The likelihood of encountering a sophisticated cyberattack is much higher than ever before - especially with the leak of government-grade hack tools in the public domain, says Dan Larson of CrowdStrike, who discusses the latest threat research.
Too many organizations believe in the fallacy that firewalls are keeping the bad guys out, when in reality, bad actors likely are already within their environments, says Bill Mann at Centrify, who calls for a "zero trust" approach.
Yahoo, now known as Altaba, has agreed to a $35 million civil fine with the U.S. Securities and Exchange Commission to settle accusations that the search giant failed to promptly notify investors about a December 2014 data breach.
Large healthcare companies in the U.S., Europe and Asia are getting hit with a backdoor that comes from a long-observed group, which Symantec calls Orangeworm. The backdoor has been found on X-ray machines and MRIs.
The city of Atlanta's ransomware outbreak cleanup and response tab has hit $2.6 million after a March attack froze corporate servers, employees' PCs and resident-facing portals. Some security experts say the breach response funds would have been put to better use preventing the outbreak in the first place.
Corporate espionage appears to be the motive behind cyberattacks targeting a variety of medical-related equipment and systems, researcher Jon DiMaggio of Symantec says in an in-depth interview about the activities of a hacker group the company has dubbed "Orangeworm."
Great news: "SunTrust to offer free identity protection ... at no cost on an ongoing basis." Of course, nothing comes for free, at least for 1.5 million customers of the Atlanta bank, whose personal details may have been sold to criminals by a former employee.
Incident response is a critical pillar of an effective endpoint security program, one that will gain importance as GDPR enforcement comes into play on May 25. Organizations must be ready to react if and when an incident occurs in order to meet the stringent requirements that apply during an incident.
Organizations too often prioritize data breach prevention at the expense of data breach response - or vice versa, depending on current fashion - when an emphasis on both remains mandatory, warns Art Coviello, the retired chairman of RSA.
Thirty-four companies have signed on to the Microsoft-led Cybersecurity Tech Accord, which is aimed at protecting civilians from cybercriminal and state-sponsored attacks. The agreement crucially includes a pledge not to help governments with cyberattacks
The FDA has issued plans for advancing the safety of medical devices, including a proposal to impose new cybersecurity requirements on manufacturers. Some experts say the FDA's plans are a good move, given the current device risk environment, but they warn that some proposals could prove difficult to achieve.
Department of Homeland Security Secretary Kirstjen M. Nielsen warns that the U.S. will more aggressively move to punish those who conduct cyberattacks. Plus, the department plans to soon unveil a new cybersecurity strategy. Complacency, she says, "is being replaced by consequences."