In this episode of "Cybersecurity Unplugged," Joe Weiss, managing partner at Applied Control Systems, offers suggestions for how to harden our OT networks today, including what CISOs need to know and how guidance from the federal government needs to change.
The latest edition of the ISMG Security Report discusses why it is always a bad idea for organizations to pay hackers for data deletion, practical steps organizations can and should take to avoid being at the heart of a data subject complaint, and the latest efforts to tackle the ransomware threat.
Chris Inglis intends to step down as head of the Office of the National Cyber Director inside the White House after President Joe Biden approves a new national cybersecurity strategy for critical infrastructure. The strategy will recommend a regulatory approach, a former congressional staffer says.
As major cyber incidents involving vendors surge, healthcare entities must carefully and continuously scrutinize the security practices of their third-party vendors, says Kathy Hughes, CISO of Northwell Health.
Bad hackers so often get portrayed as bombastic villains who can "hack the Gibson" while breathlessly exclaiming, "We're in!" Real-world "hack attacks" are typically much more mundane, including an alleged scheme enabling taxi drivers to jump to the head of the line at JFK Airport.
Europe took a key step in formalizing a framework to underpin the trans-Atlantic flow of commercial data but privacy activists say the EU-U.S. agreement won't stand up to a legal challenge. The Commission on Dec. 13 issued a draft adequacy decision on the EU-U.S. Data Privacy Framework.
In his latest rant, Ian Keller, the Troublemaker CISO, decries lazy and bad coding practices, mistakes CISOs may make and unwarranted CISO-blaming by the media, unanswered requests for more funding and staff - and the epic failures all these can produce when a breach happens, as it inevitably will.
For many brands, especially large enterprises with a substantial online presence, it is important to be able to have eyes all over the internet in order to properly mitigate the effects of external elements on their brand’s reputation.
An Oklahoma-based provider of administrative and technology services to healthcare organizations is notifying more than 271,000 individuals that their personal information may have been compromised in a hacking incident involving a third-party data storage vendor.
Microsoft upgraded a vulnerability first discovered in September to "critical" after IBM Security researchers discovered attackers could exploit the flaw to remotely execute code. The latest code execution bug has a broader scope and could affect a wider range of Windows systems than EternalBlue.
Malware analysis and sandboxing solutions traditionally have been bound to operating systems and file types, but file types in the critical infrastructure world are different. Critical infrastructure cannot rely on standard malware analysis tools given the unique operating systems used in the space.
Epic Games, maker of Fortnite, will pay $520 million to the U.S. government to settle allegations it violated children's privacy and charged credit cards without authorization. Epic said its previous practices adhered to "long-standing industry practices" but that "the old status quo" has changed.
More than a quarter million Medicare beneficiaries will be issued new Medicare cards and identifiers following a ransomware attack on a government contractor compromising a range of sensitive personal and health information.
As the world looks into adapting 5G and studying 6G, satellite IoT is opening a new front for connectivity. There will be a demand for more LEO-based satellites for low-power communication, and these satellites will require completely new kinds of security, says Krishnamurthy Rajesh of GreyOrange.