Many ransomware gangs hell-bent on seeing a criminal payday have now added data exfiltration to their shakedown arsenal. Gangs' extortion play: Pay us, or we'll dump stolen data. One massive takeaway is that increasingly, ransomware outbreaks also are data breaches, thus triggering breach notification rules.
Many ethical hackers and other security professionals, such as penetration testers, have weaponized cloud platforms to host online attack infrastructure or have used the platforms to conduct reconnaissance, according security researchers at Texas Tech University.
Even after being notified that their personal data has been compromised in a breach, only about a third of users change their passwords - and most are not strong or unique, according to a study by researchers at Carnegie Mellon University, who call for changes in breach notification procedures.
A 15-year-old identity framework originally designed for narrow use by pharmaceutical companies is being revamped and updated for broader use in healthcare, says Kyle Neuman, managing director of SAFE Identity, an industry consortium and certification body that's coordinating the project.
In response to the growing threat of identity-centric cyberattacks in healthcare, the Health Information Sharing and Analysis Center has published a framework for managing identity for the full work lifecycle of employees, practitioners, patients and business partners.
The massive shift to remote working as a result of the COVID-19 pandemic means more organizations are adopting the "zero trust" model, taking such steps as implementing proper access controls, monitoring user behavior and building data governance policies.
Security experts and law enforcement officials have long argued that paying ransoms doesn't pay. For starters, it directly funds the cybercrime ecosystem and makes it attractive for criminals to keep launching ransomware attacks.
With more employees working remotely and a much heavier demand for telehealth services, entities need to consider extra, accelerated steps in keeping data and systems secure, says Martin Littmann, Kelsey-Seybold Clinic CISO, and Stephen Moore, a former security leader at Anthem.
Modern enterprises are large and complex - and so are their IT environments. How does this complexity translate to securing access in hybrid environments? Frederico Hakamine of Okta breaks down the challenge and discusses solutions.
Three recently disclosed health data security incidents - including the discovery of a large email hack that happened nearly a year ago - serve as reminders of the ongoing incident response challenges facing healthcare organizations. And these difficulties are likely to worsen during the COVID-19 crisis.
"Passwordless authentication" is one of the hot cybersecurity topics, but who's actually implemented it - and how? Jeff Carpenter of HID Global discusses the business benefits and the future of passwordless authentication.
In cybersecurity circles, multi-factor authentication today is considered table stakes. Yet, many organizations and users are hesitant to embrace MFA because of friction or other concerns. Corey Nachreiner and Marc Laliberte of WatchGuard Technologies dispel some of the MFA myths.
It's no exaggeration to say that, in the midst of the COVID-19 pandemic, we now have the largest-ever global remote workforce. And with it comes an expanded attack surface that requires extra attention. Phil Reitinger of the Global Cyber Alliance shares five tips for securing the remote workforce.