come from victims' HR...
T-Mobile CEO Mike Sievert on Friday issued an official mea culpa for the data breach that exposed information on 54 million of the company's customers and prospects. On Thursday, a hacker who claimed responsibility for the attack called the company's cybersecurity "awful," the Wall Street Journal reports.
A vulnerability in Microsoft Azure's database service Cosmos DB has potentially put at risk thousands of Azure customers, including many Fortune 500 companies, according to the security firm Wiz. Microsoft has mitigated the flaw.
Phishing, ransomware and unauthorized access remain the leading causes of personal data breaches as well as violations of data protection rules, Britain's privacy watchdog reports. The U.K. government has also been caught out by breaches and leaks involving military secrets and CCTV footage from a government building.
Four months after Microsoft released the first security update for flaws in several versions of its on-premises Exchange Server software, the company has issued its first official guidance on the three actively exploited ProxyShell vulnerabilities.
With the surge of large health data breaches involving vendors, healthcare entities must take critical steps to improve their third-party security risk management, says John Delano, a CIO at AdventHealth, which operates 50 hospitals in nine states.
This edition of the ISMG Security Report features an analysis initiatives unveiled by the Biden administration to enhance supply chain and critical infrastructure security and address the cybersecurity skills gap. Also featured: LockBit 2.0 ransomware rep 'tells all'; misconfigured Microsoft Power Apps.
The Biden administration unveiled a package of supply chain and critical infrastructure security initiatives following a meeting at the White House with tech executives and others. Companies such as Google and Microsoft also promised billions in spending on cybersecurity over the next several years.
As a technology and security leader, Laura-Lea Berna is driven to defend gaps. But as a business executive, the VP, IT and CIO of BC Transit has built her career on answering the question "Where's the need?" She discusses her path and role as a mentor to up-and-coming leaders.
Indianapolis, Indiana-based Eskenazi Health has acknowledged that hackers stole some data and posted it on the darkweb after a ransomware attack. But the organization says it's not yet determined if individuals need to be notified because its investigation is still underway.